The countdown for ‘intrusive data surveillance’ has expired after 18 month deadline and from this day forward every ISP and Telco in Australia will be bound to perform meta-data retention of every single customer in Australia for at least 2 years.

In October 2015 Australian parliament passed the metadata retention bill and gave all the ISPs and Telco in the industry 18 months period to formulate the strategy to implement and abide by the orders. The orders came as a so called ‘precaution’ for national security to fight terrorism, which is just a sham in the views of privacy advocates.

The reason for going to such length is to keep tabs on every single person in Australia through the law enforcing entities without any warrants. Last year, I covered a progressive story on Australia data retention that the Federal departments, who are not authorized to access the metadata, circumvent the data retention bill restrictions by asking the Australian Federal Police (AFP) to do the work for them.

What that means over 2500 appointed offices of 21 law enforcement agencies plus the unauthorized federal departments can access your private information round the clock for drug crimes in lieu of security operation, as claimed by Dr. Robb Nicholls of University of NSW.

What Your MetaData Looks Like?

Since Telco and ISPs both are obliged for data retention in Australia so your information can include:

Your name and address.

All the details of mobiles and apps including your SIM mobile number.

Date and timestamps of any communication through Email, VoIP, Social Media, Messaging apps, Websites, Mobile.

Recipient of your communication.

All the details of email except body content.

Location of your Internet connected devices (incl. Cell Towers and Wi-Fi hotspots) and more…

Such sensitive data held out of sight like in proprietary silos, we lose out on the benefits we could realize if we had direct control over this data, and chose and with whom to share it, said by Sir Tim Berners-Lee.

How to Protect Your Privacy?

Here’s how you can protect your privacy against Australia Data Retention Law.

Virtual Private Networks

April 13, 2017 marked as #GetaVPN day by Digital Rights Watch provides an immediate solution to prevent ISPs from keeping tabs on your information then paid VPN subscriptions offers the necessary privacy protection to your data.

VPN – Virtual Private Networks – encrypts your communication data with 256-bit AES encryption which is unbreakable yet as it would take 1 billion years to break it using brute force attack. It also changes your IP with a fake one so it becomes futile for anyone to track your communication back to you.

However, you should take care while opting for a paid VPN subscription and choose a VPN provider which has its own DNS servers. You can opt for industry leading VPN providers such as NordVPN, ExpressVPN, and PureVPN which are vastly trusted by people globally, mainly because:

Based outside the jurisdiction of FIVE EYES countries (i.e. Australia, Canada, United States, United Kingdom, and New Zealand). Strict NO (Traffic/Metadata) LOG policy (which means that all the output data is instantly sent to /dev/null sunk directory – pointed out by NordVPN). Encrypt your communication and entire web traffic with 256-bit AES encryption and OpenVPN security Protocol. Owns private DNS (which means all of your data is routed through private DNS and not through your ISP’s DNS). Exclusive security features like TOR-over-VPN (NordVPN) and Split Tunnel (PureVPN).

TOR Network

TOR is a volunteer-based service and runs on a secure TOR network. Australia users can connect to TOR network using TOR browser that makes Internet data retention useless. However, since data passes through volunteer gateways (nodes) therefore the Internet surfing is slow and the privacy protection is only limited to the browser while rest of your network traffic remains exposed for the ISPs to monitor.

If want TOR protection but do not want to change your browser then you can opt for NordVPN because it provides TOR-over-VPN functionality in its service.

Mobile SMS and Calls

Metadata collection is an old and silent practice of governments all around the world and unfortunately you cannot escape that. However, you can shift your calling and texting habits to end-to-end encrypted messaging apps such as Signal, Telegram, Wickr, and WhatsApp that are more private.

If you use Internet via your mobile carrier then it is recommended to use a VPN to encrypt the entire mobile Internet traffic. Also, apps that you use send mobile related information to the developer of those apps so always download apps from a trusted source and developers and read their privacy policies before downloading .

Email Protection

Since Australia Data Retention list includes e-mail tracking therefore it is necessary to protect your emails from your ISP. I would recommend you to move to a more secure e-mail provider such as Protonmail or Tutanota. However, since we are so integrated into Gmail that it might be hard to let go. To add encryption to Gmail, you can install a free Google Chrome extension named Mailvelope which encrypts your email with openPGP encryption. And while you are at it, you can install HTTPs everywhere on your browser to force websites for encrypted certificates.

Social Media Tracking Protection

While Australia Data Retention laws are after your metadata, Social Media platforms are also after your information for analytics purpose and to show you targeted ads.

To prevent social media tracking you can install extensions like Disconnect or Privacy Badger which sends ‘do not track me’ requests and blocks all the tracking URLs.

Conclusion

Since Australia Data Retention is effective and fully operational therefore it becomes your responsibility to protect your information. As discussed earlier the immediate solution is to go for a paid VPN subscription for the time being to protect your information and then look for further options. By following these practices you can greatly minimize the possibility of data retention by ISPs and Telcos.