Story image

Is Big Brother watching? How metadata can affect you

04 May 2016

Article by Mike Cullen, Akolade content and strategy manager

It's been 5 months since the introduction of Australia's metadata laws came into effect, and the general public's understanding of metadata remains vague, at best. The collection of data from every Australians' Internet interactions was once infamously described by then Prime Minister Tony Abbott as "the information on the front of the envelope." 

It was an interesting turnaround for the LNP Government, given the laws they enacted were practically the same as those introduced by former Attorney General Labor's Nicola Roxon in 2012. At the time, Ms Roxon explained the intention behind the proposed reform was to allow law enforcement agencies to continue the investigation of crimes in light of new technology advances. 

"It seems to be heading in precisely the wrong direction," former communications minister, Malcolm Turnbull said at the time.

While the Government has said metadata will be used only to source terror and crime related activities, the list of companies applying for approval to view metadata shows a large amount of non-judicial companies requesting access. 

NSA Whistleblower Edward Snowden rose to international prominence after releasing thousands of files showing the NSA was regularly using the information collected online under the US Patriot Act to "spy" on American Internet usage. 

A recent article by the Washington Post highlighted the use of a "sneak-and-peak" provision in the Patriot Act that was alleged to be used only in national security or terrorism activities, but was actually being used in narcotics cases, with the information being sent to various intelligence agencies like the FBI without applying any screens for privacy.

With Australia's metadata laws in their infancy, it isn't a large stretch of the imagination to believe eventually - if it's not happening already - the same situation will arise here.

What is metadata?

Beyond the Attorney General's inability to clearly articulate exactly the type of information to be retained by the laws, metadata is essentially the data about your data. An article from news.com.au in October 2015 explained metadata as follows:

"Metadata around a phone call would provide the information about who rang and for how long, but not what was talked about. It also includes nearly everything you do on the Internet, including whether you visited sites to illegally download, plus loads more, including:

  • Every email you send and to whom, what time, where you sent it and the subject of it
  • The location you took a photo, the setting you took the picture with and the camera model
  • While not yet mandatory, some ISPs may record the IP address of the websites you visit - essentially your Internet history

It might seem like it doesn't give much away, but it's not hard to piece together the clues of the communication, such as someone calling a phone sex service for 21 minutes at 1 am."

At the time the metadata laws came into being in October 2015, Telstra, Australia's largest telecommunication company referred to the collection of metadata as a "honey pot for hackers," relating to the fact that many of the data storage centres will be located offshore. 

With the rise in the sophistication of cyber criminals across the world, the risk of the information being hacked or used for fraudulent purposes is not a risk Australia can afford to ignore. The need to protect the security of valuable, highly confidential information - either in Australia or offshore - is one that needs to be addressed with the highest priority for Australian businesses.

Akolade's upcoming 5th Australian Fraud Summit, being held in Sydney at the Menzies Hotel May 24th - 26th 2016, examines this important issue with sessions covering technology-enabled fraud and preventative measures from leading Australian organisations such as ANZ Woolworths and the Office of the Australian Information Commissioner.

For further information or to register your place at Akolade's 5th Australian Fraud Summit, click here.

Article by Mike Cullen, Akolade content and strategy manager

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.