Nov 17, 2016

Data breach illustrates danger of mass surveillance

Revelations of trafficking of Australians' metadata illustrate that data retention -- which has no benefits for law enforcement -- is a serious threat to Australians.

Bernard Keane — Politics editor

Bernard Keane

Politics editor

The biggest media story today should be Nick McKenzie and Richard Baker's revelation that the metadata of Telstra, Vodafone and Optus customers is available for sale in India via call centre employees. It's frightening, disturbing -- and illustrates just how dangerous to Australians the government's mass surveillance regime is. Crikey warned repeatedly that data retention would create a vast trove of personal and highly revealing information about every Australian that would inevitably be targeted successfully by thieves. Last year we suggested such information might be hacked, but McKenzie and Baker have shown there's no coding skill required -- you just need to bribe an employee with the right access. [The Chinese surveillance company safeguarding Australian democracy] If it's relatively straightforward for an Indian company to secure metadata on Australians -- the three companies involved would cover nearly every adult and most teenagers in the country -- then it would be equally straightforward for organised crime and state intelligence agencies of other countries to secure the same information. Almost certainly they already have. Looking for an Australian intelligence or Defence official to compromise? Looking for a witness in a criminal case? Their metadata will show you who they've called, when they called and how long the calls lasted, not to mention where they have been at all times the phone was on, enabling you to assemble a comprehensive picture of their medical, relationship and social circumstances. These warnings were made at the time Malcolm Turnbull and George Brandis legislated the Abbott government's mass surveillance scheme, but were unheeded. There weren't even any requirements imposed on industry subject to the data retention laws about the security of retained data -- and certainly no restrictions on offshore storage or accessing of data. And, in truth, it would be enormously difficult for retained metadata to be stored securely anyway -- there is always the "insider threat" of employees who have access to the data passing it on, no matter how well stored the data is. [Surveillance advocates hit us with their best shot] There's only one truly effective way to securely protect data, and that's not to store it at all. No one can steal what you don't retain. If we had a half-decent parliamentary intelligence committee, it would immediately launch an inquiry into this breach, its implications for national security and whether the data retention regime that it endorsed needs to be amended. Instead, we have a committee that's incapable of initiating its own inquiries, and which is currently led by a junior MP with minimal parliamentary or life experience, Michael Sukkar, who seems to be too busy attacking "elites" and endorsing Donald Trump to do his committee chair job. And remember, this is all for a mass surveillance scheme that has zero actual benefit for reducing crime or terrorism or improving crime clearance rates. The only people benefiting from data retention are the crooks like those exposed by McKenzie and Baker.

Free Trial

You've hit members-only content.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

6 thoughts on “Data breach illustrates danger of mass surveillance

  1. zut alors

    The big corporations outsource to countries beleaguered by poverty in order to pay peasant wages therefore confidentiality was always going to be a risk. Not to suggest that Australian employees would never sell off information but we live in an affluent country where financial desperation is not as prevalent.

    It would be enlightening to know how many Australian jobs have been lost to foreign countries.

  2. Dog's Breakfast

    Further to Zuts point, why wouldn’t we mandate that certain industries that have and retain sensitive personal data due to totalitarian laws must store it with Australian companies and employ people within Australia to oversee that storage, security etc.

    I know it might sound like protectionism to you Bernard, but there is valid reasoning behind it, no more than the fact that any American company holding our data is subject to their legislation which means it has to be handed over to the CIA at any time.

    I like to call this stuff ‘Policy’.

  3. Nota Bene

    “zero actual benefit for reducing crime or terrorism ”
    Quite so, and yet ever since WW2, the Five Eyes have been vacuuming up everything they could get their hands on – which was almost everything carried using electricity.
    So why all that effort? What is the real reason?

  4. Jennifer Green

    And Green senator Scott Ludlam – and the Greens generally were on to this…and ignored

  5. Graeski

    What we need is for a few high profile people on the Right to have their lives and personal reputations destroyed by some salacious details extracted from this metadata. This would get an immediate response from government. If it happens, or could happen, to a lesser personage then Turnbull, Brandis and co wouldn’t give a rats.

  6. AR

    We can neither uninvent the Net nor undo the commercial data collection of every iota of our existence, let alone security surveillance.
    The only power we have is to demand that we, the People, have total access to the copyright of that material.
    Nothing like a profit hit to make corporations sit up & take notice.
    It is our data therefore it is as integral as our thoughts (not least because more can be learned from it) as our consciousness… if any.

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details