Friday 16 October 2015

Australia's New Law: A Honey Pot for Hackers

Australia, Scott Ludlam, Telecom Amendment Bill of 2015, Malcolm Turnbull, VPN, Tor, Secure Messenger
Australia’s new data retention law has been labeled a honey pot for hackers and it’s not hard to see why.

The Telecom Amendment Bill of 2015, which went into effect this past Tuesday, requires phone and internet service providers to keep a 2 year record of Australians’ metadata, including phone numbers called and texted; time, date and location of calls; and emails sent and received. This information can then be turned over to predetermined government agencies, as well as any public or private agency publicly declared by the Attorney General, without a warrant.

Sadly, the law merely codifies what has largely been in place for years, as the Attorney General reminded us: "Data retention does not provide new powers for agencies to access metadata. It simply obliges telecommunications companies to retain and secure a limited set of records for two years."

Journalists have their own concerns to bear. A last-minute clause was added to require a warrant prior to using metadata in identifying journalists’ sources, but has already come under criticism. All requests submitted to telecommunications companies will look identical and all journalist warrants will be kept secret, leaving companies to simply trust that the behind-the-scenes warrants actually exist.  

Fortunately, no one is pretending that Australians are required to simply accept their new status quo, as the law’s passage has already seen the internet littered with tips to avoid such data collection, as well as reminders that doing so is perfectly legal. Senator Scott Ludlam, who has shifted from fighting the legislation to promoting ways around it, made a point of acknowledging that “There is nothing illegal about circumventing data retention” for all those unsure if now is the time to be proactive.

In fact, Malcolm Turnbull, journalist turned Communications Minister turned Prime Minister, could not have agreed more in a March interview: “If you have a device, a phone, a smartphone, and if I call you through the mobile phone network then there will be a record at my carrier. Let’s say my phone’s with Telstra, then there’s a record with Telstra that I’ve called your number. If on the other hand I communicate with you via Skype for a voice call or Viber, or I send you a message on WhatsApp or Wickr or Threema or Signal or Telegrammer — there’s a gazillion of them — or indeed if we have a FaceTime call, then all the telco can see is that my device has had a connection with the Skype server or the WhatsApp server. It doesn’t see anything happening with you…There are always ways for people to get around things, but of course a lot of people don’t.” 

Turnbull’s simultaneous support of data retention legislation and encouragement to work around it raises some significant questions. The Australian government is moving forward with a system that it knows is beatable. Does it hope to undermine the average citizen who does not think to protect himself, saving his data for a rainy day when it might be useful? Or is the next step to crack down on the secure messenger apps and VPNs that are currently keeping communication secure? 

For now, it’s best to take what precautions we can and Senator Ludlam’s tips are a good place to start: create strong passwords, use a secure messenger instead of texting, incorporate a VPN and Tor into regular internet usage and stay educated about ever-evolving laws and resources. Of course, there are certain secure messengers and VPNs we would suggest over others but ultimately, we just want you to surf secure and stay Rando!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.

No comments:

Post a Comment