Government officials have no idea where Australians’ metadata, compulsorily retained under its mass surveillance laws by communications providers, is being stored.
Officials of the Attorney-General’s Department made the extraordinary admission today in hearings of the Joint Committee on Intelligence and Security, which is examining the Telecommunications and Other Legislation Amendment Bill 2016. That bill establishes new notification requirements relating to Australian companies’ data security and requires them to “do their best to manage the risk of unauthorised access and interference to networks and facilities” as well as giving AGD and the Attorney-General additional powers of information-gathering and direction.
Committee deputy chair and former chair Anthony Byrne quizzed AGD officials about how much metadata retained under the government’s data retention laws is stored offshore by service providers. Officials said they didn’t know, despite an industry consultation process that commenced in 2012.
One of the key concerns expressed about the mass surveillance scheme — established by the Abbott government in 2015, allegedly in response to growing terrorist threats — was that the metadata of most of the population of Australia would be a highly attractive honey pot for organised crime and hackers. Data held overseas, rather than locally, was of particular concern, with a number of stakeholders such as the Victorian Privacy Commissioner, the Law Council of Australia and the Australian Information Industry Association complaining that the data retention bill did not prevent offshore storage of Australians’ data. The government at that time declined to address those concerns, but promised a mandatory data breach notification scheme — which, after years of waiting, was only just passed this week.
[Your guide to the data retention debate: what it is and why it’s bad]
Remarkably, however, despite years of industry consultation, the Attorney-General’s Department has no idea just what amount of data is stored offshore by companies since the scheme began. AGD is currently conducting an inquiry into whether data retention — originally promised by the government to be entirely confined to terrorism and major crime — should be expanded to civil litigants, which would enable organised crime figures suing for defamation, violent partners in Family Court litigation and copyright troll firms to obtain sensitive personal information.
Byrne labelled the department’s ignorance “ridiculous” and “unacceptable”. “So we don’t have any idea of how much data is stored offshore by major telecommunications companies or any companies?” he asked. “No,” bureaucrats replied. Byrne challenged them on whether the current bill would enable AGD to work out where data was being stored, with officials, after some hasty consultation among themselves, saying that it would.
However, the bill only requires notification of changes by services providers “that are likely to make the network or facility vulnerable to unauthorised access and interference”. That is, assuming providers admit that moving data offshore would make it vulnerable (an unlikely scenario — what company would tell its customers it’s moving their data to China and it might make it more likely to be hacked?) — it would only have prospective effect. All existing offshored data would not the subject of notification.
The admission by AGD comes not long after Fairfax revealed an Indian company was illegally purchasing Australians’ metadata sourced from Australian telcos for sale to private interests.
This crisis will cut hard and deep but one day it will be over.
What will be left? What do you want to be left?
I know what I want to see: I want to see a thriving, independent and robust Australian-owned news media. I want to see governments, authorities and those with power held to account. I want to see the media held to account too.
Demand for what we do is running high. Thank you. You can help us even more by encouraging others to subscribe — or by subscribing yourself if you haven’t already done so.
This week, we’re discounting our annual gift memberships by $50 — usually $199, now $149 — because now more than ever we need your support. Just use the promocode SUPPORT when you purchase a gift membership.
If you like what we do, please subscribe.
Peter Fray
Editor-In-Chief of Crikey
8 thoughts on “Govt admits it has no idea where your metadata is being stored”
Daniel Sharp
February 16, 2017 at 1:50 pmI know this has been a year of shocks but……..the whole point of metadata is apparently that it is some type of chain of evidence….if you don’t have the highest degree of control and trust in that chain of evidence….. surely it can not be used for any serious activity such as law enforcement…There is no such thing as evidence collected which may be accurate…. The times we live in are just extraordinary….. It is like nobody cares about anything serious anymore…….. while everyone still thinks they are entitled to be paid more than the next person, mainly on the basis of seniority………. I read about a professional photographer who displayed his images for sale on a sale sharing website…..Despite being a loyal customer for years and accruing significant ongoing income from the website, this man quit the website once he realised that his images were being housed in China…. I mean, it was business 101 for him….This other stuff is law enforcement!
Dog's Breakfast
February 16, 2017 at 2:19 pm“…..was that the metadata of most of the population of Australia would be a highly attractive honey pot for organised crime and hackers.”
And if a company that has ties to USA is holding the data, it is open slather to the FBI/CIA etc, which to me is a much greater risk to the population of Australia.
It’s ineptitude on an Olympian scale.
AR
February 17, 2017 at 8:56 amIs it ineptitude really? Can anyone truly be so stupid and still manage the intellectual demands on breathe in, breathe out?
Therefore, given that such incompetence can’t be the simple answer, we are left to imply other motives – none of which are reassuring.
paddy
February 16, 2017 at 2:48 pmFrom the very beginning, the whole idea of mass data retention was always going to be a clusterf*ck. But oh my goodness, how much worse is it going to get?
Sad, scary and bloody depressing stuff.
zut alors
February 16, 2017 at 3:21 pmPriceless! And the government’s gushings about our metadata being perfectly safe & secure are now exposed as gross exaggerations (at best) or blatantly porkies (more likely).
Also, one wonders which foreign crims are currently sifting through our Census forms.
AR
February 17, 2017 at 8:57 amWell, at least 20% of households are safe from that.
Damien
February 16, 2017 at 7:24 pmA scare campaign about metadata being offshored? Sounds like the sort of retrograde “protectionism” that Bernard normally loathes…
AR
February 17, 2017 at 9:00 amI wonder when the transmission of data will move from the Net thangy to lycra clad messengers physically carrying shitloads of USBs from point A to point B for use in stand alone computer systems.
“You don’t know what you got till it’s gornnnnnnn”