Mandatory data retention, as told by an actual tech-head

On Tuesday, Tony Abbott along with Attorney-General George Brandis announced a raft of new terror laws using the slogan "Team Australia" with an entirely straight face. Bundled in the announcement – perhaps hoping nobody would notice – was a proposal for mandatory data retention, which has turned into a circus of political stumbles and back-flips as those involved attempt to comprehend just what it is they're talking about.

If you're not aware, mandatory data retention is a scheme by which carriers like Telstra and iiNet are compelled to keep detailed records of customer activity for the purposes of law enforcement. While some of this information is already stored (such as that in the breakdown in your phone bill), a lot of it isn't kept on file because it would represent a massive invasion of privacy.

The main problem is that the government wants to compile a massive amount of data about every single person in the country, store it for two years and rifle through it at will to find, surveil and prosecute crime, all without a warrant. It's been described by Abbott as "not the content of the letter, it's what's on the envelope", which is a bad metaphor considering for starters most people are sending out potentially hundreds of "envelopes" per second from the smartphone in their pocket without realising.

It’s not about being worried, or wanting to ‘hide’ anything. It’s about the right to decide what you keep private and what you allow to be shared. YOU should be the one to make that call, and that decision should stick until a warrant or something similar is issued to law enforcement agencies to seize your information. - iiNet blog post on privacy

The problems are numerous and include:

  • The lack of judicial oversight means everyone is surveilled and can be snooped on without legal safeguards. Though politicians assure us they're only interested in "metadata", this kind of information can be incredibly personal when compiled together.
  • This leads to the loss of presumption of innocence. Governments don't maintain detailed files on innocent people, and they certainly don't place them under round the clock surveillance. Matthew Beard argues on The Drum that not knowing who or when someone might be watching may one day change the way people behave in their personal lives.
  • The cost of collecting and maintaining all the data in the first place has the potential to blow out to a massive figure, and either way the taxpayer will end up paying for it. iiNet says it may cost the customer $130/year extra just to maintain their own dirt file.
  • We've seen what the NSA has done with their mass-surveillance capabilities, from stalking exes to passing around compromising photos that were supposed to be kept private. Poland was one of the countries who implemented a data retention regime in Europe, and they routinely use data to find and prosecute petty civil offences, in two cases exposing journalist sources without judicial oversight.

    This is the kind of thing we're assured could never happen here because the "appropriate safeguards" will be put in place, but it's difficult to believe when neither the attorney general nor the prime minister can put a coherent sentence together about the proposal.

    Abbott said the overall terrorist threat in Australia had been unchanged from “medium” since the 11 September 2001 attacks but there was “heightened concern” about terrorism and greater numbers of Australians being “radicalised and militarised” in overseas conflicts. - "Tony Abbott dumps race act changes to 'preserve unity' in terrorism fight" - The Guardian

    The kicker is that everything Brandis and Abbott are spruiking is generally possible today through legal channels. We don't need more onerous terror laws to catch people coming back from Syria, this is a problem we already know about and have the resources to deal with. If anything, we could use more funding going to our law enforcement agencies to solve serious crimes rather than a blank cheque to implicate anyone for virtually anything later on.

    Mandatory data retention is a massive overreach on behalf of the government and has the potential to completely change how we live our increasingly digital lives. There's no justification for indiscriminately storing the day-to-day activities of every person in the country, and no reasonable person can sit by idly and let it happen. It's not what we voted for, and it's not at all in the best interests of our nation.