#NatSecInquiry: Tracking Australians in real time


This blog post is by Pirate Party Australia President David Campbell. It first appeared on his blog and is licenced Creative Commons.

blog The ongoing National Security Inquiry has dislodged quite a few stones from the bottom of the paranoia well. One aspect that took my interest in particular is the relationship between data retention and mobile or cellular telephone data.

The information to be recorded is part of a broad definition chastised for by Greens Senator Scott Ludlam, that has been revealed by the Attorney General’s Department. Often referenced as “Meta Data” which in layman’s terms means “who, when and where” with the “what” somehow not recorded, how this will be achieved is left outside the scope of the legislative wish list. This presents an interesting threat to the privacy of Australians when it comes to mobile phones.

As a late twenties Australian I, like many people my age, carry a smartphone, one that synchronises with a few mailboxes in a “Push” fashion, Facebook, my cloud document storage and other services that maintain a constant “heartbeat” connection to various online services that I subscribe to. This means that my mobile is constantly connected to the internet, and the “Who, When and Where”, due to the nature of mobile telecommunication towers this allows my position to be triangulated between multiple towers to within three meters almost 24 hours a day.

This means that my position accurate to three meters will be logged and archived for at least 2 years, the data requires a warrant to rifle through legally, except for when ASIO flash their requested “Do whatever I want and get away with it” badge, which is a whole other scary topic. A warrant written with appropriate wiggle room allows for this data to be requested so many times an hour it may be used in the form of a stream.

This system, either intentionally or through sheer incompetence, inadvertently places a tracking bracelet on almost every citizen in Australia, a device reserved usually for criminals on bail or attempting gradual societal reintegration. This is a gross overstepping of the boundaries established by the Universal Declaration of Human Rights, to be free of arbitrary interference with your privacy and correspondence, to be free to associate with anyone and retain the freedom to move anywhere within our nation without government interference.

This is of course more or less in place for 6 months at this point already, but retaining this for 2 years along with a treasure trove of other data in a wide reaching data retention scheme makes for a massive target for hackers and government officials alike.

One out of a large number of problems with the AGD and ASIO wish-lists for the National Security Inquiry, Hopefully we as a society can turn this train around.

Image credit: Anja Ranneberg, royalty free


  1. Great article, but I don’t this this part is correct “the data requires a warrant to rifle through legally, except for when ASIO flash their requested ‘Do whatever I want and get away with it’ badge”. I believe it’s far worse. It’s not only ASIO who are likely to get warrant-less access, it’s a whole string of government and semi-government institutions, including AFP and state police, Medibank, ATO, ASIC, etc. At the moment Telstra (and probably other providers) already provide location data without warrant to police, local councils, even RSPCA. Yes, WITHOUT WARRANTS.

    I’m all for effective law enforcement, but only where there’s an equally strong judicial function and protection of citizens rights and powers to keep government in check. We’ve all seen what happens when governments run away without that. It’s the process that leads to totalitarian regimes. Want to run a political opposition party? Guess what? The party in power knows every single person you’re talking to and before long, what you’re talking about and more. Congratulations on your new tracking collars Australians – you’ve just become your government’s bitch. Yes, it’s appalling.

  2. I would just like to genuinely ask David and also others too: while I am not disagreeing there is scope for abuse and corruption (they are always a concern)…..does anyone REALLY think ASIO are going to spend their time, money and effort in targeting ‘ordinary’ Australians?

    The data is currently held for anywhere between 3 weeks and 6 months now…..is that not an almost equally big honey pot?

    Oh and one last thing:

    Often referenced as “Meta Data” which in layman’s terms means “who, when and where” with the “what” somehow not recorded

    Come on David. You make a persuasive argument, but emotive language like that is not to its’ betterment. We know ‘how’. We know VERY well how. Networking packet information is no rocket science to the ISPs who deal with it daily.

    • “does anyone REALLY think ASIO are going to spend their time, money and effort in targeting ‘ordinary’ Australians?”:
      You mean, ordinary Australians like Dr Mohammed Haneef?

    • “does anyone REALLY think ASIO are going to spend their time, money and effort in targeting ‘ordinary’ Australians?”

      You’ll never know if they target “ordinary Australians” S7, they don’t have to tell anyone anything. A great example is http://www.abc.net.au/radionational/programs/lawreport/high-court-scraps-asio-security-assessment-veto/4301664 . They could have made life easier for all involved (including themselves) if they’d just said what the adverse assessments were, but that’s not how they operate.

      Also, don’t forget they recently changed the law to allow ASIO to target individual Australians.

      As the Law Council explains in its submission, the current threshold test for spying on Australians domestically is significantly more stringent than that for overseas, and must relate to matters that are important in relation to security, which is then defined against several criteria. The amendments would enable much easier surveillance of Australians who go overseas and participate in political action.

      Potentially, they may also enable surveillance of Australians engaged in action online, even if they are still in Australia, as long as it relates to “the capabilities, intentions or activities of people or organisations outside Australia”. For example, Australians participating in Anonymous operations, or perhaps even supporting WikiLeaks or other whistleblower organisations online, may now be legal targets of ASIO surveillance even though they are in Australia and not doing anything that relates to Australia’s security.

      (Source: http://www.crikey.com.au/2011/05/18/new-powers-mean-asio-could-spy-on-wikileaks/ )

      Personally, I don’t think we should have to give up any more of our rights, they already have all the powers they need (and some would argue more than enough).

  3. To answer DM, I agree that this is very open to abuse and is my main concern with it.

    To answer seven_tech, on the subject of emotive language, whilst I agree emotive language can detract from solid arguments, I was not writing for a newspaper or a press release, it’s a personal blog of my opinions and if I can’t be emotive there then I might as well scrub my online identity entirely.

    I will probably write more on ASIO’s wishlist however it also contained an ability to break into, and install snooping/forensic software on nearby unrelated computers to a crime, nearby it is not difficult to imagine in mobile terms would be those devices connected to the same mobile telephone tower as a suspect being tracked, I do not believe in my heart of hearts that they WILL track everyone as at this point , but they wish to have the capability to do so at their own volition, and this is a very dangerous tool to hand over.

    I do agree that the 3 weeks to 6 months retention does provide a honey pot of the tracking data however it is not also bundled with other information like web traffic and email correspondence which provides a far greater resource for social engineering and identity theft, currently it would really only relay your movement habits to highlight the best time to rob your house. The current data is also not encumbered by a “do with it what I like when I like” free pass to ASIO.

    I know how the basic data is seperated, but when bundled with the full data retention plan, in order to track emails and where they are being sent, the entire mime stream needs to be captured and processed, and if it is encrypted using https or some kind of VPN tunnel, the entire data stream needs to be recorded so that it can be decrypted at a later date, provisions are also there for being legally coerced to decrypt this data so recording the encrypted stream is the likely outcome and it is impossible to discard the conent in that scenario.

  4. @Vladimir great example

    @seven_tech Depends on what your definition of ‘ordinary’ is. Is a peaceful public demonstration organiser ordinary? Maybe someone who advocates for appropriate public interest whistle-blower protection laws? Or actual public interest whistle-blowers like Karl Konrad, Andrew Wilkie, Alan Kessing etc. How about an opposition politician who proposes to reduce secret police powers? How about someone who listens to a copyrighted song on YouTube illegally? (If Hew Griffiths got a direct extradition to the US, what next?). How about ordinary customs officers for someone like Mark Standen? Or from the UK examples, targets like MP Damian Green or MP Sadiq Khan, or the Prime Minister of Greece? If you know every aspect of someone’s private life, there’s few people who couldn’t be leant on with _something_. What will an ‘ordinary person’ be to future governments as protections are continually eroded? Remember, that granting of these powers is usually a one-way road (they are rarely retracted).

    When the AGD spends over fourteen times as much on enforcement functions as justice (excluding family courts and insolvencies), it’s easy to claim getting warrants is too hard. Of the 250,000 intercepts last year, only 5 were approved by a judge.

    In terms of spending time, money & effort, there’s an increasing amount that can be automated now (see systems like NarusInsight, IBM Watson, etc.). ASIO aren’t exactly tight on budget either, e.g. their new headquarters will be our second largest public building.

    Although the proposals have fundamental flaws, there might be a bit more trust if the government wasn’t also suppressing the draft legislation. If we’re the ones paying for government, why are they being so evasive? Shouldn’t legislation be open to public accountability? They say “nothing to hide, nothing to fear” is the mantra, so it’s rather hypocritical.

    Also be aware that intel mandates have changed to include not just national security, but economic and industrial intelligence. When politicians quickly jump to and from public & private roles, there is MASSIVE incentive for abuse. To give one example of questionable judgement – Senator Bob Carr, previously Premier of NSW, granted unprecedented billions in highly profitable infrastructure deals to Macquarie Bank. 8 weeks after leaving office, he walked directly into a nicely warm $450,000 p.a. seat with…Macquarie! COI much? (I’ll leave out that he also appointed Macquarie CEO Allan Moss’s wife to be the Chair of the Independent Commission against Corruption – because nothing against Mrs. Moss, but that still isn’t a good look for Carr). Carr now runs our second largest intelligence service, ASIS, and is managing our NSA relationship. Mandate for economic and industrial intelligence carries a whole lot of risk if appropriate protections aren’t in place.

    It’s also worth noting that much of the intel collected by Australia is eligible for sharing with UK, USA, Canada and NZ under the UKUSA (‘Five Eyes’) Agreement. That secret treaty was kept secret even from Australian Prime Ministers until 1973! Look it up in Hansard. 27 years of secret sharing right there, so where’s the accountability to citizens and oversight? Recently Nicola Roxon & Janet Napolitano (US DHS Secretary) publicly announced a new round of sharing agreements too. Great for crime prevention perhaps, but what else are Australians paying for it? One has to wonder how much data on everyday citizens is ending up in the Utah Data Center and to what purpose, who knows?

  5. People often think ASIO officers would need people to listen to calls, read web histories, etc. The days of tap and pen traces as primary input for mass surveillance are long gone.

    A good example of changing technology is Apple’s Siri Assistant. It was actually developed by SRI International (hence ‘SIRI’), an organisation with deep ties in the intel and military industry. Siri was one spin off from a much larger program of AI work – Project CALO, funded by DARPA. CALO technology can be used for military purposes, automating action responses to information & situational awareness triggers, (e.g. deploying people and hardware in battlefield scenarios). But, there’s no reason the same technology couldn’t be directed against civilian populations for non-military purposes. We’ve already seen the NSA breaching the laws in other scenarios, e.g. the illegal AT&T warrant-less wire-tapping progam. This is why extremely strong safeguards need to be in place.

    Most of the public detail on CALO has been erased from the web, but it’s just one of many technologies in implementing the “Total Information Awareness” doctrine. US Congress made them change the name to “Terrorist Information Awareness”, but it’s the same concept. DARPA’s Info Awareness Office shows one good example of technical capabilities:

    Collaboration and sharing over TCP/IP networks across agency boundaries
    Large, distributed repositories with dynamic schemas that can be changed interactively by users
    Foreign language machine translation and speech recognition
    Biometric signatures of humans
    Real time learning, pattern matching and anomalous pattern detection
    Entity extraction from natural language text
    Human network analysis and behavior model building engines
    Event prediction and capability development model building engines
    Structured argumentation and evidential reasoning
    Story telling, change detection, and truth maintenance
    Business rules sub-systems for access control and process management
    Biologically inspired algorithms for agent control
    Other aids for human cognition and human reasoning

Comments are closed.