Meta data and privacy risks and the Privacy Act 1988
March 14, 2014 |
It has long been suspected, and demonstrated in US academic journals, that the combination of metada and algorithms can identify individuals and be damaging personal privacy. In that context the attraction of police and security agencies requiring or wanting to require telcos and ISPs to store records, whether of phone numbers or browsing history is concerning. There have been a steady stream of stories throughout 2013, spartked by the Snowden revelations. The Australian Federal Police are seeking more powers to access metadata, as reported by the ABC in Australian Federal Police calls for more access to metadata to snare criminals. Without proper safeguards having a authorities accessing individual’s metadata without proper cause is a concern. The most recent attempt by authorities to store data is found in zdnet’s repoort What a croc: NT Police data retention proposal ‘overreach’.
It provides:
Northern Territory Police’s call for ISPs to be forced to retain their customers’ web browsing history for two years has been labelled as a massive overreach by Australia’s third-largest ISP, iiNet.
Earlier this week, ZDNet reported that the NT Police had called for web browsing history to be retained in a submission to a parliamentary committee’s review of the Telecommunications (Interception and Access) Act.
“The NT Police are supportive of a data retention regime of two years. Such a regime would assist law enforcement agencies in investigating serious crimes. The NT Police are not in favour of excluding browser history,” the NT Police said.
Under current laws, only the so-called metadata, such as call time, location, number, and billing information, can be obtained by police without a warrant, but the NT Police said that web browsing history needs to be included in any revision of the Act.
“This is inconsistent with the spirit of a revised Act being technology neutral. With the shift from traditional telephony services to IP-based services communications taking place on Facebook, Twitter, Google Plus, and other IP platforms, this data may be included in browser history, and is important to capture as telephone records for law enforcement purposes.”
The call is in contrast to that of the NT Police’s federal counterpart, which specifically said that it was not seeking web browsing history.
Even if the government were to consider asking ISPs to retain customer web browsing history, it is unclear that such a proposal would be easy for the ISPs to comply with.
iiNet’s head of regulatory and government affairs Steve Dalby told ZDNet that iiNet doesn’t retain browsing history, and never has.
“I doubt anybody does. It’s not needed for us to carry out our business, and even if we did, the new privacy legislation makes it very clear that we must not retain stuff if we don’t need it,” he said.
Under Australian Privacy Principle 11, which came into effect this week as part of changes to the Privacy Act, a business must not retain information for any longer than it needs the information, and must destroy or de-identify the information. Dalby said that retaining all customer web-browsing history would potentially breach that principle.
“It’s hard to imagine that ‘We might need some of it, one day’ is justification for overriding that obligation,” he said.
“It looks like a major over-reach to propose such massive data collection and retention.”
As more and more devices such as tablets, cars, cameras, and Wi-Fi hotspots are now connected to the internet — as well as the growing number of people under 18 with smartphones, Dalby said that it also raised questions about what data should be retained from those devices. He said that the NT Police’s proposal “beggars belief”, considering the amount of data ISPs are required to retain.
“It just beggars belief that these comments are have been made by someone that has actually considered the numbers and the technical difficulty of collecting, storing, and retrieving such massive amounts of data,” he said.
He said that iiNet could not be supportive of such a proposal. iiNet has previously spoken out against the data retention proposal, and has suggested that taking into account the 1 million URLs iiNet customers visit every second, the storage costs would mean that the company would need to charge customers an extra AU$5 per month each to pay for it.
In its submission to the inquiry, digital rights group Electronic Frontiers Australia said that digital communications has resulted in eroding the line between the so-called metadata of communications and the content of communications.
“When using a web-based service, the URLs of web requests would constitute metadata. A list of URLs accessed would effectively constitute a detailed account of user interaction. Rather than telling us that the user visited a library, metadata would provide a list of which pages of individual books were read,” EFA said.
“This potentially detailed information should require more oversight than metadata of phone and mail services that provides only ‘envelope’ information. In addition, significant personal information may sometimes be encoded in URLs. For example, this might include account information of financial or other personal services and other very specific private information that accompanies ‘content’ information.”
The organisation said that online, metadata can arguably give you a much greater insight into the person than traditional telecommunications metadata, highlighting a 2009 study of 4,000 Facebook profiles that was able to determine the sexuality of individual users by analysing the friends lists of self-identified gay men.
“The content of our posts become irrelevant; our metadata defines us,” the EFA said.
The group called for software, data streams, digital images, and audio, and all other digital traffic via web browser or internet connection to be excluded from the metadata access regime, and that access to that data be limited to the “bare minimum” of government agencies.
PM covered the issue in Metadata project reveals privacy risks which provides:
MARK COLVIN: The researchers at Stanford University say they’re staggered by how much information they were able to unearth about people by simply looking at the phone numbers they called.
The study encouraged volunteers knowingly to install a tracking application onto their phones.
It then collected information for several months.
The researchers say they were able to predict people’s medical conditions, hobbies and relationships, simply by looking at the metadata. That is, the people and institutions the person called.
Will Ockenden reports.
WILL OCKENDEN: It’s commonly referred to as data about data, but metadata says a whole lot more about you than you may realise.
JONATHAN MAYER: We were able to learn about medical conditions, we were able to learn about gun ownership, we were able to learn about religious denominations. I think our latest results substantially undercut the view that it’s just metadata.
WILL OCKENDEN: The Stanford University metadata investigation project is called MetaPhone.
It’s an app installed on a mobile, which has been described as a slimmed down version of the United States’ National Security Agency (NSA), because it’s collecting the same type of data which is collected by intelligence organisations.
The difference is the users in the study are volunteers, and are knowingly submitting data like who and when they call and how long they talk for to researchers.
Jonathan Mayer is the graduate student running the study.
JONATHAN MAYER: One of the things that is most concerning about the privacy properties we’ve uncovered is how easy it is to make inferences about the metadata on large scale.
WILL OCKENDEN: Last year documents from former NSA-contractor Edward Snowden showed Australia’s intelligence organisations had offered to provide raw metadata to overseas allies.
But often in the electronic surveillance debate, a distinction is made between the content of the calls – that’s what you say – versus the metadata – that’s who you call.
That’s what the Prime Minster Tony Abbott did in December, when asked to comment on the revelations.
TONY ABBOTT: The material that I understand was referred to in the Guardian story related to, essentially, the billing data. Now that has been available, but there is a big difference between billing data and the actual content of calls.
WILL OCKENDEN: The Stanford study comes as an Australian Senate committee looks at mass surveillance laws as part of a review into the Telecommunications Interception and Access Act.
Following a public backlash, the previous federal government scrapped plans to force ISPs to keep internet and phone data for at least two years.
But last month, the Australian Federal Police (AFP) reignited privacy activist fears, when it called for more powers around the use and storage of internet and telecommunications metadata.
The AFP’s Tim Morris.
TIM MORRIS: This is not data that contains content of conversations or content of SMS’s or contents of emails; that’s covered under separate legislation under the Telecommunications Interception Access Act.
What we’re talking about here is the indicative communications data; the time of the call, the length of the call and who the call was made to. As a result there’s a lower threshold for police to obtain that basic data.
WILL OCKENDEN: But Jonathan Mayer says it’s not as basic as many governments make out.
He says his study shows a significant amount of personal information can be discovered.
JONATHAN MAYER: There’s a participant in our study who had an early morning call with someone we able to identify as her sister. And then a couple of days later had some calls with the local Planned Parenthood organisation and then a couple of weeks after had some more calls and then about a month after had a final call.
I think it raises the plausible inference that that participant had an abortion and that in and of itself, even if it’s not accurate, should give rise to some privacy concerns.
WILL OCKENDEN: He says there are many other examples.
JONATHAN MAYER: We had a participant who in short order had calls with a lumber yard and a locksmith and a hydroponics dealer and a bong shop. Again, don’t need a PHD in computer science to have some sense of what could be going on there.
WILL OCKENDEN: Jonathan Mayer says his team’s original hypothesis was that with only a few months of data and only a handful of users, the metadata wouldn’t be very revealing. But he says he was surprised.
JONATHAN MAYER: For some individuals the fact that they have a particular medical condition is quite private, for others are the fact that they own a gun is quite private, for others their religious beliefs are quite private. And yet we were able to find many of these sorts of traits using just telephone metadata.
It would be entirely possible for an intelligence agency or a telecom provider, or anyone with this dataset to make some pretty disturbing finding. I don’t think there is any defence. This is the reality of telephone metadata, it’s very sensitive and the policy debate needs to proceed from that premise. We can’t wish away the privacy properties of this data.
MARK COLVIN: Graduate student Jonathan Mayer ending Will Ockenden’s report.
The ABC also covered the story in a related story covering the same issue, Metadata mining: Stanford University researchers shocked by success of NSA-style phone data trawl, which provides
American researchers say they were shocked by how much information they were able to unearth about people by simply looking at the phone numbers they called.
The Stanford University study encouraged volunteers to install a tracking application called MetaPhone onto their phones.
Researchers collected information for several months, and say they were able to predict people’s medical conditions, hobbies and relationships by only looking at the metadata.
Graduate student Jonathan Mayer, who led the study, says the results show a significant amount of personal information can be discovered through metadata.
“One of the things which is most concerning about the privacy properties we’ve uncovered is how easy it is to make inferences about the metadata on a large scale,” he said.
“We had a participant who… had calls with a lumber yard and a locksmith and a hydroponics dealer and a bong shop.
“[You] don’t need a PHD in computer science to have some sense of what could be going on there.”
Mr Mayer says his team’s original hypothesis was that with only a few months of collection data and only a handful of users, the metadata would not be very revealing.
But he says he was surprised.
“For some individuals, the fact that they have a particular medical condition is quite private, for others are the fact that they own a gun is quite private,” he said.
“For others, their religious beliefs are quite private. And yet we were able to find many of these sorts of traits using just telephone metadata.”
MetaPhone study gathered same data as NSA
MetaPhone has been described as a slimmed-down version of the United States National Security Agency (NSA), because it has been collecting the same type of data which is collected by intelligence organisations.
Last year, documents from former NSA-contractor Edward Snowden showed Australia’s intelligence organisations had offered to provide raw metadata to overseas allies.
But often in the electronic surveillance debate, a distinction is made between what you say versus the metadata.
“The material that I understand was referred to in the Guardian story related to essentially the billing data, now that has been available – but there is a big difference between billing data and the actual content of calls,” Prime Minister Tony Abbott said in December, when asked about the Snowden leaks.
Following a public backlash, the previous federal government scrapped plans to force ISPs to keep internet and phone data for at least two years.
But last month, the Australian Federal Police (AFP) reignited privacy activist fears, when it called for more powers around the use and storage of internet and telecommunications metadata.
“This is not data that [is the] content of conversations or content of SMS’s or contents of emails; that’s covered under separate legislation under the telecommunications interception access act,” AFP assistant commissioner Tim Morris said.
“What we’re talking about here is the indicative communications data; the time of the call, the length of the call and who the call was made to.
“As a result, there’s a lower threshold for police to obtain that basic data.”
However, Mr Mayer says it is not as basic as governments make out.
He says his study shows it “would be entirely possible” for anyone with access to telephone metadata to make “some pretty disturbing findings”.
“This is the reality of telephone metadata, it’s very sensitive and the policy, debate needs to proceed from that premise,” he said.
“We can’t wish away the privacy properties of this data.”
From a regulatory point of view as metadata is stored by organisations and the possibility of identifying individuals becomes apparent the provisions of the Privacy Act apply. That will be a regulatory challenge.