The First Step of Many

It has been a while since I have posted anything.  And now, I will post about a topic very near to my heart and certainly an area I know a great deal about, more so than I believe anyone the Australian Government is seeking “guidance” from with regards to the retention of metadata.

First things first, metadata is descriptive data.  Databases and spreadsheets all contain forms of metadata from the schema (layout) of the tables and fields, columns and rows to people who wrote it, the time editing and other data.  Such data is used many times with indexing services, it is able to read some of this metadata and also search on this data.

This is just the tip of the iceberg, this document I am showing the properties of has this metadata attached (I will look into this data as well shortly) but any computer to computer communication requires metadata.  Most of it harmless and of little importance but in reality it is a symptom of the Internet we setup for ourselves and now so heavily rely on that changing, at its core, the way networking hardware communicate together would surely cause an outage on such a scale, we would not be willing to do it.

That said, the issue is not so much that data is collected, each hardware will have logs of varying levels capturing the data which can, with little effort personally identify you.  A number 162.162.162.162, is your address on the web.  This address is allocated to you by your ISP and ISP has a log of which account was allocated this IP (Internet Protocol) Address.  This address, that web sites also have is resolved through a DNS (Domain Name Server) which translates the name, http://www.websitename.com to 185.185.185.185 and it routes it around the web finding that address and once found the data is this returned to the address that asked for it, you.

All of this data, is kept, there are flagged sites that when ISPs detect you have gone to one of these flagged sites your details, date, time, IP address and so on are sent to authorities.  But, normal use is merely logged.  The laws in Australia force the ISPs and telecommunication companies to retain this data and provide it to one of the policing bodies like the AFP (Australia Federal Police) or any of the state counterparts, ASIO and ASIS (ASIO is international, ASIS is domestic) even bodies like the CCC (Corruption and Crime Commission).  All of them can request without warrant this data from the various companies who collect it providing it forms part of a legitimate investigation.  They don’t need to be looking for terrorists or potential jihadists, in fact the AFP has requested much of this data around government leaking of data because in Australia it is against the law to leak information even if considered in the best interesting of the people it is still illegal.

If they are getting access to this data now, why the bother?  Well the law has made it easier to get.  There is a judge who oversees granting approval (I am not sure if that is who it is or not) but they are appointed by the PM of the day and has now judicial oversight it is also now illegal to state if any permission to seek data was made if it was made or not.  This is what should be ringing alarm bells everywhere, we have one person, who says “yes” or “no” as to whom can get the data which can personally identify you and where you have gone not to mention that don’t report to anyone they are not an independent or need to be, there doesn’t need to be bipartisanship with the government or opposition as it is just the Prime Minister who appoints them and any case they look into, it is against the law to even report about it. 

This is an issue as massive one since we might be looking at merely the descriptive data of our activities on the internet but this can tell a lot about a person, and information in a political world is capital and a lot of it as well.  So don’t be surprised if the laws are used for less than the predefined reasons such as policing and counter-terrorism.

How can one get away with hiding themselves on the internet?  How can I stops anyone knowing where I have been?  Well if you communicate through the internet it is a difficult one to hide your footprints.  Using a TOR browser¹ will help remove your source location when browsing the regular web.  But one of the metadata elements that is collected is what browser you are using so they will now that using that browser will mean you are hiding details but since it will take more efforts to locate you it isn’t needed. 

But this post isn’t about using TOR or other mechanisms to avoid detection as the only way to not have data on the internet collected is to stay off it.  Using the technology of old will help, traditional letters, dead drops and location marking, meeting face to face.  If you need to get information out and to other people find a way that doesn’t involve communication through media.  Or use heavy traffic and generic areas, high traffic twitter posts as long as mentions were done, using aliased accounts internet cafes and cash will hide it (but understand using an internet cafe to access an account will compromise the account as often they have key loggers so they would be one use only. 

We are heading backwards in terms of privacy in this country and which opposition is going to be strong enough to stand up for it when we have the fuel being tipped constantly on the fire of cafe sieges and regular people heading over to Syria and Iraq to fight for ISIL and anyone who stands up for their privacy is on the terrorists side.  That I should be OK with prying eyes looking at where I have been as long as I have done nothing wrong, but I don’t like it when laws come in like this as all it takes is for someone with an agenda beyond that of terrorism like saving the kids from pornography and we have a brand new spying going on.

 

1. TOR Browsers are used to get access to what is called the Deep Web.  An area of the internet that is not indexed on your usual search engines like Google or Bing.  The reason for this is they use a different protocol header, normal web uses http or https but the deep web uses often tor.  Using these protocols tells the browser to go to certain routers on the web to find the data as the usual routers will not know where to redirect your traffic to.