How the Net defeated biology

By Grahame Lynch

Two items caught my eye as Australia passed sweeping new data retention laws.

The first was an exclusive story broken by the Guardian newspaper’s digital edition this week. It reported that late last year, the private information of the visiting G20 leaders were accidentally sent by an official in the Immigration Department to an email address belonging to a football official.

The personal passport, date of birth, visa application and other details of some 31 world leaders was contained in the email which was meant for another departmental official, but because of human error in filling an send field, was sent instead to an outside party.

The Immigration Department managed to secure the football official’s co-operation in deleting the email and then decided not to tell any of the 31 leaders of the error. The only reason it was uncovered was because the Guardian FOIed it.

The second was the revelation that three serious privacy breaches had been committed by Optus involving hundreds of thousands of customers. They involved the publication of silent numbers on a website, exposure of a default password on company-supplied modems and a technical error which allowed voicemail accounts to be accessed without a password. All serious stuff which has seen Optus enter into an enforceable undertaking not to do it again.

I note these two examples because the biggest issue with data retention is not what happens with it when the rules and laws are observed to the letter, but what happens when the security of retained data goes awry. We’ve seen with the Snowden revelations that abuses of data collection are rife in the US government and elsewhere, but it’s the very fact that Snowden could make the revelations in the first place that illustrates the problem.

Inevitably, there will be a massive security breach or abuse of data held by ISPs and carriers of disparate size and competence. There are simply too many points of vulnerability for this not to happen.

The big carriers, represented by Communications Alliance, have by and large co-operated with the government in finessing the data retention legislation. The greatest agitation came from who would bear the cost of data collection. This isn’t surprising. As with the Labor opposition, it would not be a good look for these telcos to be seen to be campaigning against perceived national security interests. And, besides, a telco industry obsessed with how to monetise the ‘big data’ trend hardly has great credentials, for the most part, in advocating for privacy.

What has been more interesting is what has been happening below the radar. Some extremely prominent telco identities have been lobbying heavily behind the scenes on both the data retention and the highly related internet piracy-blocking laws. Connections have been made, tempers frayed.

Ditto for the smaller ISPs in the market who lack the resources to maintain their own legal and lobbying teams or the wherewithal to participate in Communications Alliance. Many of these outfits retain the libertarian instincts that characterised the nascent net industry in the 90s and they are none too happy about the whole idea of government access to metadata in the first place. 

Some of them have, for the first time, chosen to organise as a chapter of the Internet Society. I suspect this is a very important first beginning which will lead to a very powerful libertarian voice in internet regulation over the ensuing months and years.

As for these new data retention and URL blocking laws themselves, it is unsurprising that they have raised barely a public whimper. The rise of social media in recent years has revealed that the general population is unconcerned with privacy if there is a cheap thrill at the end in the form of some Facebook quiz or shareable curiosity. 

Many willingly hand over quite comprehensive metadata, including the identities of all their friends, in order to establish that if they were a vegetable they would be a parsnip or a country, Germany. (My favourite one is a quiz which literally asks if ‘you were a member of Captain Planet and the Planeteers, what ATM PIN would you use?’ The second question asks what PIN you actually use).

The internet age has finally weeded Homo Sapiens off an instinct with powerful evolutionary antecedents. The biologist Peter Watts says that mammals do not respond well to being placed under surveillance as they associate it with predatory threats. The desire for privacy is innate. Perhaps the diminution of this instinct is the true singularity.

(This column appears in CommsDay)




There are no comments

Add yours