i30 Owners Club
OFF TOPIC => WORLD NEWS => Technology => Topic started by: Aussie Keith on August 10, 2014, 23:01:09
-
I will begin by saying I don't want to start a political debate. This is an issue that both sides have tackled unsuccessfully. This is just the latest installment.
The notion of warehousing browsing history data and probably email "just in case" seems a bit disturbing. First, no one is clear what information will be kept or how it might be used other than the generic waffle about combating terrorism. The there is the cost of collection and storage which will be borne by ISP's and passed on to you and me. And finally, there is the obvious privacy concerns. And its not an issue that's specific to one side of politics or the other. Its driven by national security concerns so you can be sure something like this is coming one way or another - once they figure out how to do it.
For the record, metadata is considered data about data. So in the case of images, metadata is the information about the image which is typically embedded in the image (http://en.wikipedia.org/wiki/Exchangeable_image_file_format). What other metadata would be harvested and stored and how it might be used isn't exactly clear.
From Wikipedia:
Metadata is "data about data". The term is ambiguous, as it is used for two fundamentally different concepts (types). Structural metadata is about the design and specification of data structures and is more properly called "data about the containers of data"; descriptive metadata, on the other hand, is about individual instances of application data, the data content.
Regarding the recording of just IP addresses, these days very few are static. It is hard to identify where a person has gone and what they might have seen exactly from an IP address. So you can be sure whatever is captured will also contain the url. In your browser, press Ctrl+H. That I think is similar to what's likely to be stored. I would be amazed if email isn't captured as well.
Data retention Hokey Pokey: Liberals caught in public embarrassment over privacy
James Massola and Ben Grubb
Published: August 11, 2014 - 7:18AM
The Abbott government's plan to hand an extra $630 million over four years to police and spy agencies appears, on the face of it, a sensible policy.
Australians live in an increasingly dangerous world; the rise of the extremist Islamic State of Iraq and the Levant, or Islamic State, spanning parts of Syria and Iraq, is a deadly reminder that new threats are emerging.
A high-level briefing from intelligence officials this week confirmed the views of Australian security agencies that the international threat from Islamist terrorism was more diverse, less predictable and the overwhelming threat came from Iraq and Syria.
The conflict has served as a "magnet" to bring would-be radicals into the open and that, in turn, would pose a domestic threat to Australia.
To combat these threats, intelligence agencies have been handed additional funding and there are new laws on the way that will allow authorities greater power to detain and question jihadists, lower the threshold for police to arrest suspected terrorists and give the federal police greater power to seek control orders.
But, for many, it is the proposed "third tranche" of legislation for introduction in Parliament later this year that will raise the bar on telecommunications companies' obligations to retain so-called metadata for two years that is the cause for greatest concern.
And those concerns exist in and outside the cabinet.
Cabinet heard Communications Minister Malcolm Turnbull complain on Tuesday of waking up to newspaper headlines concerning the government's controversial plan for mandatory data retention.
Turnbull argued to his colleagues the government risked unnecessary difficulties by pushing ahead with the data retention regime without fully understanding the details. After all, in 2012, Turnbull was dead against mandatory retention.
"I must record my very grave misgivings about the proposal; it seems to be heading in precisely the wrong direction," Turnbull said when Labor was floating the idea but hadn't given it its support.
The cost of data retention for telecommunications providers and the privacy implications for retaining Australians' internet and phone footprint are the two key flash points.
In an internal memo cited by Fairfax Media's The Australian Financial Review this week, Optus warned that the government's plan to force it to retain metadata would cost tens of millions of dollars and that it should not have to bear the costs.
"Based on work done in 2010 and refreshed in 2012, a data retention regime could cost Optus in the order of $30-plus million to $200-plus million, depending on a range of assumptions about scope and definition," the memo said.
Optus is not alone. Internet provider iiNet estimated that, based on confidential briefings it had with government officials in 2010, it would cost between $60 million and $100 million per year to retain the data they wanted then, with the cost increasing as more data is collected.
Turnbull, who does not sit on the national security committee, which has been meeting most days over the MH17 tragedy and where data retention was approved on Tuesday, was not called in to discuss the proposals.
The decision to agree "in principle" to data retention was taken by the NSC and leaked before cabinet approval.
But, as Communications Minister, Turnbull is acutely aware of the cost and complexity attached to the data retention laws and argued he should have been consulted.
After all, Howard government communications minister Helen Coonan was called in to the NSC when legislation to do with her portfolio was discussed, so why wasn't he?
After Tuesday's announcement that a data retention regime would go ahead, the sell by government ministers went from bad to worse.
Initially, Abbott suggested, incorrectly, that metadata was "not what you're doing on the internet, it's the sites you're visiting".
In subsequent interviews, the Prime Minister, his office and officials clarified that records of individual web pages visited would not be stored but that metadata – including the IP address of a particular web server accessed and the time and duration you spent on it – would be recorded. By Friday morning, this appeared to have changed too. (In many cases, a single IP address might service hundreds of completely different and independent websites. This means that an IP cannot be considered a full web browsing history. When accessing some sites, though, it can be considered a type of history.)
What Abbott said was nothing compared with what Brandis then went through in an interview on Sky News that some of the Attorney-General's colleagues compared with Bill Shorten's infamous "I haven't seen what she said but I support what she said" interview.
In the interview, Brandis said, more than once, that the "web addresses" people visited would be captured under the proposal but attempted to clarify, confusingly, it would not extend to web surfing.
It can't be both.
Reading between the lines, it appears the Attorney-General was referring to IP addresses accessed as opposed to individual web pages.
As an exercise in selling public policy, it was a disaster. Coming so soon after the dumping of the repeal of race hate provisions contained in section 18C of the Racial Discrimination Act – a proposal that seemed doomed to fail from the moment Brandis pointed out that Australians had the right to be bigots – it was not a good sign.
As one colleague observed, the deputy Senate leader's hopes of replacing Eric Abetz as leader in the Senate have fast receded into the background.
And, in the short term, he has another mess to clean up.
By Thursday afternoon and early Friday, Turnbull began to try and clarify the situation created by his colleagues. Australian Security Intelligence Organisation and Australian Federal Police officials also held a news conference in an attempt to set the record straight.
Appearing on radio and TV interviews Friday morning, Turnbull said IP addresses accessed and web browsing histories would not be stored as part of any data retention scheme.
Who you called, for how long and from what location would be stored. And the IP address assigned to you by you internet provider would also be stored too, he said, so that law enforcement and spy agencies could identify people involved in a crime.
Despite this, some, including those in internet industry circles, remained confused. Confidential briefing documents they received in 2010 show that source and destination IP addresses accessed should be included as part of any data retention scheme.
Meetings held by Brandis and Turnbull with three Australian telecommunications companies, intelligence agencies and others on Thursday night appear to have changed this.
Australia's federal privacy commissioner, Timothy Pilgrim, also appears to have been left out of the debate before it was approved.
"The government's proposal on data retention raises a number of important issues and so it is important that there is an opportunity for public consultation and debate on these proposals once the detail is available," he said on Friday.
He said it remained "unclear" exactly what type of information would be retained.
"However, there is the potential for the retention of large amounts of data to contain or reveal a great deal of information about people's private lives and that this data could be considered 'personal information' under the Privacy Act," he said.
This story was found at: :link: Data retention Hokey Pokey: Liberals caught in public embarrassment over privacy (http://www.smh.com.au/digital-life/digital-life-news/data-retention-hokey-pokey-liberals-caught-in-public-embarrassment-over-privacy-20140808-101rs2.html)
-
Thanks Keith... I might give myself a day off on Wednesday to read and understand this! :sweating: :eek:
-
In the world we live in today, this has to be expected.
The technology already exists on a small scale, so increasing it's size is just a matter of who's paying for it, that of course, will be the end users.
Naturally, any government will have difficulty defining it's position and legislating properly, because there are two sides to the equation, national security and individual's privacy. Which is more important ?
For me, I am against any intrusion or erosion of my privacy, but realistically, this was effectively lost years ago with the advent of,
Mobile phones,
Credit cards,
Medicare card,
Membership cards eg Fly Buys, Woolies etc.
to name just a few. We may not see evidence of it, but rest assured you ARE being watched and your daily lives are monitored, sometimes just to get a profile of your spending habits, for marketing purposes.
The ehealth function used by Medicare will give info the the govt about Australian health issues and will "assist" the govt to put resources where needed. Never mind the fact that on an individual basis, they are now easily capable of data matching your health records with other records, to see if there are any porkies being told.
As I'm not involved with terrorism, money laundering or organized crime, it doesn't overly bother me. I will be annoyed at increased costs and the further reduction of my privacy as a matter of principle. I can't see any way for this to be stopped and IMO, it's actually an easy idea to sell to the public. Every time media reports on terrorism or security issues, they reinforce the government's commitment.
-
All this recent data retention affairs is nothing new, it's more to the fact that the general public has only just found out about it.
Our Telco's here in Australia have had agreements with the NSA for the last 11 years to supply information as needed, another thing people seem to either not know or forget is that once you are connected to the net anonymity is out the door, tracking is prolific and your habits on the net are already well known :winker:
-
The NSA?? Isn't that a US agency?
Agree with your views that internet movements are tracked. Really it might be easier to just ask Google if they want to know something.
-
What about the existing metadata on any images stored on your machine, will that be interrogated as well :question:
-
Telco's can tap traffic that flows through their networks then store it somewhere but the volumes of traffic mean the storage requirements are going to be incredible. Encrypted traffic is not safe from scrutiny either as there are tools available to unencrypt the traffic on the fly: :link: Blue Coat – SSL Visibility Appliance (https://www.bluecoat.com/products/ssl-visibility-appliance)
Sound awesome right...
However, spooky stuff you see on TV such as anonymizing traffic using an overseas proxy is real... :link: Free Proxy Servers - Protect Your Online Privacy with Our Proxy List (http://www.proxy4free.com/)
How accurate is geolocation (http://en.wikipedia.org/wiki/IP_geolocation)? Try this: :link: What Is My IP - The IP Address Experts Since 1999 (http://www.whatismyip.com/)
On a different machine right next to this one, the location is given as some other place on the planet owing to the use of a VPN (http://en.wikipedia.org/wiki/Virtual_private_network). None of the activity of this machine will be logged by my ISP as a result.
There's a lot more than this of course but my point is that anyone up to no good can easily cover their tracks.
-
I'm using most of those tools for a range of purposes already, including research. :D
-
The NSA?? Isn't that a US agency?
Agree with your views that internet movements are tracked. Really it might be easier to just ask Google if they want to know something.
Yes it's a US agency, google can only give so much info...Telcos have all the info :)
There are the options of vpn's and DNS setting changes that can help block these data identifiers but probably the simplest would be to use Tor browser, cant guarantee how long that will be safe for either though as I believe a bounty reward is being offered for anyone that can crack it.
-
You'll find Tor is used a lot by deep/dark web users to trade in drugs, firearms and the illicit sex trade. I presented on the topic in KL a couple of months ago and it will be covered again next week here. :victory:
:link: Google (http://www.google.com/webhp?client=tablet-android-samsung&source=android-home#q=deep+web)
-
So why are our Telco's storing data for the US or did I misread the earlier post.
-
You'll find Tor is used a lot by deep/dark web users to trade in drugs, firearms and the illicit sex trade. I presented on the topic in KL a couple of months ago and it will be covered again next week here. :victory:
:link: Google (http://www.google.com/webhp?client=tablet-android-samsung&source=android-home#q=deep+web)
Hence why I suggested it as the easiest option when concerning privacy :)
So why are our Telco's storing data for the US or did I misread the earlier post.
I don't know why other than for information purposes but we have our terrorist concerns here as well and much of our Telco providers are US backed or owned.
imo I think that unless someone is a terrorist - paedophile - illicit sex trade or some other form of scumbag then we really don't have anything to worry about.
-
My brain's full - I cannot hope to take all that in. :sweating:
-
imo I think that unless someone is a terrorist - paedophile - illicit sex trade or some other form of scumbag then we really don't have anything to worry about.
My thoughts exactly.
-
Me too. I can just see someone at NSA scrolling through historical records of my forum member map updates. Soooo exciting. :mrgreen:
-
Me too. I can just see someone at NSA scrolling through historical records of my forum member map updates. Soooo exciting. :mrgreen:
But we appreciate it, Phil. Maybe they are more interested in who is interested in your map?
-
:eek:
-
I have made public service announcements here about stripping the metadata out of images before posting them, especially the gps coords your phone puts there. And its amazing what can easily be found or figured out by putting little bits of information together. So don't be too dismissive. If the information is not secured properly, it could become an issue down the track.
-
I've told my phone not to store GPS locations, so is that all I need to do for my own pics, or it there more.
-
Thanks for posting, Keith.
Just a quick one, do I need to change the data in my profile picture? People might know I've been to Scotland and that I have an unfeasibly large novelty head.
-
I have an unfeasibly large novelty head.
Rub some bacon on it, Jamie. Problem solvered. :D
-
I've told my phone not to store GPS locations, so is that all I need to do for my own pics, or it there more.
That's enough to conceal your location. If you use Firefox you can download a plugin called fxif which allows you to look at image metadata. Photographers find this useful to see the settings used for shooting images. But there may be other interesting stuff in there as well. Facebook strips is out which is great for security.
An real live example of how this information may be used nefariously - items for sale on the interwebz, particularly local classifieds. If there is an image with gps coords, you are a potential target for thieves.
:link: Geotagging: Could criminals use this helpful tool against you? | Digital Trends (http://www.digitaltrends.com/photography/could-you-fall-victim-to-crime-simply-by-geotagging-location-info-to-your-photos/#!bCp3t9)
-
:link: Telstra found divulging web browsing histories to law-enforcement agencies without a warrant (http://www.brisbanetimes.com.au/digital-life/digital-life-news/telstra-found-divulging-web-browsing-histories-to-lawenforcement-agencies-without-a-warrant-20140820-106112.html)
-
Not surprised :fum:
-
Not surprised :fum:
I don't understand why they are all storing this stuff. It just isn't necessary - my wife's sister knows everything................ :whistler:
-
Not surprised :fum:
I don't understand why they are all storing this stuff. It just isn't necessary - my wife's sister knows everything................ :whistler:
:lol: We all know someone like that.. :goodjob:
-
:rofl: :rofl: :rofl:
-
Not surprised :fum:
I don't understand why they are all storing this stuff. It just isn't necessary - my wife's sister knows everything................ :whistler:
Nice on Alan :rofl: :rofl: :rofl:
-
Not surprised :fum:
I don't understand why they are all storing this stuff. It just isn't necessary - my wife's sister knows everything................ :whistler:
Nice on Alan :rofl: :rofl: :rofl:
My sister in law gave my wife a fridge magnet which reads, "I don't need Google. My husband knows everything". :-[
-
This wholesale snooping and data retentions are terrible indicators how low our democracy has fallen.
...These laws constitute an unlimited, universal "fishing license" for the authorities.
The danger of this license was very succinctly summed up by Cardinal Richelieu (1585 - 1642), in the following statement:
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
If we allow the government to go down this path, we do so at our peril. ....
and
In 2012, Victoria's then acting privacy commissioner Anthony Bendall dubbed data retention as "characteristic of a police state", arguing "it is premised on the assumption that all citizens should be monitored".
Presently, there is no need for a warrant to access metadata however the retention of the data requires the warrant....
These new laws would do away with that and hand the "carte blanche" to police. As with any power, power corrupts absolutely!
Can't help but think of G. Orwell, the man was either genius and visionary or perhaps just astute observer. Gestapo, NKVD/KGB and Stasi affectionados must be drooling with delight.
I hope this gets defeated, their reasoning that this is needed to fight terrorism just doesn't fly as similar experiences from countries which enabled such regime has found that 99% of "fishing" is done to investigate general crime whatever that term means.
B/R
-
I've stated b4 that in principle, I can't agree with the retention due to privacy concerns, but regardless of the criminal reason, if it is used as a tool to find criminals or thwart crime before it happens, that has to be a good thing.
-
I've stated b4 that in principle, I can't agree with the retention due to privacy concerns, but regardless of the criminal reason, if it is used as a tool to find criminals or thwart crime before it happens, that has to be a good thing.
I agree with you in principle however the possibility that an entity will have at its disposal complete picture of every step an individual makes is frightening. I'm sure that even during your today's activities you have perhaps unintentionally contravened some law or regulations.
That is worrisome as we'll be getting at very thin edge. In the popular culture this was very nicely demonstrated in the movie "Minority Report".
Some things will never change ==> Quis custodiet ipsos custodes? This quote is as valid today as it was 2,000 years ago when it first appeared, the phrase has universal, timeless applications to concepts such as tyrannical governments, uncontrollably oppressive dictatorships, and police or judicial corruption and overreach, in context within the original poem it refers to the impossibility of enforcing moral behaviour on individuals when the enforcers (custodes) are corruptible....
Will this be a basis for "thought" crimes? In any case it is none of "anyone's business" to know what I read, think or do in the course of the day as long as nobody gets hurt or is burdened by it. Its nobody's business who I talk, write or sing to. Its nobody's business who I meet, hug or barrack for.
This pervasive surveillance is not compatible with democracy so either it is time to drop the charade or refuse this usurpation of basic right of every individual to live free from oppression of any kind.
B/R
-
Don't panic. The scheme will be implemented sparingly. There isn't enough storage in the Universe for this to work as feared. :winker: