This is your government on metadata (with pictures!)

Data retention and warrantless government spying are starting to come out as two of the biggest issues of the century. And about time too - this is a war that has been going on for decades, hidden behind the screens of software developers, tech geeks and hacker kids where everything looks technical and boring to the outside observer and prevents anyone from really paying much attention to what's going on.

There is a lot being said about what our representatives are trying to legalise here, but what is already legal? What is already going on behind closed doors?

The issue has been raised in Europe - and rejected as a violation of basic human rights. It has been raised in England - and allowed to happen against the wishes of the people. It has been raised in America - brought to light after it surfaced that the American government has been secretly storing communications from the entire internet despite this obvious conflict with their constitution. Now the Australian Government is having its turn at the grab for more power.

On October 29, Greens Senator Scott Ludlam along with Senator Nick Xenophon and Senator David Leyonhjelm invited more than 20 civil liberty groups, internet service providers and academics to voice their concerns against the Government's proposed data retention laws at a forum held at Parliament House.

The first to speak was Associate Professor Clinton Fernandez. To paraphrase his introduction, Clinton has experience on both sides of the data retention issue. He knows what it is like to be in the role of the person who has to look at the data from a security agency perspective, and he also has the experience of being on the receiving end of the AFP going through his house.

In the following transcript I have extracted, Clinton lays out his insider knowledge of the way intelligence services operate today and frames his concerns for the safety of whistleblowers, accountability of government and where the future of our society lies.


...this is of interest to politicians and journalists, so I will focus on it a bit longer. And this really relates to a leak investigation. Let us say somebody - one person, could be more than one person - has leaked a document, some top secret document to ABC Radio National. So it leads the news in the morning, comes out [...] at about six thirty, and it's been leaked to ABC because if it's leaked to say Fairfax then The Australian won't touch it and vice versa. But it is leaked to the ABC then everybody gets it, everyone agrees to take it on. Later on Fairfax will pick it up and Sky News, and then there's a leak investigation.

How did the ABC get this document? Well, an investigator would find out pretty fast that the politicians who are featured in stories commenting on the document are, [...] for this particular case, Senator Leyonhjelm, Senator Ludlam and Senator Xenophon. [...] And so, a working hypothesis is that whoever had possession of the document provided it in confidence as a whistleblower to one of the senators; and the senator then went to the ABC and gave them an exclusive in order to lead the agenda in that particular media cycle.

And so the investigator thinks right, what we have to do is get the call charge records - that's all the incoming phone calls, all the outgoing phone calls, the geolocation (which calltower they were at) - off the journalist who reported the story on ABC Radio National, as well as the senators. And this can be done, and is done, without a warrant.

Step one is to obtain records of the journalist's incoming and outgoing phone calls. So this is the record, [...] there's an outgoing call to this number, an incoming call from that number. Here's how long the call lasted, here's the cellphone tower that the mobile phone pinged off, the date / time, and the cost of course. You on your phone bill will only see the cost and the outgoing call. You on your phone bill will not see the incoming call. But this is a matter of minutes, the Federal Police simply have their own portal through to the phone company, and they get the metadata very quickly.

Now, once they get a journalist - or anybody else's, an academic like myself, or a politican's - metadata, the call charge records, incoming and outgoing calls - it stays in the AFP database forever.

So they've built a picture of your life, of everbody who's called you, everybody who you've called, and the location. So that's step one.

Step two is a visual display of step one. And there are programs available - such as Analyst Notebook, Netmap, Maltego if you want an open source one - which allow you to plot the incoming calls and the outgoing calls. Now in this particular one, lets's say that Senator Xenophon [...] is making a lot of calls to people like, people here. And the Federal Police realise that these people are just his staff. So the size of the circle would indicate the intensity with which a person is communicating with somebody else. He seems to be making a lot of calls to somebody called 'Grace' who is not connected to anybody else - that might indicate a personal relationship. Ok, and this is the journalist on radio national.

Step three. An access check. In this particular document that was leaked, who had access to it? Get all their records and cross reference, which leads to:

Step four. This is the list of people who had access to the document that was leaked. This is Senator Xenophon's contacts, this is the journalist's contacts, and there is some cross-pollenation. But there is one phone call that seems to have been made by this person to the parliament house [...] switchboard. And that may mean that somebody in that particular office who had access to the leaked document, made a phone call to '6277-7111..' or whatever the number is. So the police know right, that's the office, we've got a target now. So it allows them to narrow down the list of suspects very fast.

Step five. And then, they can go back in time - with the powers they currently have, I would add - to work out where was the person at the same time as say, Senator Xenophon was. Or where was the person at the same time that reporter X or Y was. And after a while - this would take probably (depending on the number of people who had access to the document) [...] take a week or two weeks. Sometimes it could take half an hour. They would work out [...] in which location [you were]. And it turns out that say Senator Xenophon or your own boss was in a coffee shop in say, Queanbeyan, at the same time as the person who had access to the document who shows up on that call.

Step six. They then track, in realtime, where [...] you will meet again. Let us say this is the Melbourne CBD, I've just lifted this map from the internet. It's just to illustrate.

A future step six is that as facial recognition technology improves, journalists will be identified walking along the street. Or any person of interest. In the future; this is not there yet but in the future, as facial recognition technology improves, the journalist could leave his or her phone in the office and walk down the street thinking there is no digital signal being sent off. But as facial recognition technology improves that journalist will be visually tracked down the street. So there's just nowhere to hide after that. Followed by a raid on the office or the home of whoever it was that leaked the document. Followed by a conviction under section 70 and 79 of the crimes act.

And so, that's the value of metadata.

It can allow very fast and easy visualisation of the key suspects in you know, a hostage case, also in a whistleblower case, leak investigation. And can drastically reduce the amount of information that is available to the media by reducing the number of people who are willing to take the risk of blowing the whistle. What is not being discussed is the big tidal wave of data that is coming;-

And that's the internet of things. That's things like, as I said, remote control motion detectors in your house. You can turn the lights on and off, right now, using a Belkin WeMo device. Well, where does that data go? It goes to a cloud, to a big server. Who has access to that data? That surely is metadata, in the sense that it's machine understandable data. And by getting your hands on everyone's data - and in the case of web browsing there's no difference really - it means that the implication is it's possible to build a digital picture of pretty much any citizen going back two years. And after two years are in, further reforms; maybe say a 5-year data retention plan, or a 10-year data retention plan, as the cost of storage devices falls.

And that changes, I think, the balance of information between the citizens and the state. This is the point at which I don't wish to proceed, my job here was simply to show you what's possible under the hood, and what happens under the hood. Thankyou.


And there you have it, from somebody on the inside. That is the worry, and that is the reality of the world we are allowing to happen. Especially given that your life could be stored forever just for knowing someone, as with 'Grace' or any other of the senator's contacts in the above example. The flipside of the coin is told in the hostage case referred to above, which can be found along with the rest of this speech on Senator Ludlam's SoundCloud page. I recommend you listen to it in full and come to your own conclusions.

I would caution that some of these things are coming sooner than Clinton implies. It will not be long before every refrigerator, heater, water pipe, doorknob and lightswitch is connected to the web and beaming their sensor data around. It will not be long before we have automated cars ferrying us around and robotic drones delivering our mail, all the while sending out a constant stream of information as they go about their business. Next year we will be seeing the mainstream adoption of realtime video streaming from people's heads. And on facial recognition - the American government is already making a good start on that, training their algorithms with the structured information we have been adding to our photos in the form of "tag your friends" for almost a decade now.

To me it all sounds very scary. It sounds like every book and film ever written about a dystopian future. The question we should be debating is not whether there should be more of this power given to our governments, but whether they already have too much.