If you are an Australian citizen, then you better boost your online security before ISPs and Telcos intercept your data
Australia’s parliament – which passed a controversial metadata retention bill in October 2015 – issued an 18-month deadline to all ISPs and Telcos. The deadline was given so that ISPs and Telcos could come up with a plan to follow the mandatory data retention order, which requires ISPs and Telcos to store metadata on every Australian civilian for at least two years. While the orders were made in the name of ‘precaution for national security,’ privacy advocates view this mandate as nothing more than bogus. Since the deadline has expired, ISPs are now forced to perform data retention.
Such measures exercise surveillance on all civilians in Australia through ISPs and Telcos, without any warrants. About one year ago, federal departments – who are unauthorized to access metadata – dodged the data retention bill restrictions and asked the AFP, Australian Federal Police, to work as companions.
According to Dr. Rob Nicholls of the University of New South Wales, Australia is “putting national security interests ahead of privacy concerns,” and the vast majority of metadata access is used for drug crimes, not terrorism or security operations.
What does metadata look like?
The following information might include your metadata since Telcos and ISPs both are now empowered to retain data in Australia:
- Your name and address.
- All the details of mobile phones and apps, including your SIM mobile number.
- All the details of emails, except body content.
- Recipients of your communications.
- Date and timestamps of any communication via social media, email, messaging apps, websites, and mobile, etc.
- Location of your internet-connected devices (cell towers and Wi-Fi hotspots), etc.
How to protect yourself from metadata retention
Here is how to protect your privacy against Australia Data Retention Law.
1. Get a VPN
Life without the internet might sound like pizza without pepperoni, or worse. Our ISP has access to our online information and activity. The ISPs store all this information to allow government authorities access to this information without any search warrant, as per the metadata retention laws.
To prevent ISP monitoring, you should get a VPN subscription that encrypts your internet data pockets so that your ISP cannot monitor your online activities. A VPN masks your IP address and relays your traffic through a series of different servers, making it difficult for ISPs to trace back to your original location. Thus, a VPN provides you anonymity.
Nevertheless, you must never go for a free VPN service, since they sell your information for profit. Therefore, it is worthwhile to pay for VPN services because you get what you pay for.
2. Get Tor
Being a security freak, if you are still uncomfortable with the services offered by a paid VPN provider, then you can switch to Tor network: a volunteer-based browser. It is not just similar to other browsers, but also bounces your traffic through different relay nodes after encrypting it, so that it becomes difficult for your ISP to track you down.
The only drawback associated with Tor browser is that it only encrypts the internet data that is limited to the browser; the rest of your online data remains unencrypted. Tor network also can be slow because it bounces your web browsing data through several relay nodes.
3. Encrypt mobile calls and SMS
Tapping on your mobile calls and SMS has been around for decades and is an old government surveillance tactic. With the new metadata retention laws, both surveillance agencies and mobile companies can spy on your metadata. You may not be able to prevent mobile calls and SMS tapping, but you can at least encrypt some of your information via end-to-end encryption.
Various secure messaging apps such as WhatsApp, Wickr Me, and Telegram provide end-to-end encryption, which is free for calls and messages. Since none of your communications get stored in these apps, metadata retention becomes useless.
4. Encrypt your e-mail
With the implementation of metadata retention laws, your email communications are also being monitored. Therefore, your top priority should be to secure your email. The most important aspects include the sender and recipient of email addresses, and timestamps. Tutanota or Protonmail are email services that provide end-to-end email encryption. Other services like Outlook and Gmail do not support such services, but you can use third party extensions. An example of such an extension is Mailvelope, which uses OpenPGP encryption to encrypt your emails.
5. Use HTTPs everywhere
HTTPs is abbreviated for HyperText Transfer Protocol Secure. This protocol lets you discriminate between a secure website and an insecure one. HTTPs ensures the encryption of the data that is being exchanged while browsing a website. Still, some websites use the HTTP service instead of the HTTPs, and some provide limited support for encryption over HTTPs.
On many websites, HTTPs can be offered as a default. Therefore, the HTTPs Everywhere browser extension – provided free by EFF – can be used to enforce SSL connections on various websites. This extension is used by many different browsers including Chrome, Opera, and Firefox, so that sensitive information can stay safe from metadata retention.
6. Block social media tracking
In this era, social networking has emerged as a portal to our online identity. It is perhaps the most important archive for metadata retention, a place where ISPs can easily gain insight into our daily lives. Such information is crucial for not just monitoring a person’s activities, but also for marketing analysis. But by blocking the scripts used to track you by different forums like Facebook and Twitter, you can easily avoid social tracking. To block such scripts, you can use extensions like Disconnect or Privacy Badger, which will send ‘DO NOT TRACK’ requests to these websites and protect you from metadata retention.
Since the Investigatory Powers Act in the UK, many countries that were not following mandatory data retention system before were forced to perform data retention of every netizen. Since the online privacy and security of every Australian citizen is thus at stake, encryption services are gaining popularity and strong footholds within the digital industry. Therefore, we suggest you follow the above-mentioned security measures to eliminate the risks of getting your sensitive information exposed.
The views expressed are of the author.
Geektime invites global tech and startup professionals to share their opinions and expertise with our readers. If you would like to share your point of view, please contact us at [email protected]