With this particular legislation, it is very clear to me why it is bad. I am able to articulate to people that regardless of who proposed or supported the idea, it is not a good idea to keep information on my family and friends, such as where they move, who is in their social networks, what topics they search the web for in the privacy of their own home. I feel that it is empowering to explain why it is not a necessary or proportionate response to place the entire country under surveillance on the off chance one of us was to plan a terrorist related offence. I can also explain clearly why this is something which will result in all lay people being monitored, but none of the technical savvy people who actively try and circumvent the retention scheme using a mix of offshore VPS + VPN + tor + whatever other technology helps them.
As beefsac said, this is a policy which will likely have support from the two major parties. I encourage all people who oppose this particular legislation to explain to their friends, families, co-workers, etc the ramifications of mandatory data retention - without mentioning a particular party. I'm aware that discussions about legislation such as this often end up in name slanging and partisan comments. However I think it is very important to debate these things with a clear head. As much as possible when discussing politics and legislation, I try to refrain from referring to any specific party or politician. I fear that if I do, I'm allowing people to attack my argument by saying "of course you'd say that, you leftist greenie" or "of course you'd say that, you right winged conservatist". Lets play the ball, not the man.
FYI - I've already contacted my local MP - the first time I've felt the need to do so. I await his reply.
Let's not forget the new terror laws that have cleared the Senate, "enabling entire Australian web to be monitored and whistleblowers to be jailed" [1]
Even as network administrators it is not clear that if we patch our systems or report breaches, we could end up in jail if the attacks were orchestrated by the spy agency [2]
The Australian government is currently very busy orchestrating a national fear campaign to make its citizens believe that laws like the Data Retention law are required.
However, the Australian government wanted this law for a long time now and the whole IS/terrorist situation seems to be a great vehicle for the Australian government to bring fear into it's citizens so they'd approve of it.
Don't be fooled my fellow hackers! They don't have your best interest at heart, only their own.
Great mini site and in trying to share it I've discovered yet more bugs in the iOS 8 share button.
I'm a little disappointed though that the new laws making all Internet connected devices essentially one device when it comes to warrants isn't really shown on the site. If the site's source is available somewhere is be happy to help add more about it.
I'm not affiliated with the site, but they encourage contributions at https://github.com/stopthespies/website. I tend to agree with you that this is also an important topic.
At this stage it has become apparent that opposing surveillance doesn't appear to be helping. It's pretty clear where this is headed, and it seems to me the only way out of it is through it and out the other side, whatever that might look like.
My position on surveillance is now, and has been for a few months, what Slavoj Žižek said: "Yeah but I don't care if we are watched. Here I preach arrogance. So what, let the big 'other' watch me maybe he will learn something and be less stupid, you know, this is not my problem."
If you haven't seen it this video[1] of Slavoj Žižek and Paul Holdengräber on "Surveillance and whistleblowers" at the International Authors' Stage, published earlier this year, is quite entertaining. The quote above is at 35:54.
What does one do if they agree with the cause, but don't want to be associated with the people making up the majority of the movement?
For example, if you were strongly opposed to the policies or methods of The Greens then you may be turned off by the campaign in the OP as the Twitter mosaic is covered in Greens logos.
Another example, I had a friend who attended an Anti Iraq War protest back when it was all going down (the second time). The problem was, the majority of people protesting were far-left/resistance/socialists that were overtly trying to conflate the issues of boat people and I think Palestinians with the war in Iraq, two movements that my friend wanted nothing to do with.
Without knowing the details, would vanilla Tor suffice? The ISP (who is the one being mandated to retain the data) will only know that you are contacting the entry relay, and the rest of the communication should be encrypted between you and the entry relay. I would guess that then every log in the ISP's log would say "Visited random tor node in iceland".
As for circumventing location gathering, when your mobile phone connects to cell towers, I'd be keen to hear about proposals for getting around that.
Wouldn't this have a technical issue anyway - the fact that all devices in your home would effectively be grouped under the single IP of your ADSL modem? They could never pinpoint something to an individual. Same problem that the movie studio litigators face going after pirates.
Combined with other forms of 'big data' it should be fairly straight forward to identify a specific individual. And if not law enforcement has already proven it doesn't care[1].
It's disappointing that this has had very little coverage and/or discussion in the tech community outside Australia.
I realise it's at a national level and therefore a domestic piece of legislation, but that doesn't stop internet users the world over rallying together on issues like net neutrality and SOPA.
For days, the SOPA campaign was everywhere. It too was a domestic (US) piece of legislation, but it's "forced" on other uses (through sites like Reddit, etc.) in countries where it doesn't specifically apply.
The data retention scheme proposed by the Australian Government is draconian. It has very little public oversight, it costs consumers money and inhibits the free ideal of the internet. At a basic level, the spooks want every IP address of every consumer for every connection to be kept (by the ISP) for two years.
My name, address (subscriber information) will be tied to my IP by the ISP. I connect at 5:43am to Facebook. That's logged. I leave Facebook and log onto Reddit at 5:55am, that's logged. For two years. I send an email to Activists-R-US at 6am, that's logged. Not the "content", just the fact that I did it.
And, best of all, it's all classified as "metadata", so accessing the records doesn't even need a warrant. In fact, any agency in the country with "investigative powers" can request the records from the ISP. That includes, and is not limited to, councils who are investigating lost dogs or parking infringements.
We already have fairly tight rules when it comes to internet spying. Every ISP - to get a carrier licence - needs to submit a Interception Capability Plan (ICP) with the Government, explaining how it can - if necessary - tap that connection for spying. If you change your network and it changes the way the lines are tapped, you have to let the Government know straight away.
We also have mandatory retention orders, which can be applied to a subscriber account if a court sees fit. This orders the ISP to keep the information on the user for a limited time.
If the authorities have their suspicions, they have ample opportunity to get what they want under the current laws.
Data retention is, as I said, draconian. It turns presumption of innocence on its head, and it will be used - one day - to track down to prosecute and jail journalists and whistleblowers.
It will eventually be used to track down and prosecute copyright infringers and "trolls".
I realise that's a slippery slope argument, but legislation - once it's on the books - is often used for things it wasn't intended for.
But wait a minute - didn't risky.biz' Patrick Gray originally report that the AFP clarified that the "Metadata retention" amounts to merely formalizing the retention of DHCP logs?
I mean, there's heaps of shitty things to complain about here (Eg. illegal intelligence activities could send an ASIO officer to gaol for 2 years but a journalist reporting such a thing could go to gaol for 10 years). However I can totally get why authorities should be able to match up an IP address + datetime = ISP user.
There are many, many different takes on what is wanted.
The Government's Communications Minister, the Attorney-General's Department, the Attorney-General himself and the police/spies have all said different things on what will be required.
The ISP iiNet has also said that an internal document it received from the AG's Department a year or so back has very, very different requirements on what should be kept than what anyone is saying publicly.
Also, I see why authorities want it, but I don't think they should have it. As mentioned, there is already more than enough ways to get the information on targets if they want it.
What they are doing is a dragnet style surveillance approach in a democratic country.
I was under the impression they would continue to use the existing channels of obtaining DHCP logs from ISPs as before (i.e. subpoenas), but the changes were aimed at some ISPs not retaining more than eg. last 7 days logs, or last 30 days/billing period, etc.
It's really ironic that the exact laws that they are trying to pass go directly against the party's ethos and are directly aimed at putting Assange in jail!
As beefsac said, this is a policy which will likely have support from the two major parties. I encourage all people who oppose this particular legislation to explain to their friends, families, co-workers, etc the ramifications of mandatory data retention - without mentioning a particular party. I'm aware that discussions about legislation such as this often end up in name slanging and partisan comments. However I think it is very important to debate these things with a clear head. As much as possible when discussing politics and legislation, I try to refrain from referring to any specific party or politician. I fear that if I do, I'm allowing people to attack my argument by saying "of course you'd say that, you leftist greenie" or "of course you'd say that, you right winged conservatist". Lets play the ball, not the man.
FYI - I've already contacted my local MP - the first time I've felt the need to do so. I await his reply.
Edit: grammar