Earlier this week, on February 7th, 2016 – Poland passed a new data retention law, which is regarded as very strict and intrusive surveillance law (PL – Ustawa Inwigilacyjna). The new law, drastically increased the possibilities of the Polish government agencies and the police to monitor the citizens internet activity (and more) in Poland.

Just a few weeks ago, Polish people took to the streets to protest the proposed surveillance law but were unsuccessful in convincing the government of their plea for internet freedom and democracy.

What does the new surveillance law mean?

The new law requires the internet providers in Poland to set up data retention technology on their networks in the next two months. They will have to log and store the metadata about each internet user on their network for up to 2 years. The law also extends the scope of cases where access to the retained data is allowed, from aid to ongoing investigations to detection and prevention of crimes. As a result, one doesn’t have to be an official suspect to be placed under surveillance for up to 18 months.

The Law and Justice party, which was elected last October, had proposed stricter data retention laws arguing for national security interests. Sadly, Poland joined a number of countries where data retention is now the law, including Australia, Germany, USA, Canada, France and more.

What is the Data Retention / Surveillance Law?

Polish residents now have limited capacity to exercise their right to privacy online. The new surveillance bill means, all the metadata recorded when you use your mobile or landline phone, send or receive text messages, download or upload anything, send emails or browse the web will be retained by different Polish phone and internet service providers for two (2) years. The personal data will be monitored and could be accessed by police and government agencies – warrant free.

NOTE: NordVPN has 700+ servers around the world, that can help hide Polish IP address and your metadata.

The main issue with the new law is that in two years the data compiled can reveal so much that it becomes a security threat itself. The content of your online activities is not as important as your online habits, preference patterns in combination with your personal details. That type of information if very valuable. If any of the companies (ISPs + Telephone companies) or government agencies mishandle internet user information – the cybersecurity breach could be a serious problem for everyone involved. With so many people handling the data – the likelihood of mishandled data is quite high.

More Worrying Points of Legislation, that are cause for concern:

The legislature does not provision for all your web activity to be monitored all the time. However, ISPs can initiate storage of ‘additional elements’ at their own discretion.

Internet carriers that service free hotspots will too have to report metadata activity.

You are not given notice and consent options for the use of your metadata. The uses of metadata (other than national security threat monitoring) are not spelled out.

If your ‘digital footprint’ raises suspicion after examination, the collected evidence may be grounds for a digital surveillance or phone tap warrant to be issued.

Ways to avoid Metadata Retention:

A VPN encrypts your data through a secure tunnel before accessing the internet – this protects any sensitive information about your location by hiding your IP address. Virtual Private Networks connects you to the internet through an alternative path than your ISP. The only information visible to them is that you are connected to a VPN server and nothing more. All other information is encrypted by the VPN’s protocol. This is handy when you don’t want your real IP traced back to you.

Related: 10 Reasons to Hide your IP

• Connect via Proxy

All packets exchanged between the internet and your device go through a remote machine used to connect to the host server. The IP address of the proxy server appears to be that of a remote machine, which enables the user to hide their true IP address. However, web proxy does not encrypted your traffic. Learn more: VPN vs. Proxy

• SOCKS5 Proxy for Torrenting and P2P

SOCKS5 is an internet protocol which routes packets between a server and a client using a proxy server. To put it simply – your data is routed through proxy server that generates an arbitrary IP address before you reach your destination. It is a good option for torrenting or P2P, but not web-browsing. Learn more: SOCKS5 Proxy.

• Use Skype for communication

Skype is a communication service with servers located in Estonia, which means they do not have to comply with Polish Data Retention Laws. If you connect to use is while using a proxy or a VPN – your conversation data will stay anonymous.

• Use offshore Email Account

There a number of email services that are not based in Poland. Even Gmail is an option to avoid the Polish Data Retention Laws. However, be mindful of other online data retention and sharing programs out there – pay attention to their privacy policy and the country they are based in.

• Tor Network

Tor Network is a privacy network is designed to hide information of which computer actually requested the traffic. Routing traffic through different nodes, it makes it difficult to say whether your computer initiated the connection or it may just be acting as a relay, relaying that encrypted traffic to another Tor node. Learn more: Anonymous Browsing with Tor Network