Alert: Australia's Data Retention regime started on 13th October 2015. Your data has been retained since at least ... !
About Data Retention
The Australian Federal Parliament voted to give law enforcement and intelligence agencies access to an unprecedented
amount of information on all Australians.
The Coalition Government and Australian Labor Party goose-stepped together to pass legislation requiring telecommunications service providers to store enormous
amounts of personal data of every Australian for a minimum of two years under the mandatory data retention scheme.
This creates a mass surveillance regime that will target all Australians at a time
when other countries have abandoned this approach,more info and Australians will likely pay for this increased surveillance through taxes and additional phone and Internet charges.
This is despite overwhelming evidence that mandatory data retention schemes do not work to reduce serious crime and are a substantial assault on privacy.
This page contains an overview of what this is and what it means to you (also, there are some handy videos to watch and share as well).
What is Data Retention and why does it matter to you?
What is Data Retention and why does it matter to you?
The Abbott government and ALP formed a unity ticket to pass the Data Retention Legislation, avoiding the need to negotiate with the crossbenches and thus limiting their
ability to negotiate on extra safeguards or on limiting the bills scope.
What does this mean?
All information about your communications are now required to be stored for at least 2 years.
This includes, but is not limited to, what you do online, who you speak to on the phone, where you go with your mobile phone, who you email and when, and so on.
This is tantamount to carrying a tracking device on you 24/7.
Using analysis software, intelligence & law enforcement agencies will be able to create a very detailed profile on you, your travels, your associates & relationships, interests & hobbies, personality and so forth.
Government 'law-enforcement' agencies (ASIO, Australian Federal Police, ASIC, ACCC, Customs, and around 80 others)
will be able to access all this info, without even getting a warrant from a magistrate.
allows for the government to declare any agency a 'criminal law-enforcement agency' if its functions include:
enforcement of the criminal law; or
administering a law imposing a pecuniary penalty; or
administering a law relating to the protection of the public revenue.
which means it could conceivably get pretty broad and include Centrelink, Local Councils, Sheriffs Department, Ticket Inspectors and so on.
Why does it matter?
This is a gross violation of your privacy.
This treats all citizens as if they are criminals, guilty until proven innocent.
This further undermines the trust relationship between our government and its people (if they don't trust us, why should we trust them?).
This exposes all your personal information to potential misuse by law-enforcement agencies, the government or even hackers and criminals who manage to obtain the data.
The costs of the scheme will result in increased internet and telephones charges that you will have to pay.
This will have a chilling effect on free speech, and make future political change and protest far more difficult.
See the "What is so bad about Data Retention" section below for more on these issues.
Does it include browsing history?
Supposedly not, however the government has been very unclear on what their metadata definition actually includes and it can be easily expanded later to include content/browsing history.
They say they don't want browsing history or content of communications, but there will be cases where it is difficult to separate the two.
There is no explicit requirement that your service provider not store that information, just that they don't have to.
It may, in some cases, be cheaper and easier to leave content & browsing history in the data retained, rather than take the effort to strip it out.
Despite saying they don't want content or website browsing history, some of the data they will collect can reveal some of this information anyway.
The "metadata" they say they want can often be more revealing
than the actual content of the communication.
It includes, but is not limited to, subscriber of account holder information, sender and receiver of communications, date, time and duration of communications, location
(including where you are when you use your mobile phone), what services is used (eg, voice, social media, Skype, SMS etc), and the type of delivery service (eg, ADSL, Wi-Fi etc) 
"You know, metadata is a different kind of data but it actually is very intimate. If you call a suicide prevention hotline, it
doesn't matter what you say; it's the fact that you called them. Metadata reveals who we're intimate with, who we associate with,
what our interests are, who we are, what we are. And because it can be processed by computers automatically, it's not voice conversation,
it's just data. It allows people with access to that metadata to do very extensive levels of surveillance." - Bruce Schneier,
Lateline, ABC 10 March 2015
Brandis metadata fail Sky news interview
What is so bad about Data Retention?
It undermines the legal principle of innocent until proven guilty. This treats every Australian citizen as a suspect by default.
Agencies should have to get a warrant from a magistrate to access this information. Currently they only need approval of an authorised officer in their department.
It greatly increases the power of policing, security & intelligence agencies over Australian society.
There is great potential for abuse both by law enforcement agents accessing metadata and criminals targeting vast stores of personal data.
There have been many cases of data retention being abused by law enforcement who have used the data to investigate love interests.
Confidential Police, ASIO and Office of Police Integrity files were found in a drug raid in
Melbourne in 2010.
Examples like this show the grave risks of giving warrantless access of private data to law enforcement agencies.
It will impose a massive cost upon all Internet users in Australia; you will essentially be paying a big new "surveillance tax" (see the "So what will it cost?" section below).
It will make it harder for innovation within the sector in Australia as it introduces more red tape and barriers to providing internet/communications services in Australia. It is now more likely that
startups will need to relocate offshore.
It will create massive 'honeypots' full of the private information of millions of Australians that will become an enticing target to criminals, identity thieves, foreign governments, and corporations:
A data breach of this retained data will occur. It is not a matter of "if" but "when". Think about if you would like to allow you friends,
family, employer, workmates, police or criminals to see everything you do online or see everywhere you go.
This could expose you and your family to identity theft.
This could expose you and your family to blackmail.
This could threaten your employment prospects.
This could put people at risk. Especially, for example, if they are police informants, witnesses to a crime, or escaping from violent ex-partners.
This could embarrass people or expose private information. Think of the revealing of embarassing medical conditions, revelations of sexual preferences, or many other things people may prefer to keep private.
This could reveal corporate or government secrets to foreign or competing interests.
This could expose high level public servants, defence personnel or elected representatives to blackmail by foreign governments or criminal interests.
The possibilities go on and on...
It can result in numerous 'false positives' where innocent people have their lives ruined by having to defend themselves from accusations as a result of misinterpreting their metadata.
Innocent activities can look suspicious if viewed through a prism of assumed guilt.
See 'False Positive Paradox'
It will have a chilling effect on free speech and prevent people from potentially seeking professional help in personal areas.
More on this?
From the Pirate Party "Submission to the Parliamentary Joint
Committee on Intelligence and Security
Inquiry into potential reforms of National
Security Legislation", 2012, p4:
People under constant surveillance stop behaving like free people; to the detriment
of society. Data retention plans similar to the proposed regime in the terms of reference
have been enacted in Europe under the Budapest Convention on Cybercrime4
to widespread opposition, with legislation being rejected by Sweden and overturned in
Germany, Romania and the Czech Republic as unconstitutional. In the German case the
Judges determined that blanket surveillance could "cause a diffusely threatening feeling
of being under observation that can diminish an unprejudiced perception of one's basic
rights in many areas," as stated by the President of the Court, Hans-Jürgen Papier. They
considered that "such retention represents an especially grave intrusion" into citizens'
The German data retention regime, while it was implemented, had a negative impact
upon people accessing online resources due to privacy concerns. Research institute
Forsa found that one in two Germans would refrain from seeking help from professionals
such as marriage and drug abuse counsellors and psychotherapists by telephone,
mobile phone or email because of privacy concerns. One in thirteen people had already
refrained from using telecommunications at least once due to data retention, which put
the number at an estimated 6.5 million people6. The negative impact on the health and
wellbeing of citizens caused by the lack of privacy should be reason alone to reject the
data retention proposal.
Not only will Data Retention not fulfil its purported purpose of preventing terrorist attacks, it will potentially make us more vulnerable to terrorist attacks.
It creates more "haystacks" to look for "needles" (ie potential terror plots) in, by increasing the amount of data that law enforcement agencies need to look at.
Real dangers could thus get lost in the noise.
It would be unable to prevent 'lone wolf' operators.
Terrorist actors are generally known to police beforehand; targeted surveillance with a warrant not only suffices in these circumstances, but is a far better use of police resources.
Terrorists are likely to be using technologies and practices that would cover their tracks and render mass retention of everyone's data useless anyway.
There is much scope, for Scope Creep
The AFP admitted that Data Retention could be used in tackling piracy.
There are no protections to stop your metadata being exposed by a discovery process in civil litigations.
Meaning that your personal details could be exposed in divorce proceedings, or any time that someone decides to sue you regardless of the outcome.
The data to be retained is defined in regulations which means they can be changed without having to be approved by parliament.
Costings by PricewaterhouseCoopers for the A-G Department says upfront costs are estimated at between $188.8 million and $319.1 million (they refused to publish the full report).
The government Attorney-General claims less than $4 per customer per year.
The details of funding arrangements, and government commitment to partially fund the scheme is unclear.
It could have a very negative effect on the ability of small ISPs or internet services to compete.
It amounts to a surveillance tax on every Australian, whether it be via increased internet costs passed on by ISPs, or taxpayer dollars.
The financial costs are but one minor cost - the cost to our freedoms, privacy and civil liberties are far more grave.
But I have nothing to hide?
"You know, the "nothing to hide" argument comes up again and again and it's obviously ridiculous. Privacy is not about something to hide.
Privacy is about human dignity. Privacy is about individuality. Privacy is about being able to decide when and how we show ourselves to other people." - Bruce Schneier,
Lateline, ABC 10 March 2015
Rules can change: legal activites you enjoy, could become illegal in the future.
It's not you who determines if you have something to fear: You may be innocent, but automated computer algorithms looking at your metadata,
or overzealous ASIO agents, may red flag you anyway by perceiving an innocent action as suspicious.
Despite being proven innocent, this event can ruin your life.
See Mohamed Haneef case
and also 'False Positive Paradox'
Laws must be broken for society to progress: Imagine how far the US Civil Rights movement would have gotten if the FBI who opposed it
vociferously had access to the all pervasive metadata that would have been generated by organising that movement in the internet age. It may have never gotten
off the ground with the police always a step ahead of protesters and better able to blackmail leaders. We'd be stuck in a perpetual status quo with unfair laws
never being able to be effectively opposed.
See: "FBI's "Suicide Letter" to Dr. Martin Luther King, Jr., and the Dangers of Unchecked Surveillance"
Privacy is a basic human need: People need privacy to be able to experiment with ideas, actions and thoughts and to be able to act without the fear of someone always looking over their shoulder.
Without privacy, people will check their speech and actions. More on this?
Privacy is a fundamental human right. Article 12. on the Universal declaration of Human Rights says: 'No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.'
"Whether explicit or not, conceptions of privacy underpin nearly every argument made about privacy, even the common quip "I've got nothing to hide." ...
understanding privacy as a pluralistic conception reveals that we are often talking past each other when discussing privacy issues. By focusing more specifically
on the related problems under the rubric of "privacy," we can better address each problem rather than ignore or conflate them. The nothing to hide argument speaks
to some problems, but not to others. It represents a singular and narrow way of conceiving of privacy, and it wins by excluding consideration of the other problems
often raised in government surveillance and data mining programs. When engaged with directly, the nothing to hide argument can ensnare, for it forces the debate to focus
on its narrow understanding of privacy. But when confronted with the plurality of privacy problems implicated by government data collection and use beyond surveillance and disclosure,
the nothing to hide argument, in the end, has nothing to say."
- Daniel J Solove "'I've Got Nothing to Hide' and Other Misunderstandings of Privacy"
"There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork.
It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live-did live,
from habit that became instinct-in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized." - George Orwell, 1984
What can you do about it?
Unfortunately, it has passed the Senate, so unless there's some kind of magical turnaround, it is set to become law.
At this stage, the best bet is to ensure the Liberal party and ALP know how unhappy you are about it.
Make sure they know that they will hurt at the ballot box for trading away our freedoms so uselessly: Vote for parties that oppose Data Retention.
Be sure to tell your friends and family. Share this page on social media. Perhaps even join the Pirate Party :-)
For the main part, now that it has passed, the best course is to make sure it is unworkable. The tools and methods on this page will help that.
Above all, take action now to secure your privacy online:
What You Can Do
The new impending Data Retention regime in Australia puts you and your family's privacy at risk. To assist in preventing your personal information from falling into the wrong hands you should take action to protect yourself now. What follow is a simple guide to some sample technologies that can help protect your privacy.
For more in depth information on protecting your privacy that goes beyond this guide, a good starting point is the EFF's
"Surveillance Self Defence" site. In fact, many of the links below in regard to specific items will send you there.
Please note that this guide is intended for average everyday citizens desiring to take some action to protect
their metadata from the ubiquitous mass surveillance of the new Australian data retention regime. If you are a journalist,
a dissident, a whistleblower or political activist, or have some other higher order
then you should seek further more specific technical & professional advice than this guide.
But for an easily digestible overview of a range of options to minimise your risk from the incoming Australian Data Retention regime, see below.
How to protect yourself and your family from Data Retention
Whether you are using your desktop computer, or a mobile device, you should protect your actions from indiscriminate surveillance.
Despite claims that data retention does not intend to collect and store your browsing history, any interaction online that is not encrypted will
leak private data about you, your activities and connections. The below options will go some way to protect your actions from some aspects of
casual surveillance if set up correctly.
Important: How careful you are and what tools you choose to use will depend on decisions you make about your "Threat Model"
What is a VPN?
VPN stands for Virtual Private Network.
VPNs work by creating an encrypted tunnel between your computer and another server.
Your ISP cannot read the traffic in this tunnel; they can only see that you are connected to the server and sending/receiving (encrypted) data.
VPNs are widely used in business: they allow people working from home to connect to their office network securely, which is vital for people working with sensitive information.
VPNs will also allow you to bypass website blocking from the government's new anti-piracy regime, including any sites that could be accidentally blocked due to
Have you ever been watching YouTube and seen that "This video is not available in your country" message? That's geo-blocking.
If your IP address showed you as coming from country where that video was allowed to be seen, you could watch that video, but for various licensing reasons you cannot.
Aside from privacy benefits, getting around geo-blocking to access services that aren't available in Australia had traditionally been one of the key uses for VPNs!
(and doing so is not illegal)
You will need to pay monthly fees (although often not very high).
It can be slower - your traffic is routed through a server outside of Australia.
Content unmetered by your ISP will count towards your monthly quota.
Your traffic is only protected until it reaches the server. Instead of trusting your ISP, you are trusting the VPN provider: a disreputable provider could still log and monitor your traffic.
It only protects data in transit: if your computer is compromised (e.g. by a virus or snooping software), your data will still be vulnerable.
Loss of localised experience: some websites such as Google serve up different content based on your location.
When your VPN is located outside of Australia, many websites may behave differently.
For example, if using a German VPN connection, a website may give you its German language version.
Note: protecting yourself from the Australian data retention regime is not the same as protecting yourself from NSA programs.
What does this mean?
There are a range of NSA programs such as PRISM
which collect data from various social media and internet services. This can mean that once you log into a website like Facebook or Google,
you could be traceable back to your point of origin utilizing the NSA's PRISM system and other voluntary agreements with the US and other Governments,
due to the secretive nature of the systems and the revelations via whistleblower leaks, it would be prudent to assume this data accessible by Australian
Authorities. Your level of caution or paranoia on this issue should relate to your threat model. For an average user, this could be an acceptable risk.
For a dissident, activist or whistleblower you may wish to exercise more caution. Such as ensuring you never log into one of these services while using your VPN.
(Note: if your actions are high risk enough that your freedom or life depends on your anonymity, then you should be using a more complex guide
to your security than those available on this page)
VPNs, while very useful and possibly one of the best front-line defences against data retention are not a magic bullet.
Note that the legislation requires mobile internet providers to log each connection your phone makes, and the location of your
device as it makes that connection. On a modern "smart phone", with a VPN turned on, the phone will still make frequent
connections (on the order of every few minutes) to check email, push notifications, updates etc. and your location during
each of these connections will be logged - there is nothing a VPN can do to protect you from the location-logging data
In addition, please note that this guide is intended for average everyday citizens desiring to take some action to protect
their metadata from the ubiquitous mass surveillance of the new Australian data retention regime. If you are a journalist,
a dissident, a whistleblower or political activist, or have some other higher order
then you should seek further, more specific and more technical & professional advice than this guide.
Unless you are an expert user and know exactly what you are doing, we would not recommend creating your own VPN.
Personally created VPNs may very well suit some people's use cases, with these people being happy to make some compromises:
Keep the server and all its software updated, and if necessary spend time recovering from breakages.
Generate and keep secure very strong certificates and keys.
Know that they're easily identifiable, should someone in their host country be listening.
Be comfortable knowing they aren't able to physically secure the server running their VPN.
You will however at least know for sure that the VPN company isn't keeping and sharing the logs with the NSA or ASIO, since the 'company' will be you.
However this presumes any third party servers you use, or your own systems are secure and not compromised.
Due to its voluntary nature, whilst it is free and generally reliable it can be slow, frustratingly so, and is
not recommended for high volume transmissions like file transfers, peer to peer (torrents) and the like. It is recommended to limit Tor use to web
browsing if possible and to stuff you really wish to keep private. Because Tor is relayed through many extra locations and countries to disguise the
true source of travel the distance travelled by the data is greater and goes through more 'hops' to get to you.
It's not particularly safe to log in to your regular services with Tor, as the "Exit nodes" are impossible to trust with any of your credentials. Tor is for anonymous browsing, not every-day browsing that you want to keep private.
Tor is NOT available for iOS Tablets and Phones, and any app you see on Apple's App Store claiming to be a Tor client at this stage is most likely a dangerous fake.
Note: please don't use Tor for data intensive activities like torrenting, streaming HD video or large innocuous downloads. Some people rely on Tor for their safety and protection from oppressive regimes and while more
Tor users are useful, unnecessary congestion on the network could make things a lot more difficult for people who rely on it.
Also: Use Tor at your own risk. Using Tor itself is enough reason to flag you for further attention from security agencies and could
increase the likelihood they may pay closer attention to your activities by presuming you have 'something to hide'.
If you are concerned enough about your privacy to use Tor you may also wish to consider using a specialised privacy protection oriented operating system, for example "Tails".
What is Tails? It is a security focused Linux distribution which can be run from a DVD or USB drive.
If you are worried about Data Retention, then you may also be concerned about other means by which companies, security agencies, governments and so on can track what you do and build a picture via your online activity.
Even if the current definition of what is to be retained under the data retention regime is limited to certain information, there is the likelihood that this definition will expand at a later date.
Additionally there is the threat that innocuous activity could inadvertently raise suspicion through false positive identification. This could in turn increase the amount of warrants issued on innocent people,
warrants which will then cause the retention of extra content in relation to these people.
Thus, average users could be more likely to come under the increased scrutiny of a
so protecting data that is outside the purview of the mandatory data retention regime may be advisable.
Keeping these expanded threats in mind, there are some other general tools and practices that you may also wish to start employing as a result of the new data retention regime and a general increase in surveillance of communication activities.
(Don't forget there are also the wide ranging NSA programs, copyright violation monitoring, censorship efforts, and criminal activities such as identity theft, in addition to our new domestic data retention regime).
Note: tracker blocking plugins often break the functionality of image galleries, video playback, commenting/discussion systems and social media widgets. You may have to whitelist trusted websites.
An add-on for your browser which detects and blocks tracking which a website may be trying to do.
As the Tor Browser is based on Firefox, Privacy Badger will also work with that.
A browser extension which blocks advertising, analytic and social media requests which are without consent.
Disconnect is open source and cost-free. Disconnect also offer additional non-free services, like limited VPN access.
Disconnect is available for all major browsers.
The proposed Australian Data Retention regime does not purport to retain the contents of your email communication. Whereas the key methods for protecting your email communication will primarily protect the contents.
The proposed Data Retention regime will however potentially store the time you send an email, to whom you send it, what path it travels to get there, from where you sent it and the subject.
The means of protecting this
information starts to get beyond the scope of this site/guide.
While one could argue it is not 'necessary' to protect the contents of all your email with the below methods, you should always be aware of the potential for harm should the contents of emails become public or
fall into the hands
of unintended recipients (especially emails that contain sensitive information). Keep in mind that there are also a range of other government programs outside of Australia that may seek to obtain your email contents.
However the encryption of all your emails, especially for an average user, could be considered overkill. Your levels of desired protection should reflect your threats and the contents of your emails.
For the various reasons detailed above, we will not go into too much detail on protecting email. But due to common queries about protecting emails, we provide some information and links below.
PGP stands for "Pretty Good Privacy", and its main feature is encrypting messages (although it can do a lot more).
Its most common use is to encrypt the content (but not the metadata) of emails,
turning an email from
Technically if you use an offshore webmail provider such as gmail, your data will not be included in the data retention regime, whereas if you use your local ISP email services it will be.
Anyone can see the issue with this insofar as any purported effectiveness of the data retention regime. However, don't forget that many services such as gmail may be accessible to Australian authorities via
information sharing agreements with US agencies as part of the five-eyes surveillance programs. Also note, that if you use your foreign hosted email to email someone using an Australian hosted service, then that metadata will be available via retention of your recipents data.
This is an ever changing area as email services come and go, and so we will not provide any specific product or service recommendations here since what is ostensibly safe today, may not be tomorrow. If your personal
threat model requires security of your email contents and metadata then we suggest you get further advice beyond this guide.
Some general information, articles of note are provided below:
There are a number of services like Wickr (as used by Malcolm Turnbull recently, he has
since moved on
to Signal) which provide endpoint to endpoint encryption;
or encryption between their servers and all endpoints. These provide an unknowable level of protection and it cannot be guaranteed that there are no backdoor agreements
between these services and any governments.
One should be especially careful when using a service that does not run on open source or freely auditable code as you are placing trust entirely within the organisation to deliver what they advertise.
There have been examples where a company claims to protect your security and privacy have been found wanting when exposed to closer scrutiny.
The value of these services is often pinned on your trust of the company in question. The below apps are widely considered the best options at this time (but make your own judgement call).
Android mobile app that allows for encrypted voice calls.
End-to-end encryption (E2EE), which is non-certified or uncertified, is a digital communications paradigm of
uninterrupted protection of data traveling between two communicating parties without being intercepted or read by other parties
except for the originating party encrypting data to be readable only by the intended recipient, and the receiving party decrypting it,
with no involvement in said encryption by third parties. The intention of end-to-end encryption is to prevent intermediaries, such as
Internet providers or application service providers, from being able to discover or tamper with the content of communications.
End-to-end encryption generally includes protections of both confidentiality and integrity.
In cryptography, forward secrecy (FS; also known as perfect forward secrecy, or PFS and also key erasure) is a
property of key-agreement protocols ensuring that a session key derived from a set of long-term keys cannot be compromised if one
of the long-term keys is compromised in the future. http://en.wikipedia.org/wiki/Forward_secrecy
Note: Can only encrypt calls between two RedPhone users (or RedPhone and Signal users).
Note that they are phasing out support for encryption for traditional SMS/MMS,
so if you use signal to send standard SMS text messages they will not be encrypted.
But you can get the same functionality by using Signal to send and receive "TextSecure" messages in encrypted formats.
More info: https://whispersystems.org/blog/goodbye-encrypted-sms/ So please make sure you are aware of which version you are using and what it does and doesn't encrypt.
Note that all of the above products, options, tools and technologies are part of a fluid and everchanging field. The information above is accurate to the best of our knowledge
at time of writing, however products change, technologies change, threats change. Securities get compromised and new best practices appear with regularity. Please view
the above as a series of introductory options. You alone are responsible for your security and you should ensure you do your own research into the best options and tools for
your own unique situation & needs. Please double check the current status of any of the above options before trusting them with sensitive communications.