Saturday, 1 November 2014

The five data retention lies you were told yesterday –

The five data retention lies you were told yesterday –

The five data retention lies you were told yesterday

The Government’s unveiling of its data retention scheme was
unaccompanied by blatant falsehoods by people who have no excuse not to
know better.

In the course of the government’s announcement yesterday of
its proposal for a mass surveillance data retention scheme, a number of 
falsehoods were uttered. Given the ministers involved have access to an
army of bureaucrats who supposedly are across these issues, we can only
assume the falsehoods were deliberate — but we’ll let you be the judge.
Let’s go through them.


1. Malcolm Turnbull: “The important thing to understand
about this metadata bill, these amendments, is that it is not creating
new classes of data to be retained… it’s about preserving the status

Status: False

Turnbull, Attorney-General George Brandis
and the Prime Minister have all repeatedly claimed data retention does
not involve data not already retained by communications companies as
part of existing business practices. This was comprehensively refuted by
iiNet in its response to the government’s industry consultation paper. In fact, the government’s own paper refutes it. As iiNet notes,

“The Consultation Paper expressly states that data which falls
within the defined data set will be required to be retained ‘even if
this exceeds business needs’ and that ‘the policy recognises that
providers may need to modify some systems to ensure they meet the
minimum standard”.”

And this is no longer merely the claim of iiNet. Yesterday, Telstra stated in its response to the bill “complying with the legislation will go beyond Telstra’s current business practices”.

2. George Brandis “I want to stress, as Mr Turnbull
stressed in his second reading speech, that this bill confers no new
powers on ASIO, the AFP or on law enforcement agencies.”

Status: False

Putting aside the minor legal point that the bill gives the
government a new power to force communications companies to store data,
agencies can already access metadata without a warrant, true. But the
bill will give them the power to access historical data, and data in
volume, enabling the extensive and detailed profiling of individuals and
their communities in a way currently impossible (assuming both telcos
and security agencies are operating within the law). The bill will also
enable agencies to obtain data showing the geographical location of
individuals, using mobile phone data. This is exactly where the bill
represents the greatest threat to whistleblowers, activists, journalists
and politicians: it significantly increases the power of security
agencies to track down those who threaten governments and the powerful.
It will also, incidentally, create a vast trove of data about an
individual and a company that can be subpoenaed as part of civil
litigation — imagine a large company subpoenaing the phone records of a
suspected whistleblower as part of a campaign of litigation against

3. Duncan Lewis, head of ASIO: “access to
telecommunications metadata history is critical and central to ASIO’s
work as we go about protecting the security and the safety of we
Australians, our families and our interests.”

Andrew Colvin, head of the AFP:  I speak on behalf of
all law enforcement in this country when I say how fundamentally
important this is to us, not just in a national security context but so
fundamental in most of the crimes, particularly serious and organised
crimes, that we investigate on a daily basis.

Status: False

No one disputes that metadata is a key investigative tool. But if metadata history is critical and central to ASIO’s work, why has it barely used
the data preservation power given to agencies in 2012? That enables
ASIO to require a telco to preserve data for up to 90 days before it
needs to get a warrant — which is just shy of the three month period
that, in the UK, covers 75% of all data requests. ASIO already has the
power to capture someone’s metadata history if they’re linked to any
crime carrying more than three years in jail, and it’s not using it. And
why two years? The original, now overturned, European Union data
retention directive was for a minimum of six months. As the UK data
shows, the vast majority of data requests relate to data less than three
months old.

And if metadata history is so crucial to both
counter-terrorism and law enforcement, why did the German data retention
regime see such a negligible shift in the crime clearance rate
in that country? Why did Barack Obama’s hand-picked National Security
Agency surveillance review panel conclude that the NSA’s massive
surveillance of Americans, which went far beyond the scheme proposed by
the government, not stop a single terrorist attack?

4. George Brandis “Most of the work that the PJCIS needs to do about this has already been done.

Status: False

As Brandis himself must know, one of the key problems for
the Joint Committee on Intelligence and Security’s inquiry into over 40
national security reform proposals, including data retention, was the
inability of the then-government, and the then-attorney-general, to
explain what they meant by data retention. The committee explicitly
addressed this, with then-chair Anthony Byrne writing at the start of
the report:

…the lack of any draft
legislation or detail about some of the potential reforms was a major
limitation and made the Committee’s consideration of the merit of the
reforms difficult. This also made it hard for interested stakeholders to
effectively respond to the terms of reference… one of the most
controversial topics canvassed in the discussion paper —data
retention—was only accorded just over two lines of text. This lack of
information from the Attorney-General and her Department had two major
consequences. First, it meant that submitters to the Inquiry could not
be sure as to what they were being asked to comment on. Second, as the
Committee was not sure of the exact nature of what the Attorney-General
and her Department was proposing it was seriously hampered in the
conduct of the inquiry and the process of obtaining evidence from

As Byrne explained, the result was that “the Committee’s
conclusions are often qualified or suggest areas where further work is
needed.” And clearly the current committee doesn’t agree with Brandis
either. The committee will not report on its inquiry into data retention
until next year (and Labor communications shadow Jason Clare, and
shadow Attorney-General Mark Dreyfus, will join the committee for it,
replacing Stephen Conroy and Tanya Plibersek).

5. Brandis:  “…for the avoidance of doubt, the bill
makes it explicit by Section 187 A4 that nothing in the bill requires a
service provider to keep information about the content of a person’s
communications and specific provision is made to exempt from the scope
of the bill a person’s web browsing history.”

Status: true — but irrelevant

Perhaps the greatest lie of all in data retention is that
metadata is somehow innocuous and it’s content where the real threat to
privacy lies. In fact, collected metadata is equally or even more
privacy-intrusive than content. The General Counsel for the United States National Security Agency has said
“metadata absolutely tells you everything about somebody’s life. If you
have enough metadata, you don’t really need content.” As Edward Snowden
says: “You can’t trust what you’re hearing, but you can trust the
metadata.” And data retention will deliver to authorities a two-year
portrait of everything you’ve done in your life involving a
communications device, even when that device is sitting unused in your
pocket. Whether it’s content or not doesn’t change that.

No comments:

Post a Comment