If you haven't yet, you really should watch the video we pointed to recently of Australian Attorney General George Brandis trying to explain his internet data retention plan when it's clear he has no idea
how the internet works. It's the one where he's asked if it will track the web pages you visit, and Brandis vehemently insists that it will not, but that it will
track the web addresses you visit. Some people have said that perhaps he meant it won't record the actual content on the pages, but just the URL (which might matter if it's dynamic pages), but later in the conversation, he also implies (almost clearly incorrectly) that he means it will just track the top level domains, not the full URLs. Here's a reminder snippet:
Brandis: Well, what we'll be able... what the security agencies want to know... to be retained... is the... is the electronic address of the website that the web user is visiting.
Host: So it does tell you the website.
Brandis: Well... well... it tells you the address of the website.
Host: That's the website, isn't it? It tells you what website you've been to.
Brandis: Well, when... when you visit a website you... you know, people browse from one thing to the next and... and... that browsing history won't be retained or... or... or... there won't be any capacity to access that.
Host: Excuse my confusion here, but if you are retaining the web address, you are retaining the website, aren't you?
Brandis: Well... the... every website has an electronic address, right?
Host: And that's recorded.
Brandis: And... um... whether there's a connection... when a connection is made between one computer terminal and a web address, that fact and the time of the connection, and the duration of the connection, is what we mean by metadata, in that context.
Host: But... that is... telling you... where... I've been on the web.
Brandis: Well, it... it... it... it... it... it... it records what web... what at... what electronic web address has been accessed.
Host: I don't see the difference between that and what website I've visited.
Brandis: Well, when you go to a website, commonly, you will go from one web page to another, from one link to another to another, within that website. That's not what we're interested in.
Host: Okay. So the overarching... if I go to... SkyNews website, it'll tell that, but not necessarily the links within that that I go to?
While it's a bit of a third hand story, Reason recently did an interview with Australian Senator David Leyonhjelm
(who is against data retention, and describes himself as libertarian). Towards the end of the interview, he discusses data retention and tells a very troubling story about how those pushing for data retention had no idea what a VPN is. The story involves a much more knowledgeable government official -- which Gizmodo Australia suspects is Communications Minister Malcolm Turnbull
-- demonstrating a VPN and leaving them all dumbfounded:
The other one that's causing a fair bit of grief is a metadata retention plan, the equivalent of what your NSA does. We don't have metadata retention at the moment and the agencies have been saying, "Oh, well we should have it. You can't use it if you haven't got it," sort of thing. But I spoke to one of the ministers last week about this because he does know what "metadata" means—he knows quite a lot about the Internet and how it works—He said to me people who are asking for this data, people who are thinking this is a good idea, actually have no idea what they're asking for. They don't know what they're going to do with it. They don't know what the implications of requiring it are. They haven't really thought this through.
He gave them a demonstration on a VPN [virtual private network] and said, "By my IP address, tell me what you can find out about me now." And they had no idea there was such a thing as a VPN. It indicates to me that these people are not well-informed enough to make these kinds of decisions. As it stands, it may be that the government may only require the Internet companies to store the IP address of the originating Internet use, so they'll know what computer you're from and what IP you're working from, which is not a lot different from keeping a record of the phone you're calling from. So if that's the case, it's probably not going to pose too much alarm. He's a minister and he knows what he's talking about. But he's surrounded by people who don't know what they're talking about who think that they need something more. We don't know yet where this will end up. It does have the potential to be very dangerous.
Now, the story does not make it entirely clear about who he's talking about. It could be read to be Brandis or his staff that didn't know about VPNs. Or, much more troubling, it could be read to be the intelligence community -- though I find that hard to believe. Either way, however, it does suggest a sort of blind adherence to the "collect it all" philosophy of intelligence gathering, without any real understanding of the issues or consequences.