Metadata and Data Retention: Technical Terminology and Voodoo
Friday 8 August 2014 @ 12.11 p.m. | Crime | IP & Media | Legal Research
From the press reporting of the announced Federal Government support and plans for what is being called a "data retention regime", it seems very clear that even key politicians and their advisers are not clear on the precise meaning of terms like "metadata" and the things it includes and does not include.
Such was made very clear by the Prime Minister's reported belief that "metadata" for example included information on the content of websites and emails viewed by a user, information which actually is not "metadata" and currently can only be obtained by law enforcement agencies with a warrant.
Metadata - What is it?
At the moment, there is no legislated definition of "metadata" under the Australian telecommunications legislation. An idea of what the legislators consider to be "metadata" can be gleaned from the Attorney Generals Department's submission to theInquiry into the comprehensive revision of the Telecommunications (Interception and Access) Act 1979 (the submission) where at page 46 in Attachment D it refers to a "Definition of Telecommunications Data" which it says is ". . . also known as Metadata, Communications Data and Communications Associated Data".
Essentially, the document states that metadata is of two types:
- Information that allows a communication to occur
- Information about the parties to the communications
In the submission the information covered by point one is described as being:
- The Internet identifier (information that uniquely identifies a person on the Internet) assigned to the user by the provider;
- For Mobile service: the number called or texted;
- The service identifier used to send a communication, for example the customer’s email address, phone number or VoIP number;
- The time and date of a communication;
- General location information, ie cell tower; and
- The duration of the communication.
The information covered by point two is described as being information about the person who owns the service and would include the:
- name of the customer;
- address of the customer;
- postal address of the customer (if different);
- billing address of the customer (if different);
- contact details, mobile number, email address and landline phone number; and
- same information on a recipient party if known by the service provider.
The submission indicates the above would be applied to telephones (both fixed and mobile) and the Internet, and goes on to indicate that:
"The definition of telecommunications data [metadata] does not include information relating to a person’s web browsing or the contents or substance of their communications."
Following this definition, metadata is not what you typed or spoke into the phone but the tracks that have been left by your use of such communications devices. On this basis, use of your phone or mobile would enable a data retention regime like that proposed, to access your phone number, the number called, the location from which you made the call and the duration of the call you made. In the case of the Internet the position is similar but less clear given statements made by the Prime Minister and the Attorney General which seemed to imply content was included but which were latter clarified to exclude the content of websites browsed. The PM's office quoted as saying:
"The government requires a lawful warrant to look at Australians' web-browsing history. This is not metadata, it’s content, . . ."
The point however, is made in various reports that while the Federal Government has ruled out content being included in a "data retention regime" other submissions from ". . . the Northern Territory Police and Victoria Police continued to push in federal Senate inquiry submissions earlier this year for web-browsing histories to be included as part of any mandatory data retention scheme".
The Real Issue is Not Access but Retention
As the SMH pointed out in a recent article:
"What many people don't realise is that, already, a number of Australian law-enforcement agencies are now able to access your metadata without a warrant if telcos - such as Telstra, Optus and Vodafone - retain it, which under current legislation they are not required to."
The key point in the quote being "if telcos . . . retain it" meaning that because "metadata" is so voluminous and only likely to grow in volume the real controversy is around the period for which legislation is likely to require metadata to be retained, what that is likely to do to the costs of the ISPs and telcos required to retain it and how we will all fare once that cost is passed to us as consumers.
Costs generated at all levels would not be cheap even on a two year period of data retention. The Conversation makes the point quoting ISP iinet as follows:
"Those costs aren’t trivial – Australia’s second-largest ISP iiNet estimated it would cost A$60 million just to build a suitable storage facility."
TimeBase is an independent, privately owned Australian legal publisher specialising
in the online delivery of accurate, comprehensive and innovative legislation research
tools including LawOne and unique Point-in-Time Products.
Sources:
- What is 'metadata' and should you worry if yours is stored by law? (SMH - 6 August 2014)
- Inquiry into the comprehensive revision of the Telecommunications (Interception and Access) Act 1979
- Metadata and jobseeker plans contradict red tape target (The Conversation - 8 August 2014)
- Data retention flopped in Europe and should be rejected here (The Conversation - 7 August 2014)