Arguments over whether internet connection metadata should be retained for law enforcement purposes are raging around the world, but nowhere more heatedly than in Australia, where a new law bringing in data retention is currently being rammed through parliament. This has provoked widespread criticism of the move as unnecessary, intrusive and ill thought-out. Defenses have been thinner on the ground, which makes this column in the Australian newspaper The Age
particularly interesting. The author, David Wroe, seems to think that the problem is a failure to explain what's really going on here:
Plans to force telcos to keep people's phone and internet metadata for at least two years haven't been explained as thoroughly as they probably should, with the consequence that many Australians remain confused and vulnerable to excessive claims that their privacy is being trampled upon.
Well, it's certainly true that the Australian Attorney General George Brandis, who is responsible for bringing in the data retention law, was very confused
when he was asked to explain metadata in a TV interview. But rather than dispelling that confusion by pointing to explanations of what metadata can do
, Wroe simply makes the following claim:
A data retention regime of two years, with proper precautions around how that data it is accessed by authorities, is reasonable, proportionate and necessary.
No support is provided for that statement. That's not really surprising, because all the evidence we have is that data retention simply doesn't help. In Germany, for example, police records show that blanket data retention had no effect on crime statistics
The national crime statistics recently published by Germany's Federal Crime Agency reveal that after the policy of blanket telecommunications data retention was discontinued in Germany due to a Constitutional Court ruling on 3 March, 2010, registered crime continued to decline (2007: 6,284,661; 2008: 6,114,128; 2009: 6,054,330; 2010: 5,933,278) and the crime clearance rate was the highest ever recorded (56,0%). Indiscriminate and blanket telecommunications data retention had no statistically relevant effect on crime or crime clearance trends.
In Denmark, police found that retaining huge quantities of internet connection data actually made things harder
"Session logging has caused serious practical problems," the ministry's staffers write in the report. "The implementation of session logging proved to be unusable to the police; this became clear the first time they tried to use [the data] as part of a criminal investigation."
Leaving aside this inconvenient fact that there is no evidence that data retention helps, here's one of the author's arguments in its favor:
It is absurd to allow a situation in which police might need to establish whether one criminal suspect phoned or emailed another suspect last year only to find the telco has already wiped those records.
Not really: we don't expect DNA or fingerprints from the scene of a crime to be preserved years later. We hope they may be available soon afterwards, and in the same way there's no reason why the police might not ask ISPs to provide information about recent online activity of a suspect. But it is not reasonable to expect everything to be kept for years, just because it's possible -- not least because this allows the authorities to engage in fishing expeditions and thus apply the Cardinal Richelieu approach
There's also no reason why the police should not be required to obtain a warrant before doing so, despite what Wroe says:
Some have called for warrants to be required for accessing metadata. This would be too unwieldy.
Warrants have worked well enough in the past, so why discard them now in the digital field? Because they might put a brake on the routine use of stored metadata by the authorities? That's a feature, not a bug: it would help to ensure that its use were truly proportionate, unlike the system proposed by the Australian government. Here's another attempt to defend data retention:
Arguments that retention is pointless because ill-doers can use encryption programs to hide their identities, or because the regime won't capture overseas data – meaning Gmail, Hotmail and other US-based services are exempt – are silly. Nothing in a free society is foolproof; something is better than nothing.
But when that "something" is such a marginal improvement on nothing, and comes at such great cost -- both financially, in terms of the burden on ISPs and taxpayers, and socially, through the damage to the privacy and freedom of the public -- then it is hardly rational to proceed purely because it is "better than nothing," especially in the absence of any more compelling reasons.
As this indicates, the author's arguments in favor of data retention are weak; but what is most striking is his attack on those who defend their right to privacy, and dare to challenge the badly-planned rush to impose mass surveillance on Australians:
At the heart of the anti-retention argument is an attitude that everything to do with the internet should be free: free of charge, allowing unlimited downloading of pirated content, and free of responsibility, meaning that nothing we do on the web should be discoverable later on.
In other words, anyone against massive, disproportionate surveillance is probably just some kind of dirty copyright thief.
Follow me @glynmoody on Twitter
, and +glynmoody on Google+