The countdown for ‘intrusive data surveillance’ has expired after the 18-month deadline. From this day forward, every ISP and Telco in Australia will be bound to perform meta-data retention of every single customer in Australia for at least two years.
In October 2015, the Australian parliament passed the metadata retention bill. It gave all the ISPs and Telco in the industry 18 months to formulate the strategy to implement and abide by the orders. The orders came as a so-called ‘precaution’ for national security to fight terrorism, which is just a sham in the views of privacy advocates.
Last year, I covered a progressive story on Australian data retention. Going to such length is to keep tabs on every person in Australia through the law-enforcing entities without any warrants. The Federal departments, which are not authorized to access the metadata, circumvent the data retention bill restrictions by asking the Australian Federal Police (AFP) to do their work.
That means over 2500 appointed offices of 21 law enforcement agencies, and unauthorized federal departments can access your private information round the clock for drug crimes instead of the security operation, as Dr. Robb Nicholls of the University of NSW claimed.
What Your MetaData Looks Like?
Since Telco and ISPs both are obliged for data retention in Australia, your information can include:
- Your name and address.
- All the details of mobiles and apps including your SIM mobile number.
- Date and timestamps of any communication through Email, VoIP, Social Media, Messaging apps, Websites, Mobile.
- Recipient of your communication.
- All the details of email except body content.
- Location of your Internet connected devices (incl. Cell Towers and Wi-Fi hotspots) and more…
Such sensitive data held out of sight like in proprietary silos, we lose out on the benefits we could realize if we had direct control over this data and chose and with whom to share it, said Sir Tim Berners-Lee.
How to Protect Your Privacy?
Here’s how you can protect your privacy against Australia Data Retention Law.
Virtual Private Networks
April 13, 2017, marked as #GetaVPN day by Digital Rights Watch, provides an immediate solution to prevent ISPs from keeping tabs on your information. Paid VPN subscriptions offer the necessary privacy protection to your data.
VPN – Virtual Private Networks – encrypts your communication data with 256-bit AES encryption which is unbreakable yet as it would take 1 billion years to break it using brute force attack. It also changes your IP with a fake one, so it becomes futile for anyone to track your communication back to you.
However, you should take care while opting for a paid VPN subscription and choose a VPN provider with its DNS servers. You can opt for industry-leading VPN providers such as NordVPN, ExpressVPN, and PureVPN, which are vastly trusted by people globally, mainly because:
- Based outside the jurisdiction of FIVE EYES countries (i.e. Australia, Canada, United States, United Kingdom, and New Zealand).
- Strict NO (Traffic/Metadata) LOG policy (which means that all the output data is instantly sent to /dev/null sunk directory – pointed out by NordVPN).
- Encrypt your communication and entire web traffic with 256-bit AES encryption and OpenVPN security Protocol.
- Owns private DNS (which means all of your data is routed through private DNS and not through your ISP’s DNS).
- Exclusive security features like TOR-over-VPN (NordVPN) and Split Tunnel (PureVPN).
TOR is a volunteer-based service and runs on a secure TOR network. Australian users can connect to the TOR network using the TOR browser, making Internet data retention useless. However, since data passes through volunteer gateways (nodes), Internet surfing is slow, and the privacy protection is only limited to the browser. At the same time, the rest of your network traffic remains exposed for the ISPs to monitor.
If you want TOR protection but do not want to change your browser, you can opt for NordVPN because it provides TOR-over-VPN functionality.
Mobile SMS and Calls
Metadata collection is an old and silent practice of governments worldwide, and unfortunately, you cannot escape that. However, you can shift your calling and texting habits to end-to-end encrypted messaging apps such as Signal, Telegram, Wickr, and WhatsApp that are more private.
If you use the Internet via your mobile carrier, it is recommended to use a VPN to encrypt the entire mobile Internet traffic. Also, apps that you use send mobile-related information to the developer of those apps, so always download apps from a trusted source and developers and read their privacy policies before downloading.
Since the Australia Data Retention list includes email tracking, it is necessary to protect your emails from your ISP. I recommend you move to a more secure email provider such as Protonmail or Tutanota. However, since we are integrated into Gmail, it might be hard to let go. To add encryption to Gmail, you can install a free Google Chrome extension named Mailvelope, which encrypts your email with OpenPGP encryption. And while you are at it, you can install HTTPs everywhere on your browser to force websites for encrypted certificates.
Social Media Tracking Protection
While Australia Data Retention laws are after your metadata, Social Media platforms are also after your information for analytics purposes and to show you targeted ads.
You can install extensions like Disconnect or Privacy Badger to prevent social media tracking, which sends ‘do not track me' requests and blocks all the tracking URLs.
Since Australia Data Retention is effective and fully operational, it becomes your responsibility to protect your information. As discussed earlier, the immediate solution is to go for a paid VPN subscription for the time being to protect your information and then look for further options. By following these practices, you can significantly minimize the possibility of data retention by ISPs and Telcos.