SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Why a VPN is essential in Australia after the Metadata Retention Law
Thu, 20th Apr 2017
FYI, this story is more than a year old

Thursday, 13th April 2017 was the deadline for ISPs to implement strategies for Australia's metadata retention law, which was passed two years ago. Service providers are now expected to be fully compliant with the data retention obligations, unless the service provider is operating under an approved exemption. Every phone call you make, text message you send as well as email you write will be tracked by the Australian government under the new Metadata Retention Law.

What's included in Metadata Retention Law?

The Metadata Retention Law includes your personal information such as name, address, date of birth and email addresses connected to your account. The law also requires ISPs to store other details, such as your communication mode, your location at the time, the length of the communication, with whom you were talking to and the type of network used.

What the Australian Government says about data retention law?

According to Attorney General's Department, the data of phone calls only includes the phone numbers and the time duration of phone call but not what they said. And for emails, they will record information including the relevant email addresses and when it was sent but not the subject line of the email or its content.

There is still a lot of confusion and debate on this point and generally about what the Data Retention Law really means for people in Australia. The need to “hide online browsing” is being discussed a lot because of this legislation, when in fact ISPs are not required to save this information.

This scheme is allegedly being implemented to protect the country against organised crime and terrorism, but it is also being slammed as a major invasion of privacy. The law forces internet providers and telecommunications companies to keep and store information generated by customers calling, texting or using the internet.

A poll from early in the year showed that around 40 % of Australians support the introduction of the new Metadata Laws and 44 % did not, while 16 % had no idea what it was.

Is using a VPN a good idea for data privacy?

Using Virtual Private Network (VPN) is the most effective and cheapest way of protecting communications on the Internet. A VPN will effectively hide all the details of communications (and yes, also browsing history) from being visible to an ISP.

How do VPNs work?

Basically, a VPN encrypts and routes your data through a secure tunnel before connecting to the internet. It protects sensitive user information on the internet and connects a user to the internet via an alternative path than an ISP.

How a VPN helps to protect your personal information?

After connecting to the VPN, the only information visible to an ISP is that a user is connected to a VPN server and nothing else. All other information is encrypted by the VPN's security protocol.

A lot of people have concerns about the law. If you don't want the Government to monitor your online activity, then you better get a VPN; and this statement is endorsed by various digital rights advocates.

Tim Singleton Norton along with other privacy advocates recently recorded their protest against this law by celebrating 13 th April as "Get a VPN day".

Uzair Gadit, CEO of Hong Kong-based VPN provider PureVPN said, “We are glad that internet users are gradually realising the importance of their privacy and the monetary worth of it. For PureVPN, the privacy of every internet user is priceless, and we vow to defend it with cutting-edge technology”.

Are there any risks Involved?

Yes! There are still some risks involved with using a VPN. The first factor to consider at this moment is TRUST! VPN users have to trust that the company providing the VPN service is actually doing what it claims and really protects its users by not keeping any records or logs.

There are many VPN providers who don't keep logs but another issue with VPNs is they are unregulated and can turn evil and sell your data.

How to choose a VPN in Australia?

While choosing a VPN you have to make sure that the service you are trusting with your data is not based in any of the 14 eyes countries, especially Australia, because VPN providers based in Australia could be pressured to share or hand over users' data to Internet providers, companies or government agencies. It's worth looking at the VPN providers based outside the 14 eyes countries such as Singapore, Hong Kong, Ukraine etc.

 Anas Baig is currently working as a security consultant. He is a computer science graduate specialising in internet security, science and technology. He is also a security professional with a passion for robots.