The dust has settled and the general Australian public has gone back to their normal lives. Governments have once again succeeded and what was once private is now part of surveillance “for the greater good”. Not too long ago, we raised a storm with our efforts to raise awareness about Australia’s Meta Data Retention and this is piece is nothing but a subtle reminder of what went down.
As part of our efforts, we reached out to influential Australians and asked them a series of simple questions. Having done interviews with Bernard Keane and Mark Gambino, Richard Chirgwin was the most obvious next choice. For those living under a rock, Chirgwin has spent about twenty eight years covering technology! It goes without saying that the guy knows what he’s on about, so when he agrees that the Australian Government doesn’t truly understand the implications of Data Retention- you better listen to what he has to say.
The Interview
Q: Do you think people are fully aware of what Data Retention actually is and the gravity of the situation? Do they comprehend the fact that they will now be monitored 24/7? If not, why?
Response: In general, I think Australians are poorly informed about data retention. Until this year, it’s been a low-profile issue in the media (even though the political debate goes back to the early years of the Rudd government – 2008 or so). It’s only this year that mainstream journalists have caught up with the implications of data retention.
Public understanding is also harmed by the tendency of journalists to frame the debate in terms of their own work, and the impact on whistleblowers, rather than universal collection.
Q: What to do you have to say to someone who says, “I have nothing to hide and thus I’m the least bit bothered with Data Retention…”
Response: It’s hard to know what to say: that mindset is pervasive and very difficult to shift.
The best I can offer is that the agencies with access to stored data do not have an impressive record, either for respecting citizens’ privacy, nor for the rules that govern their access to systems – I have documented some of this in the following article “WANTED: A plan to DESTROY metadata, not just retain it”
Q: Getting a warrant was made difficult for a reason. One should not invade an individual’s privacy without substantial reason. Does Data Retention, and no need for a warrant, give too much power to the state?
Response: On the one hand, I agree that warrants should be required. However, even a promise from government that access will be managed by warrants has the effect of normalising the existence of data retention.
Q: In an interview with Sky News, Attorney-General George Brandis seemed rather confused as to what information the government wants stored. Do you think that the government completely understands the implications of Data Retention?
Response: Emphatically no: a consistent complaint from Australia’s ISPs and telcos has been that the Department of the Attorney-General has trouble explaining what it wants.
Q: What are the government’s intended goals with regards to Data Retention? Keeping in mind that such laws have failed to achieve much success in countries like Netherlands and Germany, do you think metadata retention will result in any significant change? Will the government achieve what it has set out to do?
Response: I don’t believe successive governments have had any clear idea of their goals. Data retention has been driven by law enforcement and national security agencies, and government ministers have always struggled to get across the details.
It’s worth noting that many of the “law enforcement success” stories used to bolster the case for data retention were achieved the latest legislation.
Q: Given the overall public outcry, will the Turnbull regime rollback data retention plans, keeping in mind he himself proposed using VPNs to circumvent metadata collection? In addition to Turnbull himself, numerous organizations and countless security experts have pointed to VPNs as a solution. What’s your take on using a VPN for maintaining personal privacy?
Response: Regarding a rollback: no, the government won’t roll it back.
Regarding VPNs: the problem is that understanding, selecting, and verifying encryption technology defeats experts. It’s far beyond the general public – and that means at some point it’s necessary to take someone else’s recommendation on trust.
Q: Do you think the widespread use of VPNs will undermine the government’s ability to accurately conduct metadata retention?
Response: Up to a point, yes – with the caveat I mentioned. I don’t think VPNs will become widespread, however, because they’re likely to be regarded as “too much trouble” by people without technical literacy.
Q: Harry Tucker (News AU) reports, “This scheme is allegedly being implemented to protect the country against organized crime and terrorism”. Do you think this has nothing to do with The Dallas Buyers Club Case, The Trans-Pacific Partnership and major broadcasting restrictions put in place to benefit media companies?
Response: The availability of stored data for (for example) copyright litigation is complex. The intent of the legislation is to restrict the data’s use only to agencies the Minister decides can access it. So in that sense, the data retention laws are not related to the DBC case or the TPP.
It’s also important to note that data retention existed as a political push long before DBC – it’s always been a law-enforcement-national-security push.
However: if data exists, it’s feasible that it could be called under subpoena by a copyright owner launching a case. It would then be up to a court to decide whether the data retention legislation stops this happening.
So – I don’t think copyright was ever a driver of data retention, but rights-holders could become accidental beneficiaries of the data.
Q: What is the one piece of advice you give to everyone concerned with online security?
Response: Change the default password on your home broadband router, and turn off remote access!
I am perfectly serious in this: for most people, most of the time, their home router is their greatest danger. Among all the things you can’t control, here’s one you can, and it’s a defence against a real and active attack. Your VPN means nothing if someone can walk through your home PC because the router has admin/admin as the password and remote access is switched on!
PureVPN
November 24, 2022
1 year ago
