Protecting Yourself From Mandatory Data Retention

The Government and ALP regime of mass electronic surveillance – mandatory data retention for every man, woman and child, and every device in the country – started in October 2015. Senator Scott Ludlam explains how to get around it.

To stop the government spying on your every move, you can take the steps listed below. The alternatives here are just some of the options available, this is by no means a comprehensive list. There are a lot of great resources easily searchable online.

These programs and tools are perfectly legal, and very easy to use, which of course begs the question – what is the point of this $300 million scheme in the first place? Particularly when none other than Prime Minister Malcolm Turnbull, the architect of the scheme, endorses and uses some of these tools himself.

What must be remembered is that whilst these tools will circumvent the data retention scheme – they place any metadata your activity creates out of reach of the legislation or make it too broad to be identifying – most of them do not protect you from more invasive spying like the programs highlighted by Edward Snowden.

Voice calls

If you make a regular mobile call, your mobile provider will record:

the number of the person you spoke to (or missed), the time the call was made or missed, the duration of the call, and your location.

If you instead use Facebook Messenger Voice, Skype, Facetime Audio, or Signal (iPhone) / RedPhone(Android) instead, all that your mobile provider (or your Internet Service Provider if you’re on WiFi) can record is:

a connection to the service*, the duration of that connection, the volume of data sent and received, and your location.

And if you do this when you’re connected to a VPN, all your mobile provider can record is;

a constant connection to a seemingly random internet server, and your location. Your actual activity – the voice call itself – can’t be associated with a location by your mobile provider.

SMS

If you send a regular mobile SMS your mobile provider will record:

the number of the person you SMSd, the time the call was sent, the size of the message, and your location,

If you use Facebook Messenger, Skype Message, iMessage, or Signal (for iPhones) or TextSecure (for Android phones) instead, all that your mobile provider (or your internet provider if you’re on WiFi) can record is:

a connection to the service*, the duration of that connection, the volume of data sent and received, and your location.

And if you do this when you’re connected to a VPN, all your mobile provider can record is;

a constant connection to a seemingly random internet server, and your location. Your actual activity – the message itself – can’t be associated with a location by your mobile provider.

Additional notes about message apps: your iPhone will default to iMessage for other Apple users. If your text message conversation is blue, it’s secure. If it’s green, it is not.

Signal, RedPhone and TextSecure are fully encrypted. Only the sender and recipient can read the messages or understand the voice communication. These tools also offer protection against more invasive spying, and are suitable for use when travelling in sensitive regions, or for having conversations that must remain strictly confidential. As with Skype, iMessage, Facetime, Facebook and other ‘over-the-top’ services, both parties need to be signed up to the service.

Email

If you use a @bigpond, @optus, @iinet, or another address supplied by your internet service provider, your ISP will record:

the address you emailed, the size of the message, the file names of attachments, the file sizes of attachments, the time the message was sent, and your location,

If instead you use an email address from a specialist email-only provider like Fastmail, or an overseas email service like Gmail or Hotmail, all your ISP (or mobile provider if you’re emailing from a phone) can record is:

a connection to the service*, the duration of that connection, the volume of data sent and received, and your location.

If you do this when you’re also connected to a VPN, all your ISP can record is:

a constant connection to a seemingly random internet server, and your location. Your actual activity – the email itself – can’t be associated with a location by your ISP.

Web Browsing

The data retention scheme means that your Internet Service Provider records:

your IP address, your destination addresses*, your location, the time you connected to the web, the duration you connected to the web, and the volume of data exchanged.

If you use the web when you’re connected to a VPN, all your ISP can record is:

a constant connection to a seemingly random internet server, the total amount of data you exchange, and your location. Your actual activity – the web browsing and downloads – can’t be associated with a location by your ISP.

Connecting to a VPN

Virtual Private Networks create a secure avenue to another network, so that only users on either end of that avenue can view information. When you connect your computer (or phone or tablet) to a VPN, the device acts as if it’s on the same local network as the VPN. All of your network data traffic is sent over a secure connection to the VPN.

As well as private work networks, VPNs can also be used to access the Internet. You’ll be able to use the Internet as if you were present at the VPN’s location. When you browse the web while connected to a VPN, your computer contacts the website through the encrypted VPN connection. The VPN forwards the request for you and forwards the response from the website back through the secure connection. This is how people using a USA-based VPN to access Netflix will appear to Netflix as coming from within the USA.

All your ISP will see is an exchange of a volume of data with your VPN. It’s as if your ISP could see you go into the restaurant and come out again an amount of time later looking a bit full, but it won’t know what you ordered, what you ate, what you spilled, where you sat, or who you talked to.

Setting up a VPN is very easy.

Gizmodo Australia has an excellent summary of recommended VPNs. Most of these don’t keep any logs, to ensure your privacy. They are user-friendly and come with simple installers to run on your OS X or Windows computer, and they have very easy to use iOS and Android apps for your mobile devices. Once installed, and your username and password have been entered, you then simply select where you’d like to ‘be’.

Using a VPN may have a small impact on your data speeds, but usually not much.

Signing up for all the services that work for you, including a VPN, should take you no more than 10 minutes.

* The Attorney-General’s Department has said it will not require ISPs to retain destination addresses – the site or service you connect to – but it has been reported that it is likely to be in most retained datasets anyway, because removing it is an extra step and expense for ISPs.

Further Reading

Centre for Investigative Journalism
Information Security for Journalists – protecting your story, your source and yourself online.

Freedom of the Press Foundation
Encryption Works by Micha Lee focuses on protecting privacy online.

Electronic Frontier Foundation
EFF’s Surveillance Self-Defense offers tips, tools and how-tos for safer online communications. It includes overviews, tutorials and briefings.

TOR
TOR – The Onion Router– allows you to use the internet anonymously. This is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.

File Encryption
File encryption of sensitive data is also really important. Here’s more information.

Provided by Office of Senator Scott Ludlam.