AusCERT 2015: Protections missing from data retention regime

Futurewise’s Justin Clacherty says that the new data retention regime is a form of mass surveillance
Justin Clacherty.

Justin Clacherty.

Justin Clacherty of policy advocate group Futurewise has lambasted the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 as a form of mass surveillance.

The legislation, which passed in March, means that telcos and ISPs will be obliged to retain a range of customer data for 24 months.

The data will be accessible to a number of law enforcement agencies under a warrant-free regime.

The legislation was passed with support from Labor after the Coalition government agreed to a number of amendments recommended by a parliamentary inquiry, such as requiring data retained under the scheme to be encrypted.

Speaking at the AusCERT security conference on the Gold Coast, Clacherty said that privacy protections need to be put in place at the point of gathering people’s data, not afterwards.

“Once the data has been gathered, you have been subject to surveillance and the data is there. There is no judicial oversight and we need it."

Within Australia there are hundreds of thousands of requests for so-called metadata made every year. Judicial oversight would substantially reduce that figure, Clacherty said.

He said there is a need for Australian politicians who understand technology, or at least politicians that accept advice from tech-savvy people.

“The Internet has been around for 40 years so [politicians] need to understand this because you are writing policy,” he said.

“There needs to be meaningful debate about the bill. We need to be talking about it and explaining to people what happens.”

The new regime draws a distinction between the 'content' of a communication, which requires a warrant to access and is not part of the data retention regime, and the so-called metadata, which doesn't.

However Clacherty said that the data retained under the scheme can still tell you a lot about an individual's life.

“It shows everyone you speak to, daily routines. This is a social engineer’s dream. It is effectively a regime of mass indiscriminate surveillance.”

He said that the government has failed to demonstrate that data retention is needed.

“A law like this needs to be necessary and proportionate. Surveillance of the entire population to get .001 per cent of people who are doing bad things is just crazy.”

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia