Bypassing mandatory metadata retention could be as easy as using Gmail or WhatsApp

Bypassing the Federal Government's proposed mandatory metadata retention laws could be as simple as using Gmail or WhatsApp instead of local services according to Greens Senator Scott Ludlam.

The Senator this week grilled the Attorney-General's Department on ways in which Australians could circumvent the proposed legalisation during a Senate Hearing on the Bill, noting that only telcos and internet service providers "operating in Australia" would be required to store metadata. Anna Harmer, from the Attorney's General's Department conceded that international corporations would not "fall within the obligation" of the Bill.

"It's correct that iiNet, Internode as an Australian carrier service provider, depending on which part of the entity you're using, is subject to the obligations," said Harmer. "Gmail itself, or Google as an entity, is not subject to the obligations. So that is in relation to the provision of the email service."

The Bill itself states "the requirements to keep data […] will not apply to data about a communication that has been carried by means of another relevant service operated by another service provider, but which is using the relevant service operated by the service provider. The purpose of this provision is to ensure that the provider of an underlying service, such as an internet access service, is not required to keep information about communications that are passing ‘over the top’ of the underlying service and that are being carried by means of another relevant service, such as a VoIP service, operated by another provider. "

Gmail, Snapchat, WhatsApp, Facebook Messenger, iMessage, Viber, Skype and Twitter's Direct Messages are all classed as 'over the top' services. Due to the international nature of these over the top, carrier services, the most metadata that could be theoretically stored about their usage was that an individual visited an IP address linked to the service at a specific time. Data in regards to usage, such as who the individual in question was communicating with would be unobtainable under the proposed legislation.

The data sent via these over the top services could still be subpoenaed from the relevant companies, but the process would not be as a simple as with the proposed warrantless metadata requests.

Senator Ludlam expressed concerns that this loophole could drive Australian customers from local services to international alternatives.

If the proposed metadata retention scheme becomes law, local telecommunications companies, including internet service providers, will be required to store their customers information for two years. As defined by the proposed bill, metadata includes a customer's name, email address, username, download and upload volumes, and the duration of phone calls, times messages are sent and received and the location of WiFi hotspots or cellphone towers a device is connected to. It does not include a user's browsing history, or the content of a message, email or phone call.

Source: Greens MPs (YouTube)

Leave a Reply