Whether Attorney-General George Brandis’ telco metadata retention scheme saves lives remains to be seen. But what’s clear is that it will impel millions of Australians to take their privacy into their own hands, in a way that hasn’t been seen before. An email hit our inbox last week that highlighted the extent of the grassroots reaction to the new law.
The Law Institute of Victoria isn’t what you’d call a technologically progressive body. So when its president circulates the legal profession promoting virtual private networking as a response to concerns that government authorities will use metadata to spy on law firms, it’s clear the law has struck a nerve.
In a video post that’s available on Youtube, president Katie Miller explains that “under the data retention scheme, law enforcement agencies can access [data about] the communications of lawyers and their clients without a warrant”. Criminal lawyers, the president says, are concerned that “if law enforcement agencies know which witnesses you’re talking to, then they can piece together your defence strategy.”
To mitigate this kind of odious risk, the Institute suggests that the use of virtual private networks and offshore-based email systems like Gmail should be considered. The novelty of this kind of subversive stuff emanating from the normally stuffy lawyers’ association can’t be overstated. Something new is happening here.
Not long ago, talk of virtual private networking would have sent Australians, including their legal advisers, to sleep. But necessity is the mother of invention, and when most of a million households found it necessary to access US Netflix programming before the service was available to antipodean customers, they figured out that accessing the service via Buffered, ExpressVPN, blackVPN or TorGuard solved their problem. For about US$10 a month, their computer acquired virtual US residency and could access content only available to Yankee subscribers.
The same technology can bypass the data retention law, preventing your internet service provider from knowing much more than that data is coming and going from the office of Flywheel, Shyster and Flywheel, Attorneys. What the traffic is, and even where it’s really going, can be invisible.
GMAIL BEYOND PARLIAMENT’S REACH
The Law Institute’s reference to Gmail reflects the fact that the data retention law doesn’t cover services that are facilitated offshore and accessed over a vanilla internet connection by Australian users. Gmail servers are located beyond the reach of the Australian Parliament. Your ISP can detect when you’re communicating with Gmail, but it has no idea who you might be messaging.
Five years ago, the notion of a law firm routinely using Gmail would have been frowned on. “The law firm doesn’t control the server. That’s no good.” “Law firms shouldn’t trust overseas email systems. No guarantee of security.” Today, the very facts that these services are not Australia-based and aren’t readily amenable to Australian law are proclaimed as their virtues.
By the time the data retention law reaches full speed in April 2017, we face the real possibility that only the dumbest of criminals and the dullest of lawyers will be using services that are covered by the law. Voice calls through Facetime, Skype and a bevy of clones will bypass the retention regime. Encrypted messaging apps like Wickr and WhatsApp, both favourites of that wily former lawyer Malcolm Turnbull, are provided through overseas infrastructure that is immune to Canberra’s data law.
Even without data retention to drive the move to unregulated communications services, it was always inevitable. Half the point of a superfast national data network is to allow services that have traditionally been delivered using Australia-based infrastructure to be challenged and even replaced by virtualised alternatives. A PABX was once a box full of circuit boards and sockets installed at your premises in Sydney. To our kids, it will mean a software program running on virtual servers provided by Amazon or Google, maybe in a data centre in Sydney or maybe in Singapore. It’s all the same in a high speed, high availability broadband world.
And here’s the rub if crime fighters are serious about ensuring visibility on potentially rogue communications. It follows, as night does day, that the use of services that bypass data retention must be regulated or even banned. If that sounds unlikely, remember that for years the United States banned the export to Australia and elsewhere of strong encryption tools, hoping to prevent non-Americans from communicating secretly. If the authorities come after the secure messaging services, it won’t be the first time.