X
Tech

Will metadata musings ever mature beyond paranoid fears?

Australia's metadata-retention debate needs more than just an injection of technical clue. Some nuanced political discussion, informed by history and the law, would also be handy.
Written by Stilgherrian , Contributor

Australia's favourite Attorney-General, Senator George Brandis QC, has called for cool heads in the debate on new national security laws. To help achieve that goal, he's divided the world into such cool-headed categories as the "usual suspects of the paranoid fantasist left" and "reputable conservative commentators".

When Brandis was asked why we spend so much money fighting terrorism, a rare event, and so little preventing domestic violence, a far more likely danger for individual Australians, he responded angrily, saying that was "foolishly conflating two completely unrelated issues".

Cool-headed debate.

With Brandis' smug arrogance and so much spin, there seems to be little chance that the debate around the forthcoming legislation for telecommunications metadata retention will improve. But it needs to.

Brandis has said that Australia should adopt mandatory data retention because it's "very much the way in which Western nations are going; it's been the case in Europe under the European Data Retention directive for some little while now". But that's not quite true. While Australia and the other Five Eyes nations are still pushing for mandatory data retention, European nations have changed course.

As Carly Nyst, legal director of London-based Privacy International (PI), told a meeting in Sydney last week, the European Court of Justice has ruled that the Data Retention Directive, introduced in 2006 when the UK chaired the EU, is a breach of human rights.

"They said, well, not only can we not see why it's necessary for security, we also say that it's completely disproportionate to any gains in security that we might be getting," she said.

One German study, for example, found that following the introduction of data retention, crime clearance rates increased by a mere 0.006 percent. Statistical noise.

Most European countries have since been dismantling their data-retention systems — but not the UK.

"After the European Court made its ruling in April, the UK brought through emergency legislation re-enacting the same laws that the European Court had just declared invalid," Nyst said. "The UK doesn't give a s*** about what the European Court has to say."

The UK's intransigence aside, the continuing problem in the data-retention debate is that we're working in an information vacuum. Surveillance for law enforcement is being muddled with foreign signals intelligence gathering for national security, and everything is shrouded in secrecy.

"What we're being asked to do is ourselves — innocent, law-abiding citizens — to sacrifice our own liberties, our own rights, in the vague hope that it will somehow catch these handful of Nazi pedos who are out there," Nyst said, using PI's label for the "general all-encompassing bad person who lives on the internet" — terrorists, pedophiles, cybercriminals, or whoever else we're meant to be afraid of this week.

Sometimes, we've even fed misinformation, although it can be hard to tell whether that's down to deliberate misdirection or simple incompetence.

Last week, for example, FBI director James Comey cited four cases where mobile phone data is supposedly crucial to the investigation — except, as The Intercept reported, in three of the cases, "cell-phone evidence had nothing to do with the identification or capture of the culprits, and encryption would not remotely have been a factor."

Nyst is right. We need an intelligent debate on intelligence. So how do we fix it?

"We should start by separating out law enforcement and crime from foreign intelligence," she said.

"We accept surveillance as part of law enforcement. It's a relatively well-regulated technique used by law enforcement. There's certainly overreach, there's certainly evil things done, but let's put that in a basket."

But the work of the signals intelligence agencies is different, and, over time, it has changed dramatically.

Signals intelligence agencies were originally tasked with protecting our nations from existential threats during wartime. But after the end of the Cold War, these self-sustaining institutions wanted to maintain their own life — just like any other bureaucracy — and they turned their attention to smaller-scale threats.

At the same time, thanks to the internet, much of our everyday personal and business communication has incidentally become foreign communications, and subject to their gaze. And, as Edward Snowden has revealed, intelligence sharing now happens in a "highly cohesive and complete manner", both internationally and domestically.

"If we're in a war on terror, and the terrorists are everywhere, how do we conduct foreign intelligence when the communications are tied up with our own? So that's how we end up with a situation in which all communications are part of foreign intelligence," Nyst said.

The intelligence agencies claim that the balance of power has changed, and that they need new powers to restore the balance. But given the secrecy around intelligence work, we're being asked to take them on their word. Nyst argues that in a democracy, that's not good enough.

"Maybe that's a sacrifice we're willing to make," she said. "Perhaps we as an Australian society say, 'Well, we know they've caught 10 terrorists this year, and we'll accept that the internet will become a public space, we have no longer any privacy, but for 10 terrorist attacks being averted, we'll accept that.' But we don't even have that information. We have [only] the most vague allusions to the security we're gaining."

Finally, we need to ensure that the laws are specific.

"If you adopt broad laws, you have no control over whom the future governments will consider to fall within those laws, and who will fall afoul of a future government, and who will come within their definition of terrorist," Nyst said.

Think of what's happened in Queensland, and, to a lesser extent, in other Australian states, in relation to membership of certain motorcycle clubs. Just a few years ago, it was perhaps disreputable, but legal. Now, those clubs are declared criminal organisations, and simply being a member flags you for more draconian treatment under the law.

Changes can happen quickly. The attorney-general can simply declare any group to be a terrorist organisation. Now, under new powers, he can also declare anything ASIO does to be a Special Intelligence Operation, shrouding it in secrecy forever.

Claims, such as those by libertarian Senator David Leyonhjelm of the Liberal Democrat Party that Australia's national security laws are ushering in a reign of terror, are starting to look less like a paranoid fantasy.

"I think Australians sometimes inflate in their minds how many legal protections we do have," Nyst said. The UN's Universal Declaration of Human Rights isn't necessarily a shield, and references to Australia's rich framework of democratic institutions mean little.

"We don't have a Human Rights Act here, and it doesn't mean anything in Australian law. It really doesn't. [The High Court] will say that you have to interpret existing law in the spirit of your international commitments, or something along those lines," Nyst said.

"Australia also, obviously, doesn't give a s***. The US I have a lot more faith in. There's been a much more rigorous process of interrogating the activities of the intelligence agencies."

There's no question that the law needs to change, somehow, in response to a rapidly changing technological environment. But so far, the debate has been hand waving, not dot joining. It's been a shouting match of stupid stereotypes, "OMFG Nazi pedos!" versus "OMFG police state beware!"

That needs to change. It needs to change fast. The data-retention legislation is expected to be introduced within weeks.

Stilgherrian interviewed Carly Nyst at a public event organised by Electronic Frontiers Australia and the Australian Privacy Foundation. A full audio podcast is available at Corrupted Nerds.

Editorial standards