Roxon goes to Youtube to make her case

The Australian Attorney General - Nicola Roxon, has just recently posted a video on the Youtubes to try and explain what it is she and the various law enforcement and security offices are asking for.

Turns out what they are asking for is everything apart from the urls and content of the pages you visit and the emails you send and receive. That is actually quite a lot of data to be holding, it's not as simple as it is with phone records, it's not just "blah called blah at this time", rather it's "blah wanted something from this IP Address so it received this message, oh and as part of that it needed this bit and this bit and this bit..." and so on. As any System Administrator will tell you, log files, while text based can quite quickly become behemoths consuming Gigabytes of space.

Leaving aside the privacy concerns, resourcing concerns and so on, there is an even bigger problem with the above proposal.

It won't work.

In all of the discussion about ISPs retaining email and web "metadata" there doesn't seem to have been any discussion around things like web based mail services (GMail or Hotmail immediately leap to mind) or those people who handle their own email (yes we exist).

While the latter group may be small and elite (some might say a very special group), the former certainly isn't. How many hundred of thousands of Australians utilise GMail in their personal or working lives? Is the Australian Government going to turn to Google USA (I don't believe any GMail servers are hosted in Australia) and demand that they keep all their logs for two years? When Google inevitably turns around and says "Umm no" what exactly can the Australian government do?

That's webmail, what about the second group? I run my own mail server, both to provide a service to clients and for my own projects, am I going to be required to keep my mail logs for whatever period of time is going to be decided? I'm not an ISP in the traditional sense of the word, I do not provide people with access to the internet, however will I and every other person in Australia who maintains their own infrastructure be lumped in with this requirement?

Of course there is also the touchy subject of VPNs. Virtual Private Networks are encrypted tunnels from your computer to another network via the internet. VPNs are already widely used in the business world to connect remote offices securely, they're also used by people who want to be able access content in the US or other countries that otherwise might be denied to them by stupid geographical blocking arrangements. VPNs also prevent ISPs from collecting the very metadata that Roxon and the government is seeking to store. instead that data is collected at the other end of the VPN, which as has already been shown, could be anywhere in the world, nicely out of the jurisdictional reach of Australian authorities.

So basically what we have is a proposal to store a metric shit tonne of data about everyone who uses the internet in Australia and for what? The tools to get around it are already out in the wild, used not by terrorists or other criminals, but by every day people doing every day things.

Blog Catagories: