This morning, Australia’s mandatory 2 year data retention regime began. Internet activity through Australian ISPs (including mobile phone providers) is now recorded. Australians, according to Crikey, here is what is likely to be retained about your accessing this link today:
your name and similar identifying details on your Internet account
the Internet address of where you accessed Hoyden About Town from
the Internet address of Hoyden About Town itself
the date and time you accessed this site
how long you accessed it for (quickly, in the case of websites, no doubt, but what if you were Skyping with us?)
what technical services you used (HTTP over ADSL or mobile or cable or …)
If you are accessing this over a mobile device, your location is also stored, to quite a high degree of accuracy. This data is also by far the hardest to conceal using any method, since it’s revealed as a core part of your phone’s communication with cell towers.
At least the actual specific page you accessed would not (or at least need not) be retained, if I am interpreting the information at Allens and Crikey correctly.
[Data retained] includes your name, address and other identifying information, your contract details, billing and payment information. In relation to each communication, it includes the date, start and finish times, and the identities of the other parties to the communication. And it includes the location data, such as the mobile cell towers or Wi-Fi hotspots you were accessing at the time…
But surely they’ve included special protections for communications between doctors and patients, and lawyers and clients? No. Never even discussed…
The Joint Committee recommended that the Act be amended to ensure that the metadata can’t be obtained by parties in civil litigation cases (I’ve mentioned before how excited litigation lawyers will be about all this lovely new data), and George Brandis said that would be fixed in the final amendments. But it isn’t there. The final Bill being bulldozed through Parliament right now contains no such protection. The fact remains that, under the Telecommunications Act, one of the situations in which a service provider cannot resist handing over stored data is when a court has required it by issuing a subpoena. In practice, that means that your ex-spouse, former business partners, suspicious insurance company or employer can get hold of a complete digital history of your movements and communications for the past two years, and use it against you in court.