- The new ‘Hunger Games’ book paints President Snow as a hero—and people are not happy Tuesday 9:03 PM
- Influencer called out for ‘troubling image’ with Kenyan child Tuesday 8:18 PM
- Professor arrested for spending $185K of grant money on iTunes and strippers Tuesday 7:28 PM
- Man cuts his books in half to make them ‘portable,’ spurs online debate Tuesday 6:09 PM
- Fans defend Lana Del Rey after she was mocked for flying commercial Tuesday 5:10 PM
- Lady Gaga fans find alleged new song name in her website’s code Tuesday 4:42 PM
- Barstool Sports deletes anti-union tweets, blog post in settlement Tuesday 3:47 PM
- The ‘can have … as a treat’ meme has come full circle Tuesday 3:09 PM
- Joe Rogan says he’s voting for Bernie Sanders Tuesday 2:54 PM
- Woman spots mole in man’s TikTok video, saves him from cancer Tuesday 2:17 PM
- ‘You’ star confirms his character is queer and ‘never will be’ straight Tuesday 1:08 PM
- This Twitch streamer pooped his pants during a broadcast Tuesday 12:17 PM
- Apple’s iCloud encryption plan halted amid FBI pressure, report Tuesday 10:57 AM
- Glenn Greenwald charged with cybercrimes in Brazil Tuesday 10:48 AM
- BadBunny rips her fans for not sending her enough money Tuesday 10:06 AM
New Australian law requires ISPs to hold customer records for at least 2 years
Privacy advocates aren’t happy.
Australian phone and Internet companies face new requirements for retaining customer records under a law that took effect on Tuesday.
The new policy requires companies to hold onto customer metadata—information about phone calls and email activity but not call recordings or email contents—for at least two years. The policy does not cover Web browsing activity like the URLs of websites visited.
The Australian parliament passed the bill in late March, despite objections from civil-liberties advocates and privacy groups who warned that the new policy would embolden illegal government surveillance. Metadata access requests do not require a warrant or any judicial approval.
“The way that the legislation is drafted doesn’t provide us with all of the detail about what exactly is required in all of their services.”
Lawmakers made limited efforts to address privacy concerns by requiring the Australian attorney general to approve metadata requests from non-law-enforcement agencies. Those agencies could previously access it directly. The Commonwealth Ombudsman, Australia’s national liaison between government agencies and private citizens, can also review metadata requests.
The law includes an exception to the warrant-free access for requests seeking journalists’ metadata in an attempt to identify their sources, but those warrant requests still occur in secret, much like the proceedings of the Foreign Intelligence Surveillance Court (FISC) in the United States.
“Customer data now sits in yet another honey pot, ripe for malicious attackers,” said Peter Micek, a senior policy counsel at the digital-rights group Access. “Civil society loses out when their contacts, call records, and more lay in wait for adversaries—whether the Five Eyes governments, or simply bureaucrats and telco technicians willing to abuse their access. Donor pools, overseas contacts, and conversations with vulnerable clients, such as asylum seekers, will now be exposed for business purposes much longer than necessary. Make no mistake: this data retention machine will chill speech.”
Nearly nine in 10 Australian Internet service providers say that they are not ready to implement the new retention policy, which requires them to submit retention plans that the government must approve and could force them to buy more servers to store the data.
“The way that the legislation is drafted doesn’t provide us with all of the detail about what exactly is required in all of their services,” John Stanton, CEO of the Australian telecom industry group Communications Alliance, told the Australian Broadcasting Corporation.
Beginning today, if you are Australian, everything you do online is being tracked, stored, and retained for 2 years. https://t.co/g8etUYgHGr— Edward Snowden (@Snowden) October 12, 2015
Although metadata only consists of information about communications, those records can be enough to assemble a fairly clear picture of an individual’s online activities. For example, while phone calls to psychiatrists are not recorded, it is trivially easy to match a phone number that repeatedly appears in customer metadata to a psychiatrist’s office.
The role of metadata in U.S. surveillance programs prompted Congress to pass a law that restricted how the NSA could access those records, shifting the collection responsibility from the government to American ISPs. That law, the USA Freedom Act, does not require ISPs to hold onto metadata for a specified period of time, something that surveillance hawks have said they favor as a way of preserving records for investigations.
The Office of the Australian Information Commissioner is expected to release a public report on ISPs’ compliance with law-enforcement data requests in late October.
Update 1:53pm CT, Oct. 13: Added comment from Access.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.