- How to stream UFC Fight Night 148 for free 3 Years Ago
- The kids are making scantron memes instead of studying 3 Years Ago
- Every installment of Hulu’s ‘Into the Dark,’ ranked Today 6:00 AM
- The internet is mocking Robert Mueller’s report deadline Friday 7:53 PM
- Instagram blocks some anti-vax hashtags—but still has far to go Friday 6:20 PM
- Study: Netflix released more originals than licensed titles last year Friday 2:26 PM
- Laura Ingraham, Dinesh D’Souza slam journalist for having a job Friday 1:40 PM
- Netflix is testing a cheap-as-hell mobile-only plan Friday 1:08 PM
- Astrology app Co-Star’s bizarre push notifications are now a meme Friday 12:18 PM
- ‘The Dirt’ offers a sanitized history of Mötley Crüe—but why? Friday 11:42 AM
- ‘The Dirt’ director Jeff Tremaine on Mötley Crüe’s long, difficult road to Netflix Friday 11:30 AM
- Here’s video of yet another alleged gunman looking for YouTuber Adam22 Friday 11:09 AM
- 12 mugs that are absolutely purr-fect for cat enthusiasts Friday 10:58 AM
- Jared Kushner used WhatsApp for official White House business Friday 10:50 AM
- Unsettled Tom memes are on the rise Friday 10:36 AM
New Australian law requires ISPs to hold customer records for at least 2 years
Privacy advocates aren’t happy.
Australian phone and Internet companies face new requirements for retaining customer records under a law that took effect on Tuesday.
The new policy requires companies to hold onto customer metadata—information about phone calls and email activity but not call recordings or email contents—for at least two years. The policy does not cover Web browsing activity like the URLs of websites visited.
The Australian parliament passed the bill in late March, despite objections from civil-liberties advocates and privacy groups who warned that the new policy would embolden illegal government surveillance. Metadata access requests do not require a warrant or any judicial approval.
“The way that the legislation is drafted doesn’t provide us with all of the detail about what exactly is required in all of their services.”
Lawmakers made limited efforts to address privacy concerns by requiring the Australian attorney general to approve metadata requests from non-law-enforcement agencies. Those agencies could previously access it directly. The Commonwealth Ombudsman, Australia’s national liaison between government agencies and private citizens, can also review metadata requests.
The law includes an exception to the warrant-free access for requests seeking journalists’ metadata in an attempt to identify their sources, but those warrant requests still occur in secret, much like the proceedings of the Foreign Intelligence Surveillance Court (FISC) in the United States.
“Customer data now sits in yet another honey pot, ripe for malicious attackers,” said Peter Micek, a senior policy counsel at the digital-rights group Access. “Civil society loses out when their contacts, call records, and more lay in wait for adversaries—whether the Five Eyes governments, or simply bureaucrats and telco technicians willing to abuse their access. Donor pools, overseas contacts, and conversations with vulnerable clients, such as asylum seekers, will now be exposed for business purposes much longer than necessary. Make no mistake: this data retention machine will chill speech.”
Nearly nine in 10 Australian Internet service providers say that they are not ready to implement the new retention policy, which requires them to submit retention plans that the government must approve and could force them to buy more servers to store the data.
“The way that the legislation is drafted doesn’t provide us with all of the detail about what exactly is required in all of their services,” John Stanton, CEO of the Australian telecom industry group Communications Alliance, told the Australian Broadcasting Corporation.
Although metadata only consists of information about communications, those records can be enough to assemble a fairly clear picture of an individual’s online activities. For example, while phone calls to psychiatrists are not recorded, it is trivially easy to match a phone number that repeatedly appears in customer metadata to a psychiatrist’s office.
The role of metadata in U.S. surveillance programs prompted Congress to pass a law that restricted how the NSA could access those records, shifting the collection responsibility from the government to American ISPs. That law, the USA Freedom Act, does not require ISPs to hold onto metadata for a specified period of time, something that surveillance hawks have said they favor as a way of preserving records for investigations.
The Office of the Australian Information Commissioner is expected to release a public report on ISPs’ compliance with law-enforcement data requests in late October.
Update 1:53pm CT, Oct. 13: Added comment from Access.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.