Australia - Now is the time to go dark

[rahli]

On October 13, the mandatory data retention scheme in Australia goes live.

In late August, Quentin Dempster outlined the scale of information the government will legally force ISPs to collect.

The list is extensive to say the least:

For emails

Who youve emailed

Date, time you sent email

Attachment data volumes

For Phone

Phone number of everyone you called

Missed numbers

1800 numbers

Number of everyone you SMSd

Time, date of calls and SMSs

Duration of calls

Your rough location at time of call or SMS

Online activity and social media

Your IP address

Time and duration of your web connections

The law does not require carriers to retain destination IP addresses (your web browsing history), but a carrier may do so

The volume of your uploads and downloads

Location and geographical data

The list of agencies authorised to access this information without a warrant is extensive, and is not exhaustive:

ASIO (Australian Security Intelligence Organisation)

Australian Federal Police

All state and territory police forces

The Australian Commission for Law Enforcement Integrity

Australian Crime Commission

Australian Customs and Border Protection Service

Australian Securities and Investments Commission

Australian Competition and Consumer Commission

NSW Crime Commission

NSW Independent Commission Against Corruption

NSW Police Integrity Commission

Queensland Crime and Corruption Commission

West Australian Corruption and Crime Commission

South Australian Independent Commission Against Corruption

Any other agency the Attorney General publicly declares

Law enforcement and Intelligence agencies will have immediate, warrantless and accumulating access to all information required to be retained by law, and ISPs and telcos that choose to disagree can be penalised for $2 million for non-compliance.

Entire article -

http://www.caleupe.com/writing/australia-now-is-the-time-to-go-dark/

[BedOSpines]

Wow, back to smoke signals guys. I can't believe this happening. If they have the data it mayaswell be public. And tor won't really help like the article says lol. I can't fathom how a bill can pass with "incredible opposition"?

[Conv3rgence]

If these agencies have access to this data without a warrant, then shouldnt we the public have access to the same data of the politicians, corporate CEOs and banksters?

[Anodyne]

A spokesperson for the Attorney General’s Department said metadata was a vital tool used in “virtually every counter-terrorism, organised crime, counter-espionage, cyber-security, child exploitation and serious crime investigation”.

I'm totally confused about what they could even do with that information - the only stuff I can see on that list that they have access to is info about the time, duration, volumes etc of phone calls & downloads & so on, not the content (or destination of internet traffic). How on earth does that help in any kind of criminal cases? The only people I can see having a use for that stuff are telcos & market researchers & their ilk. The GPS data from social media sites is the only actual personal info I can see on there, and honestly if you've given Facebook permission to take that info, then you deserve whatever fate it falls under. I guess you could theoretically use people's download volumes to spot likely illegal downloads (& uploads), but without destination info they would only be guessing. Am I missing something here about this "metadata"? Is there a more complete list somewhere that says they're actually allowed to read our emails now?

And anyone tech-savvy enough to be doing that kind of thing would probably know how to avoid all this shite anyway. That's the reason this scheme has had "incredible opposition" every time it's been proposed - it isn't effective for the stated purpose, and it's easy to circumvent.

[BedOSpines]

Check this out.http://m.dailytelegraph.com.au/newslocal/south-west/bankstown-council-stands-by-power-to-retrieve-mobile-phone-data/story-fngr8hxh-1226586694976

If our isp/mobile operators now have to store all this data, we are going to have pay for it.

[at0m]

I'm totally confused about what they could even do with that information - the only stuff I can see on that list that they have access to is info about the time, duration, volumes etc of phone calls & downloads & so on, not the content (or destination of internet traffic). How on earth does that help in any kind of criminal cases? The only people I can see having a use for that stuff are telcos & market researchers & their ilk. The GPS data from social media sites is the only actual personal info I can see on there, and honestly if you've given Facebook permission to take that info, then you deserve whatever fate it falls under. I guess you could theoretically use people's download volumes to spot likely illegal downloads (& uploads), but without destination info they would only be guessing. Am I missing something here about this "metadata"? Is there a more complete list somewhere that says they're actually allowed to read our emails now?

And anyone tech-savvy enough to be doing that kind of thing would probably know how to avoid all this shite anyway. That's the reason this scheme has had "incredible opposition" every time it's been proposed - it isn't effective for the stated purpose, and it's easy to circumvent.

Ex-NSA Chief: 'We Kill People Based on Metadata'

Meta data is the envelope, not the letter inside it. Which is to say everything about the communication/transaction except the part that gives it context. Don't misread that as me wanting them to store that too... I want no data retention.

(Probable retained metadata in orange):

(Date: 17:00 21/09/2015) Bob (From: [email protected]) sends Jane (To: [email protected]) an email with the subject "Quote for 1500 units of teddy bears" and body telling her about the bears and asking for more info. He attaches a photo of an idea he had for the teddy bear. (Size: 1.5MB, Filetype: JPG)

When Bob gets arrested for "dissenting against the system" and his metadata is pulled, they can now build a web of connections around Bob and prove that he had been in contact with Jane. Without context, Jane is now pulled into the fold.

You can bet they will be storing the destination of web connections too.

Your last line is spot on though. I feel like I should write a quick guide on this... not that it's hard.

[Anodyne]

Thanks at0m, it all makes more sense now. By which I only mean that I better understand now how metadata is used... the scheme itself will never make sense.

And yes, I'm sure you're right about the web destinations being stored too - originally I thought that providers wouldn't bother to do this as there seemed to be no incentive for them to store all that extra data... but I bet one will be provided for them.

Yes, quick guide, yes!

[Heretic]

Just wondering ......

If one is using the TOR browser , can they still monitor , track or record one's usage ?

[at0m]

Just wondering ......

If one is using the TOR browser , can they still monitor , track or record one's usage ?

First and foremost: DO NOT use Tor for anything you log into on the "clearnet" (SAB, Facebook, twitter, Gmail, etc). Tor exit nodes, who you are routing your traffic through, should not be trusted. Tor to Tor (anything ending in .onion) is 100% encrypted until the destination though.

To answer your question: Unless there's vulnerabilities in Tor (which I'm still not convinced there are however I am starting to get a bit more sus. about it as the weird happenings continue), the answer is no. They cannot see your traffic as anything other than "That person is using Tor (probably) and they're using X amount of data".

[DiscoStu]

what ar they going to do with download volumes? i know that if you're not using a vpn and are downloading torrents then you'll be 'pinged' but lets say i'm behind a vpn, and dl 12GB worth of movies in a day, they just see that as 12GB volume and not the protocol etc it was downloaded over? what can they do with it? ask you what you were downloading? it's none of their business.

but also, i haven't seen any guides how to circumvent the phone collection stuff, is it possible? i only have an old old nokia (2000 model) an i have no idea what data it sends and even if i did i don't think I could escape it with modern tools. but the nework it uses (1G? 2G?) is being made obsolete soon i think and everything has to be upgraded to 3 or 4G

i heard if you use gmail and vpn then you can escape the email collection, but perhaps it's only if you use the web interface?

skype too for phone calls i think can get around the phone collection data, voip and what not if you're hell bent on avoiding all this

edit: Your rough location at time of call or SMS i think this is the only one you can't escape but i could be wrong

Edited September 21, 2015 by DiscoStu

[BedOSpines]

I think you could use a foreing sat phone account aswell as Internet provider. If you have the cash lol

[-RC-]

Really good thread. Cheers Rahli and contributors

[rahli]

I have heard that you don't want an email service providers based in Australia as the gov can easily access content then.

This link has a good list of email providers that the au gov will likely have issues pulling from -

https://www.privacytools.io/

[alfamiller]

so disturbing

[Subaeruginosin]

Abbott was always a ridiculous choice of a prime minister.

All his ever been was a good political attack dog. It just kind of proves how feeble and simple minded the Australian public are, for voting him in as PM in the first place. Our whole country really is a joke! We're just a US corporation that's run on pure capitalist values... Democracy has nothing to do with how Australia operates.

But at the very least, at least we now have the first PM in Australia's history, who publicly admitted (on Q&A) that the drug war is purely political and has nothing to do with public safety.

At the very least, we now have a PM who has been documented publicly to admitting that cannabis should rightfully be a legal substance.

He'll probably just continue to play up that whole liberal party hard line approach towards drugs... But at least we have him on record, saying that in his personal opinion, cannabis should be legal.

[Terrapin]

I have heard that you don't want an email service providers based in Australia as the gov can easily access content then.

This link has a good list of email providers that the au gov will likely have issues pulling from -

https://www.privacytools.io/

Nice link, thanks rahli.

[Anodyne]

When Bob gets arrested for "dissenting against the system" and his metadata is pulled, they can now build a web of connections around Bob and prove that he had been in contact with Jane. Without context, Jane is now pulled into the fold.

Wow, you mash that together with shit like the anti-association laws and you could jail just about anyone for no real reason at all. As if we haven't done enough of that in this country already. Fuck. I knew there had to be a really sinister side to this (because when isn't there), but I'm only just starting to appreciate how bad this could get.

Thanks for writing the VPNs-for-dummies guide at0m, it is well-timed and very welcome.

[alfamiller]

yes thanks for the info

[at0m]

No worries! Please feel free to ask any questions or give ideas/feedback. It was written a bit late at night so I'm worried it may be a bit scattered or missing things. Might add some diagrams too for the visual people (like myself).

[rahli]

ISPs and service providers will have to wait until November to learn details of the funding model, despite the data retention scheme going live on October 13.

John Stanton, CEO of Communications Alliance, called for urgent clarity on the program.

Service providers are required by law to retain all data outlined in the scheme, and those that choose to disagree can be penalised for $2 million for non-compliance.

Costs of the scheme has been reported at $319.1 million much higher than the originally estimated $188.8 million.

Theres more than 400 service providers in Australia and I think they are in a range of readiness for the regime, Stanton said.

Some have lodged implementation plans, others are still working on them to try and come up with a clear plan to get to compliance, and I think there are some that are pretty much behind the game as well, so it will be interesting to see how many get their plans in by October 13.

Those providers that have an approved Data Retention Implementation Plan may not meet compliance until 12 April 2017.

#GoDark on Australian data retention: https://www.facebook.com/GoDarkAustralia

Link - http://www.caleupe.com/writing/funding-model-for-data-retention-to-be-released-in-november/

[ThunderIdeal]

 

most of this episode is like stepping back in time to early episodes of rap news (not necessarily a bad thing), but i really like the guest rapper playing the part of the internet itself.

[ghosty]

Nice one Thunder

[rahli]

http://www.caleupe.com/writing/tell-me-again-why-does-australia-need-dataretention/

[Scarecrow]

Here's an information dump from my favourite political party detailing what you can do to protect yourself from metadata retention:

https://pirateparty.org.au/dataretention/

[TPM]

I am using for my entire internet traffic a VPN service.

Currently I am using AirVPN. I am happy with the performance and can recommend it. You can connect 3 devices at the same time.

Before I used https://www.privateinternetaccess.com. The performance was excellent.

But due to the fact that it is a American based provider I refrain from using there VPN anymore.