SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Is Big Brother watching? How metadata can affect you
Wed, 4th May 2016
FYI, this story is more than a year old

It's been 5 months since the introduction of Australia's metadata laws came into effect, and the general public's understanding of metadata remains vague, at best. The collection of data from every Australians' Internet interactions was once infamously described by then Prime Minister Tony Abbott as "the information on the front of the envelope."

It was an interesting turnaround for the LNP Government, given the laws they enacted were practically the same as those introduced by former Attorney General Labor's Nicola Roxon in 2012. At the time, Ms Roxon explained the intention behind the proposed reform was to allow law enforcement agencies to continue the investigation of crimes in light of new technology advances.

"It seems to be heading in precisely the wrong direction," former communications minister, Malcolm Turnbull said at the time.

While the Government has said metadata will be used only to source terror and crime related activities, the list of companies applying for approval to view metadata shows a large amount of non-judicial companies requesting access.

NSA Whistleblower Edward Snowden rose to international prominence after releasing thousands of files showing the NSA was regularly using the information collected online under the US Patriot Act to "spy" on American Internet usage.

A recent article by the Washington Post highlighted the use of a "sneak-and-peak" provision in the Patriot Act that was alleged to be used only in national security or terrorism activities, but was actually being used in narcotics cases, with the information being sent to various intelligence agencies like the FBI without applying any screens for privacy.

With Australia's metadata laws in their infancy, it isn't a large stretch of the imagination to believe eventually - if it's not happening already - the same situation will arise here.

What is metadata?

Beyond the Attorney General's inability to clearly articulate exactly the type of information to be retained by the laws, metadata is essentially the data about your data. An article from in October 2015 explained metadata as follows:

"Metadata around a phone call would provide the information about who rang and for how long, but not what was talked about. It also includes nearly everything you do on the Internet, including whether you visited sites to illegally download, plus loads more, including:

  • Every email you send and to whom, what time, where you sent it and the subject of it
  • The location you took a photo, the setting you took the picture with and the camera model
  • While not yet mandatory, some ISPs may record the IP address of the websites you visit - essentially your Internet history

It might seem like it doesn't give much away, but it's not hard to piece together the clues of the communication, such as someone calling a phone sex service for 21 minutes at 1 am."

At the time the metadata laws came into being in October 2015, Telstra, Australia's largest telecommunication company referred to the collection of metadata as a "honey pot for hackers," relating to the fact that many of the data storage centres will be located offshore.

With the rise in the sophistication of cyber criminals across the world, the risk of the information being hacked or used for fraudulent purposes is not a risk Australia can afford to ignore. The need to protect the security of valuable, highly confidential information - either in Australia or offshore - is one that needs to be addressed with the highest priority for Australian businesses.

Akolade's upcoming 5th Australian Fraud Summit, being held in Sydney at the Menzies Hotel May 24th - 26th 2016, examines this important issue with sessions covering technology-enabled fraud and preventative measures from leading Australian organisations such as ANZ Woolworths and the Office of the Australian Information Commissioner.