“Everything is hackable”, whistle blower Edward Snowden said of the newly introduced Australian meta-data retention laws, “So you hope the government agency or the third party provider has very high security standards”. If you’re not exactly sure what the meta-data retention laws are, they require telco companies to store records of phone and internet activity for two years and grant access to security and law enforcement agencies without a warrant. This includes the phone number of people you called or sent SMS messages to, time and date of calls and SMS, length of calls, the location of the nearest phone tower when you sent or received a call or SMS; and for internet activity: the time, date, size, sender and recipients of emails, time and duration of your web connections, your IP address, the volume of your uploads and downloads, location and geographical data.
According to the Australian government these laws have been introduced in an effort to enhance Australia’s security against terrorism and criminals. However it would appear that these new laws could actually reduce Australia’s cyber security. While the meta-data won’t record the content of your communications, there is still a lot of information that, if found in the wrong hands, could put Australians and businesses in a vulnerable position.
The world’s most famous hacker Kevin Mitnick, once an FBI fugitive for his past hacking stunts, is a cyber security expert. He believes storing this kind of information in that much volume will be very attractive to hackers. Asked if this type of database could be hackable, Mitnick had a similar response to Snowden’s; “In my experience, everything has been hackable…It’s just time, money and resources”.
If this news worries you it may come as a surprise that actually, we already have a plethora of ‘spying’ technology here in Australia. Your Smart TV could be smarter than you think! Those terms and conditions you didn’t read but agreed to – you may have just given your Smart TV permission to record your conversations and movement. You just have to look at your Google location history (if you have a Google account) to realise how much we are already giving away about ourselves without really considering the security risks.
Telstra, Australia’s largest telecommunications company, is one of many who have the responsibility of collecting and storing this large amount of data. Concerned about the security of consumers’ data, Telstra described it as a “honey pot for hackers”. Telcos have been storing consumer’s data for a long time, but not to the extent the new laws require and not nearly for as long. Due to the data being kept in a central location makes it all the more appealing to cyber criminals.
Considering all these points, you could suggest that these new laws in fact increase our security risk; Sony and AshleyMadison probably thought their security was good enough at one point. The good news is that creating the facilities to manage this amount of data for Telstra’s 32 million connections is a huge project. Although the new data retention laws began on Tuesday 13th October, big companies like Telstra have 18 months to implement the database that will house our every move.
This gives people and businesses time to revise their cyber security measures, ensure that the software they choose to use has a high standard of security and ultimately decide whether they want to be tracked or not. Greens Senator Scott Ludlam who has been actively against the data retention laws from the beginning has put together his top 5 ways to dodge them here. He also points out that there is “nothing illegal about circumventing data retention”. Even Prime Minister Turnball backs Ludlam’s tips.