Something Happened: Invading Your Internet Privacy (Again)

We all look at things on the internet we’d be ashamed to share with other people.

Whether it’s online gambling, a particular niche type of pornography or an obsession with fan-fiction, we all have certain aspects of our personalities we’d like to keep away from the public eye.

We engage in our private deeds and when done, erase the history in our browser, all record of our actions and nefarious pleasures erased – or at least they will be up until the passage of new laws that require internet service providers to keep records of everywhere we go online.

Those pushing the modifications to the laws (supported by both the Liberals and the ALP) liken them to the requirement of telcos to keep call data records. They say that the call data records have been invaluable in providing evidence to police to catch criminals who use carriage services as they conduct their alleged crimes. It’s a specific requirement in the regulations and as someone who works at a telco, I’ve had direct experience in complying with it.

The difference however between keeping track of call records between parties and storing all of the information about a browsing session that a user has engaged in is an order of magnitude. Each site you visit contains many hundreds of resources and each of those resources needs to be queried to load. From the basic proxying perspective of your ISP, simply going to the Facebook homepage when you’re logged in consists of more than 120 simultaneous requests.

That includes things like images, the actual text of the page, the elements used to style it and the javascript used to glue everything together. Your ISP would be required to log each of these requests, over a period of time and provide an interface to law enforcement officers to view your entire browsing history.

If you browse the web for a few hours a day, you’re making tens of thousands of requests a day and you’re only one user at your particular location. Requiring ISPs to require retention logs for every single request, linking that to every single user account and then storing that data for several years has huge costs. The amount of storage required to keep that data for a long period of time is eye-wateringly expensive. Then, as with all regulations regarding data, there will be specific requirements about how this data should be backed up as well and where it should be stored.

Then there’s the matter of access. Who gets access to this information and under what grounds? The proposed solution is considered similar to requesting call records or IP records from ISPs (who was using which IP on which ISP at which time, data that ISPs are required by law to log), where a warrant is issued by a judge and the police liase with the ISP to retrieve the data.

That said, IP location data is still easily accessible at different ISPs. It’s well known in the IT community that people will get around the system of requiring a court order to get user information for IPs by having mates who work at different ISPs. A case of beer here or a gift voucher there can save you a costly court procedure, and help you identify who is saying vexatious things about your company on anonymous forums.

I assume something similar was what allowed Marieke Hardy to blog about a man she alleged ran a hate site about her, and with confidence post up his identity. Unfortunately, the information she received confirming his identity wouldn’t stand up in court (I assume) and as such she was forced to settle a nasty defamation suit on behalf of the man she alleged ran the hate site.

Imagine all of the information about your internet activities being readily available in much the same way as other ISP account data. All it takes is a few disgruntled employees willing to take some cash for your records and your entire private life on the internet is available to the highest bidder.

Of course there’ll be security protections put in place, with logging restrictions and the like, but if the money is there (and my goodness it will be), people will gladly take the risk to pass that information along. This is the closest thing to a complete map of your identity and interests outside of your actual genetic code.

Google performs all manner of data retention and analysis on what you do around the web, prompting well-meaning politicians to promote or propose the idea of the ‘right to be forgotten’. That right will of course not apply to the vast gobs of data relating to your travails around the internet that ISPs store at the behest of the government, that data will likely be available to governmental agencies indefinitely. Keep in mind the worst thing Google wants to do is sell you some crap you probably don’t need – the worst thing ASIO, the Federal Police or even NSW Police want to do to you is put you in gaol.

It’s just another hit against our privacy and our civil liberties in the standard drum beat chorus of ‘protecting kids from child pornography’ or ‘keeping us safe from terrorists’, but like all abridgements of our civil liberties, the extended powers are used in the most mundane of criminal situations.

Like the Patriot Act’s provisions in the US to allow LEA’s to invade premises without notifying the intruders. In 2008, 763 of these warrants were issued, three of them were for terrorism cases. By expanding the scope of police powers where it is not justified, the ability of these powers to be misused and innocent people to be punished expands exponentially.

Thankfully there is a way to fight back against this intrusion on our privacy: Electronic Frontiers Australia, an online liberty advocacy group is promoting a campaign against data retention. These are the same guys who, in concert with Scott Ludlam from the Australian Greens, helped block Conroy’s proposed internet blacklist filtering system.

You can visit their site at efa.org.au to get more information on how to fight back against retention. Like the internet filter, all it takes is a few people standing up to say that it’s a simply unacceptable infringement of our liberties to show the government they don’t have the political capital to push the laws through.

As poll-sensitive and public opinion mad as our democracy is slowly becoming, it provides an excellent avenue to gin up public opposition to these laws and show the Government that we take our privacy and our liberties online, very, very seriously.

Dan Nolan
[twitname]dannolan[/twitname]

Related Articles: