On Tuesday, a new law came into effect that will now require large Australian telecommunication companies to store customers’ metadata for two years.
Malcolm Turnbull, the current prime minister of Australia, first introduced the bill to the Australian parliament while he was communications minister in an effort to assist the government with national security issues, including investigations into domestic terrorism.
“No responsible government can sit by while those who protect us lose access to vital information, particularly in the current high threat environment,” Turnbull said at the time in a joint statement with Attorney-General George Brandis.
Officials with the Australian government have estimated that the new powers will cost $300 million and will only pertain to customers’ metadata, not the content of their communication, unless under warrant.
However, according to Philip Branch, a Senior Lecturer in Telecommunications at Swinburne University of Technology, metadata–especially on mobile networks–can reveal plenty of information about a user.
“Even before smartphones and the internet, metadata from the mobile phone system was surprisingly rich,” explains Branch in a post for Gizmodo Australia. “Metadata could provide information as to whether the call was forwarded and where it was forwarded to, whether or not it was answered, and so on. Such information is invaluable in building up a model of relationships.”
Branch goes on to explain that metadata can also help to pinpoint a user’s location up to a few miles away as a result of mobile devices connecting to a nearby base station in order to access a mobile network.
Though the law comes into effect this week, Australian telecommunications companies are for the most part not equipped to begin encrypting and storing users’ data.
According to a survey administered by the Communications Alliance over the past week, more than two-thirds of Australian telcos are not confident or are only somewhat confident in their ability to retain customer data. Only 16% are fully prepared, whereas four out of five companies have submitted plans to work towards full compliance within the next 18 months.
In the meantime, many Australian users are turning to virtual private networks (VPNs) in an effort to protect themselves against the new law. This is in spite of the fact that many VPNs have been shown to leak user data in the past.