Some Telcos Reckon The New Metadata Scheme Is Full Of Holes And A Complete Mess

"It's basically a huge Big Brother policy that Australia has walked into."

From today, all Australian telecommunications companies will be required by law to store everyone’s metadata for two years. The data will be able to be accessed by government agencies, including the police, without a warrant.

The metadata laws were passed by the government in 2015 but it’s taken this long for the companies to build and implement their storage systems. Even though it’s a compulsory federal government scheme, responsibility for capturing, storing and securing the metadata lies with the private companies themselves.

But many people in the telecommunications sector, who are responsible for the maintenance and operation of this system, aren’t happy with it. As one industry figure put it:

“We’re going to end up with this regime of laws that allow the government to access a huge amount of data on its citizens. They are retaining what devices you sent something from, where you were located, what time you sent it and who you sent it to. It’s not too long before you can use that to make the most amazing profile of everything you do. It’s basically a huge Big Brother policy that Australia has walked into.”

And it’s been entirely outsourced to the private sector.

Telcos Are Pretty Pissed Off

Even though telecommunications companies are in charge of the metadata retention scheme that doesn’t mean they support it. In fact, some are openly hostile.

Angus Fotheringham is the General Counsel and Company Secretary of Inabox Group — an ASX listed telecommunications company. According to him, “these metadata retention laws are badly conceived. The whole essence of the laws fundamentally misses the point.

“It was so obvious to me that there was very little thought on the part of the regulator on the complexity of this issue on the wholesale side,” Fotheringham told Junkee.

He pointed to the cost of implementing the scheme, which was borne by telecommunications companies themselves. Government grants were available, but according to Fotheringham they didn’t cover the full cost of implementation.

The cost of metadata retention isn’t just in building the storage system either. It needs to be maintained, expanded as storage requirements grow and security needs to be kept up to date. None of that is being paid for by the government, and that could lead to problems — especially when it comes to security.

“This information we’re storing will be a target for people wanting to access metadata,” Fotheringham said. And so far there doesn’t appear to be any kind of government auditing or scrutiny around what kind of security provisions telecommunications companies have implemented.

So not only has the government forced companies to store all of our personal metadata, they haven’t ensured that it will be kept safe from hackers.

Some Companies Might Not Have Even Implemented The Laws

John Stanton is the Chief Executive Officer of Communications Alliance, the primary industry association for the telecommunications sector. They’ve got over 150 members, including all the major telecommunications companies.

According to him, the metadata laws were “based on a falsehood”. “George Brandis spoke in the Senate and said this was about retaining the status quo. But the data retention legislation requires an enormous number of things of services providers weren’t required to do before,” he told Junkee.

For example, phone companies will now be required to retain information on phone calls that were never connected. Before the laws, the companies had no reason to retain the data, but now they have to keep the information for two years.

Stanton believes that some smaller companies might just ignore the laws and hope the government never notices.

“There are 250 providers competing for 1 percent of the market. They’re mum and dad operators servicing their local community. Have they really got the smarts to do everything the law requires? In many cases they’ll either exit the industry or they’ll stay and hope they’re never asked for metadata by the government,” he said.

“The focus for the government will be on the top five-ten providers. That’s who they see as the main game. Frankly, I don’t see the regulator having the resources to chase all the other providers.

The Whole Thing Sounds Like A Mess

So we’ve got a situation where the government is forcing telecommunications companies to implement an expensive data retention scheme that can be easily bypassed through the use of VPNs or even with something as simple as iMessage.

And on top of that, there’s no guarantee that our data will be secure because the government hasn’t bothered to check how it’s being stored.

And it sounds like a whole bunch of companies won’t bother adhering to the laws because it’s too complex and expensive.

It sounds less like Big Brother and more like Big Daddy, with the federal government playing the role of idiot slacker Adam Sandler. That’s right, George Brandis. You’re Adam Sandler. That’s what you get for foisting this insanely dumb scheme on us.

Osman Faruqi is Junkee’s News and Politics Editor. You can follow him on Twitter at @oz_f.