In March 2015, the Australian Federal House of Representatives passed laws making it mandatory for Internet service providers (ISPs) and telecommunication companies to collect their customers’ metadata and keep it for up to two years. This metadata would then be handed over to law enforcement and intelligence agencies, if need be, to help with their investigations. The agencies won’t require a warrant to obtain the metadata.

After the laws passed, ISPs and telecommunications companies were given 18 months to devise a strategy to implement metadata retention. Most Australian companies, including giants like Vodafone, Telstra, and Optus, requested the entire 18 months to develop their strategy. The deadline for companies to develop their plans is set for April 13.

What’s included In Metadata?

The metadata collected by ISPs and telecommunication companies will include the websites you visit, financial transactions that you make, and a record of your phone calls. All this information will be logged for up to 2 years. Your phone conversations won’t be recorded, but the identity of the person you’re calling, the location from where the call was made, and its duration will be documented.

Quentin Dempster, a leading journalist said, commented on these pending retention practices:

“This country’s entire communications industry will be turned into a surveillance and monitoring arm of at least 21 agencies of executive government. Intelligence and law enforcement agencies will have immediate, warrantless and accumulating access to all telephone and internet metadata required by law, with a $2 million penalty for telcos and ISPs that don’t comply.”

How Does This Affect You?

While the laws passed by the federal government are meant to curb illegal and potential terrorist activities, it’s the ordinary citizen who is caught in the cross-fire. It’s safe to say that terrorists know how to cover their tracks and that the government is pretty much aware of this. As a result, it’s the ordinary citizen whose data gets collected the most.

So how does this affect you? Well, say if you’re ex-wife, former colleague, or a business partner makes a police complaint against you. The authorities can pull up your metadata from the past two years to aid in their investigation.

Another problem that arises from the collection of metadata is that it attracts a lot of hackers. Telecommunication and ISPs in Australia have already warned that storing this data will attract unwanted attention since the data alone would be worth millions of dollars.

Australian Government wants backdoors, Aussies want privacy – what’s the solution?

The Australian Government website released a statement saying, “Metadata is used in almost every serious criminal or national security investigation, including murder, counter-terrorism, counter-espionage, sexual assault and kidnapping cases.” This might mean the government has implemented this law to trace and track people involved in suspicious activities. But that’s not for certain. There’s still a lack of clarity in the telecommunication industry on exactly how the metadata scheme will work and what sort of information would be captured. With that said, members of the public should protect themselves online by using VPNs and secure messaging services.

ISP surveillance is now giving Aussies yet another reason to get a VPN if they don’t have one already. Using VPN is the most legitimate and the cheapest solution to protect your data from your ISP. A VPN works by encrypting your internet data and tunneling it through its own secure server. After connecting to a VPN, your ISP will only know that you connected to a VPN. What you did after that will be pretty much invisible.

The data sent to the server will be encrypted. This means whether it’s your ISP or the government, no one can spy on your data and monitor your activities on the internet. They won’t have any idea which websites you visited, with whom you communicated, or what file you downloaded because the VPN server actually connects you to its own server and not the ISP’s. Your identity will also be hidden and you will become anonymous. At least, that’s the hope with legitimate VPN providers.

Remember, this is not the only solution; there are some other ways to protect yourself, and they are explained here.

About The Author: Anas Baig is a Security Journalist who covers Cyber Security & Tech News. A computer science graduate specializing in internet security, science and technology, he is a security professional and a writer with a passion for robots, IoT devices, and cars. Follow him on Twitter @anasbaigdm or email him directly by clicking here.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.