Dry?
I had to soak in a bath afterwards.
Avoiding data retention will be as easy as eating a burger
A handy line of questioning by Greens Senator Scott Ludlam has outlined the biggest shortcoming of the Attorney-General's Department's artificial distinction between “metadata” and “content”, while also giving those who wish their online activities to be harder to track handy hints on how to circumvent the planned retention …
-
Thursday 5th February 2015 00:10 GMT dan1980
What we need is the following question:
"If I was a terrorist using a free wireless network at a cafe to communicate with other known terrorists via e-mail, would the law enforcement be able to identify that person from the data that will be collected by this regime?"
It needs to be asked of the A-G, not his underlings1 and it needs to be repeated until it is answered, with every attempt to ramble off or devolve into generalities cut off.
As people who are IT-literate, it's can be hard to put ourselves in the place of someone who isn't but I can pretty much assure you that that video will largely be impenetrable for the vast majority of non-technical people.
I like Sen Ludlam but at no point in that particular line of questioning did he pin Ms Harmer down and make her answer the direct question he was making a mess of asking, which would appear to be the one I have posed above - can you avoid detection by using a public wifi network?
There actually were some more interesting parts to that inquiry, if you go over the transcript (PDF) and much of what he asked Ms Harmer in the video followed on directly from the testimony provided by Jon Lawrence from EFA (page 17/22 of the PDF)
There is a great little exchange between Ludlum and another member of the department, Ms Katherine Jones2, who answers one of the questions that Ms Harmer evidently was having trouble finding a suitably vague response to:
Ms Jones: Obviously, the intent of the bill is focused on people engaging in criminal activity.
Sen Ludlum: No, it is not; it is rolled across the entire Australian population. That is why people are so pissed off about it. It is not targeted or discriminate at all; it is directed at everybody. My six-year-old nephew uses telecommunications services.
Gold.
He then goes on (pp 58-59/62-63 of the PDF) to question, specifically, about about people using overseas services like g-mail and how that can be used to circumvent collection that would happen if one was using a local provider (such as iiNet) instead.
Sen Ludlum: So, if my email account is an [@]iiNet.net.au address it will be within the scope, and if my email address is an @Gmail.com it will be out of scope? So all I need to do to avoid mandatory data retention is just to take a webmail service.
Ms Harmer: I do not know that it is quite as simple as that, for the reasons that I set out previously in relation to the provision of telecommunications services.
Sen Ludlum: Why is it more complex than that? If I use a cloud-hosting provider or Gchat or something like that, I will not be caught. If I use an iiNet or an internode address I will be caught. If it is more complex, please explain how it is more complex.
Followed by:
Sen Ludlum: Are you trying to drive people away from Australian service providers?
Ms Harmer: I think we have articulated the intent of the bill, and the government has articulated the intent of the bill and its coverage.
Sen Ludlum: Is it an unintended consequence that you will be driving people away from Australian service providers?
Ms Jones: No.
Sen Ludlum: It is intended?
1 - Having a look, it appears that Ms Harmer is "Acting First Assistant Secretary, National Security Law and Policy Division, Attorney-General's Department". I am not sure exactly what her role is but I suspect it is to shield old Baldy McJowls from having to personally look "discomfort[ed]".
2 - "Deputy Secretary, National Security and Criminal Justice Group, Attorney-General's Department".
-
Thursday 5th February 2015 00:12 GMT Mark 85
???
So...they can get everything except what the "terrorists" and "peadophiles" already know to do? Use a café, library, etc.? Then why bother snooping on the rest of us if they can't catch the ones they want? I do believe this applies to all the 5-eyes....
Or is someone just blowing smoke about "not getting the right metadata (data/content)"?
-
Thursday 5th February 2015 00:41 GMT dan1980
Re: ???
@Mark 85
Well that's the point of all the opposition from anyone with an ounce of technical knowledge - circumventing this is utterly elementary. The only way to catch that stuff is to enact laws that REQUIRE providers of free wireless internet access to uniquely identify people and log activity. Oh, and make VPNs illegal, which is ridiculous.
Senator Ludlum pushed the copyright enforcement angle in his questions as it seems that he sees this as one of the big reasons this is being done, or at least something that will come from it:
Ms Harmer: It remains the case that telecommunications data that is stored by communications providers is amenable to a range of lawful process . . . Those are not being changed through this process.
Sen Ludlum: So it is more the volume of material that would be accessible. . . . For example, US rights holders trying to track down and prosecute people for file sharing could access this material under existing processes; it is just that there would be a lot more material there to look for.
Ms Harmer: I do not know that I can answer that in detail in terms of a US entity seeking access to Australian information et cetera. But, because the access arrangements are not being changed, any access that is available at present in accordance with normal lawful process will continue to be available in respect of retained data.
Sen Ludlum: But what will exist that does not exist at the present time is a two-year record of download volumes, for example.
Ms Harmer: Yes, what will exist will be a range of data that is not necessarily retained for that same period at the moment. So some data which is retained for a brief period will now be retained for longer.
Sen Ludlum: That is right, which would be quite useful if you were a rights holder trying to find out who is downloading your stuff.
Totally for
witchesterrorists and pedophiles, though.-
Thursday 5th February 2015 05:42 GMT Mark 85
Re: ???
If looks like it, smells like it, don't step in it... is what I'm sensing about all this.
They've been pulling this same argument here in the States and no one has called them on it. They just want more... more.. and yes, the workarounds exist. It's funny that they the powers that want this stuff don't think about the workarounds. We get "the terrorists" argument and not so much the other ones.
It's also possible that the workarounds don't exist. From the start, I assumed they got everything. This "we see only the outside of the envelope" analogy is a fiction. If that were true, they wouldn't worry about encryption.
And let's not get into the Tor issue... I assume NSA watches the entryways and exits. But it's possible they don't. Come to think of it, I assume we're all be snooped every minute we're on the 'Net from any place.
Having worked around certain defense companies, I'm a tad on the paranoid side about what they say and what they can actually do.
-
-
-
-
Friday 6th February 2015 01:45 GMT Flat Phillip
Re: Is Ludlam being a bit naive?
You're missing what he is talking about.
He is talking about the proposed wide-spread data retention scheme that may get introduced in Australia. That scheme will have 2 years of storage of anyone using the internet, to a point and with exceptions.
To get around that specific scheme, just have a Big Mac, or perhaps a Frappe and hook in to the wifi and use something like gmail. The spooks will know that someone in the Maccas accessed gmail but not who they were emailling.
Not exactly Mission Impossible stuff. Meanwhile everyone else using an Internet connection will have their data logged for 2 years all ready for the movie companies or hackers to gain access.
For those that don't understand metadata, EFF has a pretty good page about it at:
https://www.eff.org/deeplinks/2013/06/why-metadata-matters
-
-
Thursday 5th February 2015 12:55 GMT cpng
sorry to be thick
I don't get the article. I understand from it how data retention can be easily avoided, but how does that connect to the statement that meta data equals whole contents, where is that statement supported, and would circumvention via public wifi not work precisely because the captured data does not include the content (from which sender and recipient could be identified)?
Also, I am not able to parse "In short, everything that will be recorded is all data". Could someone help by rephrasing?
Thanks
-
Thursday 5th February 2015 13:26 GMT Swarthy
Re: sorry to be thick
If it helps: 'meta-' is a self-referencing prefix. So metadata is data that describes data.
-
Thursday 5th February 2015 21:59 GMT BlackKnight(markb)
Re: sorry to be thick
your lack of comprehension is due entirely to the liberals failing to actually define metadata in there policy. This is where large amounts of opposition come in because its been so poorly defined what there saying they will capture and what they would be allowed to capture are entirely different things.
What there saying is there intention is to capture things like Source\destination addresses (like reading an envolope) what they will actually capture will be source and destination address, requested URL name. which if they want to see what you looked at they just need to plug it into there browser. they would also be able to determine how long you spent on the website, which of its subpages you opened.
where you were streaming content from where your sending emails, whos sending you emails.
-
Thursday 5th February 2015 22:53 GMT dan1980
Re: sorry to be thick
The government is saying they just record the location you visit.
This is correct (so far as I know) but their analogy of envelopes is an entirely false one when applied to accessing web pages on the Internet.
To illustrate, I have used the idea of a library in the past. A library has an address - you can go to that address and be recorded as going to that address, but that doesn't tell anyone which books you read while inside.
This situation works well with the 'envelope' analogy.
The Internet, however, does not function quite like this because, while one might go to a site and then browse to a sub-page, each of those sub-pages (generally) has a publicly-accessible address. That would be like each and ever book in the library being in its own separate mini-library with a unique street address.
Knowledge of the address you went to, in that situation obviously identifies which specific book you were reading.
It's pretty ridiculous to say that I only know that name of the book you were reading but not the actually words - all I'd have to do is look at the same book (webpage) and I know the content you viewed.
-
-
-
Sunday 8th February 2015 05:03 GMT rossde
some years ago some people involved in some shady business just opened a hotmail account and shared the password, then they saved all as drafts, so a message was saved as a draft, another person would log into the account, read the draft and add to it in reply, so all that was happening was that someone was logging into hotmail to check their mail from different locations
-
Biting the hand that feeds IT
