Monday, May 01, 2017

The problem with data retention laws

Metadata retention laws, requiring telecom providers and ISPs to retain records of all their customers' activities and rat them out to the government, have been catching on amongst the Five Eyes surveillance states. The obvious problem is that they are prone to abuse, and particularly political abuse by intelligence and security agencies. In an effort to stop this, in 2015 the Australian government amended its metadata retention law to make it much harder to spy on journalists. But that didn't stop the Australian Federal Police. Faced with an inquiry into a journalist who had received a leak from AFP, they simply didn't bother to get a warrant at all and spied on them anyway:

An investigator with the Australian Federal Police (AFP) sought and acquired the call records of a journalist without a warrant, Commissioner Andrew Colvin says.

He said "human error" was responsible for the breach, which occurred during an investigation into a leak from inside the AFP.


The journalist whose metadata was accessed has not been informed, Commissioner Colvin added.

"Human error" being AFP for "ignored the law". Naturally, the officer hasn't been subjected to any disciplinary proceedings (let alone criminal charges) for this.

And this is a perfect example of the danger of such laws: the police and spies simply can not be trusted with them. If the data exists, they will obtain it, legally or illegally. We already have serious problems around this with the New Zealand police - but think of how much more intrusive they could be if ISPs were forced to retain years of data on you.