Surveillance by Metadata
By By Philip Branch
Senior Lecturer, School of Software and Electrical Engineering, Swinburne University of Technology
The Australian government has introduced legislation that would compel internet and telecommunications companies to store “metadata” generated by their customers. Why have they done this, what exactly are they storing, and what effects will this have on our privacy?
State surveillance via wiretaps has come in for some quite unusual scrutiny lately, largely driven by a very public debate about the collection of metadata. In some extraordinary interviews, politicians have attempted to explain concepts of which they clearly did not have a good grasp. “Metadata” related to wiretapping has suddenly entered the public’s consciousness.
But in order to understand what the debate is about, and why it has caused such concern, it is necessary to understand some of the basics of “wiretapping”.
Wiretapping is an important and highly valued capability of law enforcement agencies, which consist of intelligence agencies, state, federal and military police forces, anti-corruption bodies and other government organisations involved in enforcing or investigating breaches of the law. The law enforcement agencies value wiretapping so much that before a communications service can be offered to the public it must be capable of being intercepted. Services can and have been delayed or stopped because of inadequate interception capabilities.
In Australia, as in most western democracies, wiretapping is carried out by the telecommunications company or internet service provider at the request of one of the law enforcement agencies. This separation between an agency ordering an intercept and a service provider carrying it out ensures there is a trail of documentation that can be audited.
Perhaps surprisingly, most wiretaps do not involve recording conversations. Most intercepts are of metadata.
Metadata is data about data. It is data that puts other data into context. For example, in a telephone conversation the telephone numbers of the participants are metadata. By contrast, a recording of the conversation is “telecommunications data”. The distinction between metadata and telecommunications data is important because it is much easier for a government agency to request an intercept of metadata than of telecommunications data.
Also, metadata can be requested by almost any government agency. For example, local government, the Australian Taxation Office and even the Taxi Directorate and RSPCA can access metadata. By contrast, access to telecommunications data – the actual call content – is much more restricted.
What has caused great concern has been proposals from law enforcement agencies for the compulsory collection of metadata generated by all users of communications services. Regardless as to whether or not we are a person of interest, our metadata would be recorded and stored by the internet service provider for 2 years. It is the universal nature of the collection, as well as lack of clarity as to what is to be collected, that causes concern.
As it turns out, the metadata that the law enforcement agencies actually want is reasonably innocuous. It has become a bigger issue than it might otherwise have been because of some quite spectacularly inept explanations from the government as to what it is that is actually proposed.
Nevertheless, the debate has raised deeper issues about the way interception is done in Australia. In particular, modern communications technology has caused an enormous increase in the variety and quantity of metadata we generate in our digital lives.
When telephony was restricted to fixed landlines, metadata consisted of little more than records of telephone numbers called and call durations. Even so, such simple metadata was a surprisingly rich source of intelligence. It could be used to establish links between “people of interest”. “Network diagrams” could be constructed showing relationships between suspected criminals and how active they were. For example, a sudden flurry of phone calls between a suspected illicit drug importer and a suspected illicit drug distributer might indicate that a shipment was due.
The arrival of mobile telephony added a new dimension to surveillance based on metadata. Now, metadata consisting of approximate location information could be obtained. Mobile phones operate by connecting to a nearby base station, usually located within a few kilometres. Law enforcement agencies could now determine to within a few kilometres where someone of interest was located.
Furthermore, mobile phones are very “chatty” devices. Even though the possessor of the phone may not actually be using it to make calls, it is nonetheless in constant communication with the network via nearby base stations. Having a switched-on mobile phone enabled constant tracking of a suspect’s approximate location.
With modern smartphones, the information available to law enforcement agencies has exploded. They have all that mobile telephony provides but so much more.
Smartphones typically contain a huge amount of personal information. They contain contacts, short messages, images and other data of potential interest to a law enforcement agency. Images captured on a smartphone, by default, have GPS coordinates embedded in them, enabling the location where the picture was taken to be determined to within a few metres.
Smartphones also generate an enormously rich trail of metadata that can give tremendous insights into our actions, interests and concerns. We use them to access social media, make use of mapping tools to navigate, instant messaging for short messages as well as accessing older Internet services such as email and the web.
Obtaining communications metadata can give deep insights into our private lives. For example, metadata showing that someone has accessed an HIV support group via social media, searched for information about HIV treatments, emailed the office of an HIV clinic and used a mapping app to find how to get there makes it clear what is happening in that person’s life.
Given the richness and amount of metadata generated by modern telecommunications, the proposal to collect metadata caused great alarm among privacy advocates and the telecommunications industry. If all metadata that we generate is collected, then the cost to the internet service providers would be enormous. iiNet estimated that it would cost at least $130 per customer per year.
As well as being extraordinarily expensive, collection of all the metadata we generate would be a great threat to privacy. Even if everyone who had legitimate access to the metadata could be trusted not to misuse it, it would be a very inviting target for hackers.
So it came as something of a relief when it turned out that all that was being asked for was a very limited set of metadata that enabled Internet traffic to be mapped to identity. To paraphrase ASIO director, David Irvine, all he wanted was the Internet equivalent of a telephone book. Unfortunately, in the Internet there is no such thing.
The nearest identifier to a telephone number is what is known as an IP address. In the same way that a telephone number can be used to determine who is making a telephone call, an IP address can be used to determine who initiated a particular Internet service.
Unfortunately, IP addresses are not permanently allocated to end users. When not being used, they will be allocated to other users. What the law enforcement agencies wanted was for the internet service providers to keep track of the allocation of IP addresses to their customers and, in so doing, be able to link an IP address to an identity.
For example, a law enforcement agency might intercept packets going to and from a terrorist website. The only identification they would see would be the source IP address. To determine who was querying the website they would determine the internet service provider that allocated the IP address. They would then ask the internet service provider which customer was using that IP address at the time they intercepted the traffic.
For the internet service provider to be able to answer that question, they need to record their allocation of IP addresses. This allocation of IP addresses is the metadata that law enforcement agencies want the internet service providers to record.
Recording the allocation of IP addresses to customers is much less worrying than recording all metadata. Nevertheless, capturing metadata for interception still raises important issues.
In particular, the distinction between metadata and telecommunications data is quite artificial. It is a distinction that made sense when telephony consisted solely of fixed lines and the only service was voice communications, but “metadata” has rapidly lost meaning as the technology has changed. Some metadata can be extraordinarily sensitive and should be treated as such.
The ease with which interception of metadata can be requested and the wide variety of organisations that can request it is a matter of concern. The Australian Security Intelligence Organisation, quite reasonably, says it does not want to go through the onerous process of applying for a warrant each time it wants to do the equivalent of looking up a telephone book. However, our private lives should not be as public as a telephone book either.
Rather than having just two categories of data, one of which is very easy to access and the other very difficult, it may be time for less simplistic classification to be used. Perhaps it is time for the administration of interception to catch up with the technology.
In modern telecommunications there is no such thing as metadata. There is only data.