By 2353NM  

Since 2015, Australian telecommunications providers have been required to keep the metadata relating to your and my electronic conversations, internet searches, text messages, emails and so on for a period of two years. Apparently, our ‘security’ depends on the government of the day knowing that the ‘average’ Australian accessed a pizza delivery company’s website 30 times in the past year or sent emails to all their relatives discussing why Aunt Beryl chose to have cataracts removed from her left eye only.

According to the Tech Terms website

Metadata describes other data. It provides information about a certain item’s content. For example, an image may include metadata that describes how large the picture is, the colour depth, the image resolution, when the image was created, and other data. A text document’s metadata may contain information about how long the document is, who the author is, when the document was written, and a short summary of the document

According to this The Conversation article written soon after the laws came into effect

metadata — data about data — can be highly revealing and provide a comprehensive depiction of our daily activities, communications and movements.

Which is probably true. Every day, the federal government probably forces communications companies to keep metadata that probably will tell the government millions of Australians check Facebook and Instagram on the bus or train while commuting. Of course, there would be the occasional rogue that looks at the ABC News website and who knows, maybe one or two are looking at this blogsite as well. The worth of keeping the metadata is questionable as there are a number of methods that can be used to hide what you look up on the internet or your emails if you feel the need to find them. But the ‘you have nothing to fear if you’re doing nothing wrong’ argument that the metadata laws are based on is a reversal of the ‘innocent until proven guilty’ premise that our legal system is based on. And you probably don’t have anything to fear if you and those that can access the metadata all do nothing wrong. Unfortunately, as ZDNet reports,

ACT Policing has confessed that it found 3,249 extra times it accessed metadata without proper authorisation during 2015, on top of the 116 requests disclosed earlier this year

You would also have to wonder why organisations like Australian Communications and Media Authority, Health Support Queensland, Liverpool City Council and Report Illegal Dumping NSW are a part of a long list of government bodies that asked for access to metadata, which was originally only to be used by government security organisations to ‘fight terrorism’.

Clearly, the metadata system works well — if you’re into investigating people potentially without their knowledge. We routinely see reports that particular forms of communication have been compromised in some way, shape or form. There is an example two paragraphs up the screen where the ACT Police accessed data 3,249 times in a single year without proper authorisation. If this report in The New Daily is correct, every Apple iPhone that used some recent versions of Apple’s operating system could have inadvertently passed on far more data than the owner anticipated, and there seems to be no idea who has the information.

The Australian Government is currently (until October 15) seeking comment on proposed legislation that is likely to be called the Data Sharing and Release Act. The problem with the ACT Police accessing data when they weren’t supposed to (and there is no doubt that other government agencies in Australia have similar issues) and the breach of Apple’s operating system is that those affected still may not know their data was harvested until they get the unwanted bill from a company they don’t deal with for services already rendered.

ZDNet quotes the Government’s discussion paper on the proposed Data Sharing and Release Act, as suggesting

Data Sharing and Release legislation [does] not require consent for the sharing of personal information.

Instead, we are placing the responsibility on Data Custodians and Accredited Users to safely and respectfully share personal information where reasonably required for a legitimate objective,” it says.

The paper says that following feedback, the government has “nuanced” its position on consent.

“While consent is important in certain situations, the societal outcomes of fair and unbiased government policy, research, and programs can outweigh the benefits of consent, provided privacy is protected,”

ZDNet reports there will be apparently safeguards and the appointment of an National Data Commissioner. However the paper suggests

We can and will do more for improving people’s experience when dealing with government — and data plays an important role in achieving this goal,” Minister for Government Services Stuart Robert said in the paper’s foreword.

The government currently shares public sector data through various laws and mechanisms developed at various points in time, with little consistency or a single point of oversight. The government expects the Data Sharing and Release framework will provide an alternative pathway for government agencies who want to share data.

According to the paper, data sharing must satisfy the purpose test — this means that data can only be shared when it is reasonably necessary to inform government policy, programs, or service delivery, or be in support of research and development.

There are countless examples over the past decade of data breaches by organisations that either should know better or fail to make their systems robust enough to stop penetration by those looking for data for malicious purposes. Placing the onus on those receiving data to ‘safely and respectfully’ share it around really doesn’t give great confidence that our private information will remain private.

It seems the Morrison Government believes ‘religious freedom’ is more important than individual freedoms and privacy, or a federal anti-corruption body, or treating those that need some assistance with respect and understanding.

What do you think?