- QAnon believers link small-town arrest to deep state conspiracy without evidence 4 Years Ago
- Instagram photos showing prison conditions spark massive protest Today 1:33 PM
- ‘Gay rat wedding’ headline sparks amazing new meme Today 1:03 PM
- ‘I read a gossip piece’ meme mocks Moby’s Instagram post Today 12:39 PM
- Rotten Tomatoes wants to see your ticket stub to leave a verified review Today 11:46 AM
- ‘Sonic the Hedgehog’ movie delayed to 2020 to fix his look Today 11:39 AM
- ‘Swamp Thing’ gets off to a promising start, but can it tell a convincing love story? Today 11:34 AM
- ‘Falling on deaf ears’: ‘Queer Eye’ star sparks conversation about ableist idioms Today 11:15 AM
- Parents are spending thousands on YouTube camps that teach kids how to be famous Today 10:43 AM
- In season 2 of ‘She’s Gotta Have It,’ Spike Lee remains unapologetically himself Today 10:36 AM
- Trump selling Pride shirts is a grotesque insult to the LGBTQ community Today 10:27 AM
- Logan Paul is being mocked for pulling out of slapping competition Today 9:57 AM
- 47 House Democrats sign criticized net neutrality working group letter Today 9:17 AM
- How ‘and I oop’ became the perfect reaction meme for shocking developments Today 8:47 AM
- Netflix’s ‘The Perfection’ is a totally unhinged, WTF horror film Today 8:00 AM
New Australian law requires ISPs to hold customer records for at least 2 years
Privacy advocates aren’t happy.
Australian phone and Internet companies face new requirements for retaining customer records under a law that took effect on Tuesday.
The new policy requires companies to hold onto customer metadata—information about phone calls and email activity but not call recordings or email contents—for at least two years. The policy does not cover Web browsing activity like the URLs of websites visited.
The Australian parliament passed the bill in late March, despite objections from civil-liberties advocates and privacy groups who warned that the new policy would embolden illegal government surveillance. Metadata access requests do not require a warrant or any judicial approval.
“The way that the legislation is drafted doesn’t provide us with all of the detail about what exactly is required in all of their services.”
Lawmakers made limited efforts to address privacy concerns by requiring the Australian attorney general to approve metadata requests from non-law-enforcement agencies. Those agencies could previously access it directly. The Commonwealth Ombudsman, Australia’s national liaison between government agencies and private citizens, can also review metadata requests.
The law includes an exception to the warrant-free access for requests seeking journalists’ metadata in an attempt to identify their sources, but those warrant requests still occur in secret, much like the proceedings of the Foreign Intelligence Surveillance Court (FISC) in the United States.
“Customer data now sits in yet another honey pot, ripe for malicious attackers,” said Peter Micek, a senior policy counsel at the digital-rights group Access. “Civil society loses out when their contacts, call records, and more lay in wait for adversaries—whether the Five Eyes governments, or simply bureaucrats and telco technicians willing to abuse their access. Donor pools, overseas contacts, and conversations with vulnerable clients, such as asylum seekers, will now be exposed for business purposes much longer than necessary. Make no mistake: this data retention machine will chill speech.”
Nearly nine in 10 Australian Internet service providers say that they are not ready to implement the new retention policy, which requires them to submit retention plans that the government must approve and could force them to buy more servers to store the data.
“The way that the legislation is drafted doesn’t provide us with all of the detail about what exactly is required in all of their services,” John Stanton, CEO of the Australian telecom industry group Communications Alliance, told the Australian Broadcasting Corporation.
Beginning today, if you are Australian, everything you do online is being tracked, stored, and retained for 2 years. https://t.co/g8etUYgHGr
— Edward Snowden (@Snowden) October 12, 2015
Although metadata only consists of information about communications, those records can be enough to assemble a fairly clear picture of an individual’s online activities. For example, while phone calls to psychiatrists are not recorded, it is trivially easy to match a phone number that repeatedly appears in customer metadata to a psychiatrist’s office.
The role of metadata in U.S. surveillance programs prompted Congress to pass a law that restricted how the NSA could access those records, shifting the collection responsibility from the government to American ISPs. That law, the USA Freedom Act, does not require ISPs to hold onto metadata for a specified period of time, something that surveillance hawks have said they favor as a way of preserving records for investigations.
The Office of the Australian Information Commissioner is expected to release a public report on ISPs’ compliance with law-enforcement data requests in late October.
Update 1:53pm CT, Oct. 13: Added comment from Access.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.