The Guinness World Record we attempted to break was for the world’s shortest radio advertisement. We tried to smash the BBDO advertisement record for the shortest radio advertisement. The previous record was 0.954 seconds saying “Guinness recordbok”. We advertised the ABC itself with the slogan “It’s your ABC” in 0.61 seconds – we are waiting for confirmation! The attempt starts from 8:04.
There has been plenty of technology-related legal activity in the European Union this month. Last week the Court of Justice of the EU (CJEU) ruled that data retention regulations, as they currently stand, are not in accordance with EU law and the European Parliament voted in favour of introducing net neutrality into EU telecoms regulation the week before.
As Australia is currently in the midst of a data retention inquiry – the second in three years – what effects will this ruling have on the debate?
The directive applies to data generated by users of electronic communications services and networks, and stipulates that the operators of these services and networks must keep this data on all users for a period of time between six months and two years.
The kind of data that should be kept includes telephone numbers, account holders’ and recipients’ names and addresses, IP addresses, and location data, but not information about the content of the communications.
The purpose of these rules is to ensure that this information is available for “the investigation, detection and prosecution of serious crime”.
What did the CJEU decide?
For some time there has been concern that the data retention directive was too intrusive of law-abiding European citizens’ privacy.
This resulted in privacy campaigners in Austria and Digital Rights Ireland mounting a challenge to the measures. They argued that the rules were disproportionate and unnecessary to achieve the aim of ensuring data was available for the purposes of fighting serious crime.
They also argued that the rules were incompatible with the rights to privacy, data protection and free expression contained in the EU’s Charter of Fundamental Rights.
The CJEU found that, although the retention of data “genuinely satisfies an objective of general interest” (the fight against crime), the data protection rules went beyond what was strictly necessary to achieve this goal.
In practice, the rules entailed an “interference with the fundamental rights of practically the entire European population”, with the vast majority of those people not being “even indirectly in a situation which is liable to give rise to criminal prosecutions”.
The CJEU also condemned the lack of limitations to the access of this data by national authorities and their subsequent use. For instance, there was no restriction on the access and use of the data to the purpose of fighting serious crime.
Also of concern to the CJEU was the weakness of security measures around the data, and the fact there was no requirement to retain this data within the EU.
It’s unclear what exactly is going to happen now since the CJEU declared the data retention rules invalid. Different European countries have had different reactions to the CJEU’s decision.
A Finnish government minister responded by saying that Finland must revise its laws on data protection and retention, but it seems that the legislation implementing the data retention directive in Luxembourg will still apply and bind telecoms operators.
Furthermore, the day after the CJEU’s decision, the Romanian government issued a new draft law that would increase surveillance of its citizens.
What’s going on in Australia?
The decision comes at an important point in the data retention debate in Australia. We are currently in the midst of the second inquiry within three years from two successive Commonwealth governments.
In 2012 the Labor government’s inquiry into potential reforms of National Security Legislation received 240 submissions and 29 exhibits.
Many responses pointed to a significant shortcoming in the 2012 discussion paper’s vague proposal for up to two years of mandatory data retention by internet service providers.
Despite the prominence of the need for mandatory data retention in pro-surveillance arguments, the discussion paper’s proposal for data retention managed to be both so short and so broad as to allow egregious overreach. The proposal was:
tailored data retention periods for up to 2 years for parts of a data set, with specific timeframes taking into account agency priorities, and privacy and cost impacts.
The accompanying definition of data retention was equally vague: “The storage of telecommunications data for prescribed periods of time.”
No further information was supplied.
The 2012 inquiry resulted in a May 2013 report of the inquiry into Potential Reforms of Australia’s National Security Legislation, but no actual reforms were carried out due to the proximity of the looming 2013 election.
In this climate of increasing disquiet over surveillance overreach, the Coalition government initiated another inquiry into the comprehensive revision of the Telecommunications (Interception and Access) Act 1979.
The May 2013 report contains an entire chapter on data retention. While it notes the public backlash against data retention, and recommends oversight mechanisms and an exposure draft of any legislation, it nevertheless treats data retention as a critical part of Australian security policy.
At core, the report perpetuates distinctions between “metadata” and “content” that many civil liberties groups argue are increasingly impoverished in the age of “pattern-of-life” searches.
Implications for Australia
The May 2013 report spent quite some time discussing the European experience of data retention. The Attorney-General put forward the same data retention directive as the CJEU has just declared invalid as an appropriate model for Australia.
The May 2013 report notes that a voluntary scheme was implemented in the UK while controversies occurred in countries with “human rights frameworks that are significantly different to those in Australia”.
Australia tends to follow rather than lead in security issues, and tends to try to follow traditional allies and those with whom it believes it has most in common.
If the UK decides to include more accountability its data retention implementation as a result of the CJEU ruling, this might bode well for Australian civil liberties – but given the fragmented response so far from European countries, arguably the time to look for models is over. It is time for Australians to take their own rights seriously.
I represented Electronic Frontiers Australia on the ABC consumer affairs show The Checkout. In my “If I Could Say One Thing” segment I discussed ways of dealing with Internet tracking by advertisers and third parties.
Here is the script, including links:
Hi, I’m Dr Sean Rintel, Chair of digital rights group Electronic Frontiers Australia.
I could say one thing, it’s that if an online commercial service is free, then you’re not the customer, you’re the product.
Many online services make money from selling who you are and where you go to advertisers and third parties.
When you’re logged in, some services can track almost everything else you do online.
When you ‘Like’, ‘share’, or sometimes just access content, you can be tracked even when you are logged out.
If that bothers you, there are some simple steps you can take.
Install a browser extension like ‘Disconnect’ to both visualise the amazing number of sites tracking you and, better still, block them. Or the similar plug-in, Ghostery, which can also be installed on your smart phone.
Look for HTTPS in your address bar – the S means Secure. The browser extension called ‘HTTPS everywhere‘ forces sites to use a secure connection that blocks third party tracking.*
And don’t use those convenient buttons to log in to one service with the credentials from another. Separate service, separate login.
With a little effort you can reduce the amount of your personal information that’s bought and sold by people you don’t know.
It doesn’t matter that you may have nothing to hide, it’s that you should have a choice.
* Note: HTTPS Everywhere can only work when the website has enabled it, so it can’t force literally every site to be secure. It might also break some site functionality. See the HTTPS Everywhere FAQ for more details. Further, this does not fully prevent all third party tracking. When used on a search engine, for example, it prevents an unauthorised third party seeing the details of the search and results. The search engine itself may still authorise some third parties to see search results.
“EFA believes that the introduction of a broad fair use exception into Australian copyright law is a critical and long-overdue element in providing a strong, relevant and flexible copyright regime that will serve Australia well into the future. A broad fair use exception will enable greater innovation and creativity, will promote a higher degree of respect for copyright among Australian consumers and will remove a number of significant impediments to the development of a vibrant and competitive Australian cloud services industry.”