Posted on Thursday, 25 September 2014
This blog is based on the column that appeared in Tuesday's Australian IT on 16 September 2014.
The further that we as a nation travel down the path of data retention with the associated implications for privacy and security, the more important it is that we implement checks and balances to protect the rights of citizens.
This is where I believe independent bodies like the ACS play a critical role in holding the Government and society to account for the way in which such measures are implemented.
The recent media storm over whether or not our political representatives actually understand metadata distracted from the real issue of how new data retention requirements will be enforced and how we as a society will balance the Government’s very real need to know (on some occasions) with the rights of individuals to be safeguarded from over-scrutiny.
When veteran hacker and cybersecurity expert, Dan Geer, addressed the Black Hat conference last month, he posed the question, “Is there any real difference between a system that permits easy, secure, identity-based services and a surveillance system?”
Given that the retention of metadata ultimately enables users to be identified, it’s also important to consider Geer’s subsequent questions: “Do you trust those who hold surveillance data on you over the long haul, by which I mean the indefinite retention of transactional data between government services and you, the individual required to proffer a non-fake-able identity to engage in those transactions? Assuming this spreads well beyond the public sector, which is its designers' intent, do you want this everywhere?”
The current data retention debate is the thin end of the wedge, and how we handle this issue could well set the scene for how our society looks and operates decades into the future... Read more