this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

LIV President's Blog 2014

LIV President's Blog 2014

Geoff Bowyer, LIV President 2014 on the latest issues and topics. Read and comment.

Back To List

What does your metadata reveal about you?

What does your metadata reveal about you?

This weeks guest blogger is Acting LIV President Katie Miller as Geoff Bowyer is currently overseas.

The federal government has confirmed it will introduce legislation for mandatory data retention before the end of the year.

So why, when we consider ourselves to be ‘good people’ who don’t do ‘bad things’, should new data retention laws bother us?

What information will actually be captured about me?

We have been assured that the government intends to mandate storage of ‘just’ metadata and not content. Prime Minister Abbott has said this means the government will require capture and storage of “the address on the envelope but not the letter inside”. We have been assured that this metadata won’t include the URLs (addresses) of the websites we visit. But the metadata will include sender and recipient details of every email or text message we send and every phone call or VOIP call we make and the timing and location of communications - even when those calls and emails are sent through apps like Skype, Facebook or iMessage. Clear? As mud!

Telecommunications company iiNet is opposing mandatory data retention and provides a very good definition of what metadata is.

Stored metadata will provide a rich history of your networks and associations, and other revealing information such as your location. What is most concerning is that the metadata to be captured under the government's proposed scheme will be largely accessible without a warrant and with little scrutiny or oversight.

What sort of metadata do we create?

We create metadata constantly in our technology assisted lives – from mobiles, iPads, activity trackers, PCs and even landlines. I tracked my data creating activity to see what it could reveal about me. Here are some ‘highlights’ of my online life – all before 9am!

Location: North Melb

  • 6:15am: Logged in to Facebook. Scrolled though my news feeds, clicked on post by The Guardian
  • 6.20am: Watched a YouTube clip, Martin Molloy – Birthday Boy and posted it to Brutus' Facebook wall
  • 6.40am: Sent and received multiple text messages to Leslie
  • 7am: Sent three e-mails to LIV councillors and staff
  • 7.05am: Uploaded data from my FitBit including the route of my lunchtime run
  • 7.25am: Downloaded e-mails from Political Candidates A, B and C, Spreets, The Conversation, Leader Newspapers, Groupon

Location: Flemington Rd

  • 8:26am: Received MMS from Rhiannon
  • 8:28am: Sent SMS to Rhiannon
  • 8:29am: Downloaded e-mails from local councillors, Women's Agenda and Crikey
  • 8:29-8:34am: Scanned Twitter home feed, clicked on article about metadata retention

Location: Bourke Street

  • 8:45am: Downloaded e-mail from Escape Travel. Sent e-mail to husband.
  • 8.46-8:50am: Sent and received multiple e-mails to/from husband

What does my online activity reveal?

Some would argue that metadata is more telling than the words. What could be surmised from my metadata? Apart from an obsession with social media and too many e-mail subscriptions? It provides information on whom I’m communicating with, when, for how long and where I was. My e-mail contacts could reveal who I might vote for. The links I click on reveal issues important to me. I tracked my metadata for a few hours. Imagine what could be revealed from 730 days of metadata.

It also demonstrated to me how surveillance can encourage self-censorship. Capturing my data definitely gave me pause when I reached for a device or conducted a Google search. 

Why? Because the fact that we have called a particular number or exchanged emails with a particular person or service can say a lot about us.

Tracking your associations

What if you called a hotline or e-mailed a support service? Its focus could be suicide, domestic violence crisis, child abuse, drug addition, gambling or support for rape victims.

A Stamford University research program demonstrated that metadata could reveal a lot– including medical conditions, religion, mental health status, location and movement, even drug habits and access to abortion.

To get a taste of how my email metadata may reflect my associations, I used a free online tool called Immersion which uses the From, To, Cc and Timestamp fields of your e-mails. This is the picture it revealed:

President's Blog - meta data

Two years of my e-mail metadata paints a clear picture of my networks and associations. This took less than 30 seconds to discover. (Please note that I have changed the names to protect the privacy of my associates - and my sense of irony!)

Does increased surveillance by the state erode our civil liberties?

Mandatory metadata retention, beyond the business needs of telcos and without any suspicion that a person has committed any crime, is a form of surveillance – and surveillance by the state of its citizens, before any indication of wrong doing, is inappropriate in a democratic society.

Currently, metadata retained by telco's as part of their normal operations can already be accessed by a range of federal, state and local agencies, without a warrant. Such information might include numbers called and texted, depending on whether and for how long this information is retained by telcos - it does not include internet browsing. Amounts of data will vary depending on the business needs of the telco. Already even this more limited metadata is accessed without warrants more than 330,000 times each year by enforcement agencies.

Access to metadata by law enforcement that is targeted, and by warrant, is necessary for effective law enforcement. However, mass surveillance is not. We are told this level of surveillance is due to the increasing threat of terrorism, yet we do not know how often intelligence agencies currently access metadata as they are not required to report. Just how much privacy and civil liberties are we giving up and how much additional security are we really gaining in exchange? Like nearly everything with this proposal, none of this is yet clear.

We are citizens – not suspects – and we deserve to be treated as such.

 
Back To List

Comments

Comments

Views expressed on liv.asn.au (Website) are not necessarily endorsed by the Law Institute of Victoria Ltd (LIV).

The information, including statements, opinions, documents and materials contained on the Website (Website Content) is for general information purposes only. The Website Content does not take into account your specific needs, objectives or circumstances, and it is not legal advice or services. Any reliance you place on the Website Content is at your own risk.

To the maximum extent permitted by law, the LIV excludes all liability for any loss or damage of any kind (including special, indirect or consequential loss and including loss of business profits) arising out of or in connection with the Website Content and the use or performance of the Website except to the extent that the loss or damage is directly caused by the LIV’s fraud or wilful misconduct.

G
Jack
This is well known about IBM and the Holocaust.
But what has been done about it?
IBM is as well and as profitable as ever.
27/10/2014 5:56:16 PM

Jack Buchler
Dear Geoff

There are very serious lessons and warnings from history that the architects of the legislation for mandatory data retention need to studiously learn and absolutely not ignore. In the early 1930s the German Government purchased Holerith machines, mechanical punch card based predecessors to computers, from a German subsidiary of IBM. These machines were purchased for purposes of social benefit, to collect and process data on the population to assist in planning for schools, roads, hospitals and other community facilities. In 1933 the Nazis came to power in Germany and gained access to these machines and the data they had been used to collect. They used both for a number of sinister purposes including identifying persons and the location of persons they sought to persecute and exterminate. They also used these machines to set up and manage train timetables to ship these people to camps to eliminate them and to support the logistics of their invasions of their smaller neighbours and their overall war effort. A government in power may collect information with the intention of benefitting or protecting their own people. But once that information is collected if a new government comes to power that no longer has benign intentions towards its own population, if hostile parties gain access to such data via hacking or other security breaches or a foreign power seizes control of a nation that has collected information on its population then that Information can become a tool to inflict tyranny and oppression on that population. I know this through the experence of my parents during the Second World War, who though not placed into concentration camps, had nasty enough experiences in a POW and a slave labour camp. (So nasty that when I mentioned my parents had fallen into the hands of the Nazis my staff badgered me to give them details and when I did they had nightmares afterwards.) After the Second World War many countries learnt the lessons from what the Nazis did. If you watch "Who do you think you are" you will see that before 1945 the census in many nations recorded the names and other personal details such as the religion of persons. After 1945 names and other identifiers were no longer recorded in the censuses of many nations. Lets hope that our legislators have learnt and remember the warnings of history and that the mistakes of history are not repeated in Australian legislation. Otherwise their and our children and grandchildren many pay very dearly.

Regards

Jack Buchler
23/10/2014 7:54:58 PM

Robert Gray
Fantastic, enlightening and scary post. Evokes Orwell. Thanks Katie.
23/10/2014 12:24:20 PM

Eric Vadarlis
Geoff, it is clear that you need a break from your phone/computer....
23/10/2014 12:00:12 PM

Leave comment



 Security code