- What we learned when we visited Mr. B, America’s chonkiest cat 4 Years Ago
- Trump’s new plan to fight opioid overdose? This tweet 4 Years Ago
- Fitness influencer shamed for ‘sharing numbers’ in weight loss posts 4 Years Ago
- The VSCO Girl has always been here 4 Years Ago
- Tomi Lahren’s new ‘Freedom’ clothing line is made for meme mockery Today 12:21 PM
- Taylor Swift’s ‘London Boy’ is a bop, but Brits don’t think her lyrics are accurate Today 12:02 PM
- Popeyes blasted for employee welfare amid chicken sandwich war Today 11:59 AM
- Cory Booker says nonbinary ‘niephew’ taught him about trans issues Today 11:53 AM
- Megachurch pushes conversion therapy on Instagram, Facebook with #OnceGay Today 11:11 AM
- Christian movie review site blasts Netflix’s ‘The Family’ Today 10:50 AM
- YouTube removes ‘coordinated’ channels spreading Hong Kong misinformation Today 8:58 AM
- Christina Hendricks reveals she was the hand model for ‘American Beauty’ Today 8:30 AM
- Why can’t independent feminist websites stay afloat? Today 8:17 AM
- Far-right troll Jacob Wohl scammed a Trump fan out of $25,000 Today 7:54 AM
- How to stream Browns vs. Buccaneers in key preseason action Today 7:02 AM
New Australian law requires ISPs to hold customer records for at least 2 years
Privacy advocates aren’t happy.
Australian phone and Internet companies face new requirements for retaining customer records under a law that took effect on Tuesday.
The new policy requires companies to hold onto customer metadata—information about phone calls and email activity but not call recordings or email contents—for at least two years. The policy does not cover Web browsing activity like the URLs of websites visited.
The Australian parliament passed the bill in late March, despite objections from civil-liberties advocates and privacy groups who warned that the new policy would embolden illegal government surveillance. Metadata access requests do not require a warrant or any judicial approval.
“The way that the legislation is drafted doesn’t provide us with all of the detail about what exactly is required in all of their services.”
Lawmakers made limited efforts to address privacy concerns by requiring the Australian attorney general to approve metadata requests from non-law-enforcement agencies. Those agencies could previously access it directly. The Commonwealth Ombudsman, Australia’s national liaison between government agencies and private citizens, can also review metadata requests.
The law includes an exception to the warrant-free access for requests seeking journalists’ metadata in an attempt to identify their sources, but those warrant requests still occur in secret, much like the proceedings of the Foreign Intelligence Surveillance Court (FISC) in the United States.
“Customer data now sits in yet another honey pot, ripe for malicious attackers,” said Peter Micek, a senior policy counsel at the digital-rights group Access. “Civil society loses out when their contacts, call records, and more lay in wait for adversaries—whether the Five Eyes governments, or simply bureaucrats and telco technicians willing to abuse their access. Donor pools, overseas contacts, and conversations with vulnerable clients, such as asylum seekers, will now be exposed for business purposes much longer than necessary. Make no mistake: this data retention machine will chill speech.”
Nearly nine in 10 Australian Internet service providers say that they are not ready to implement the new retention policy, which requires them to submit retention plans that the government must approve and could force them to buy more servers to store the data.
“The way that the legislation is drafted doesn’t provide us with all of the detail about what exactly is required in all of their services,” John Stanton, CEO of the Australian telecom industry group Communications Alliance, told the Australian Broadcasting Corporation.
Beginning today, if you are Australian, everything you do online is being tracked, stored, and retained for 2 years. https://t.co/g8etUYgHGr— Edward Snowden (@Snowden) October 12, 2015
Although metadata only consists of information about communications, those records can be enough to assemble a fairly clear picture of an individual’s online activities. For example, while phone calls to psychiatrists are not recorded, it is trivially easy to match a phone number that repeatedly appears in customer metadata to a psychiatrist’s office.
The role of metadata in U.S. surveillance programs prompted Congress to pass a law that restricted how the NSA could access those records, shifting the collection responsibility from the government to American ISPs. That law, the USA Freedom Act, does not require ISPs to hold onto metadata for a specified period of time, something that surveillance hawks have said they favor as a way of preserving records for investigations.
The Office of the Australian Information Commissioner is expected to release a public report on ISPs’ compliance with law-enforcement data requests in late October.
Update 1:53pm CT, Oct. 13: Added comment from Access.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.