MetaData storage and a more reasonable explanation

Well we seem to have been offered a more reasoned explanation of what the security services are after from David Irvine and Andrew Colvin of AFP. Their argument seems to be that they want to be able to do Traffic Analysis.

Now this seems reasonable and their argument as to wanting a consistent set of storage across various communication mediums makes sense. So we face what seems to be a reasonable request from the Intelligence Community and I wouldn't seek to deny them this.

However there is a lot more in the MetaData stores that they could use for other purposes such as reconstructing browsing histories and also just as a way to troll through stuff via traffic type analysis. I think that they need to offer a clear way that can be publicly shown that they are only using this way. David I. mentioned the Inspector General but this is another part of the community that does not openly engage - there must be a middle ground - why not have a group of cleared folks from community who act as reviewers and report to community.

Something like the ABC Community Advisory board - with hard term limit of say 4 years. 


TRUST BUT VERIFY

Update:

Interesting article on how it just keeps going wrong with these things

Envelopes MetaData, Intelligence and amazingly incompetent Pollies

So harvesting IP metadata and other such from every Internet communication in the country is the equivalent of what we have always done with reading envelopes. Now let us not take that at face value for otherwise the government is declaring that since the Act of Federation in 1901 the Post Master General's Department and it's successor has captured and indexed in usable manner the destination address and sender of every piece of mail in the last 114 years.

Now this seems somewhat unlikely so basically this assertion is a untruth.

Also let us look at the differences between snail mail and TCP/IP style communications.

Snail Mail attributes

• Address is a physical location and not necessarily any individual
• There is no requirement to provide sender details
• Mail is not guaranteed delivery
• Receipt and tracking are rare and extraordinary services
• A plain enveloped letter reveals minimal additional "metadata" about the contents of the letter or volume of data contained
• Point of sending can be anywhere and not related to location of sender
• Sending time and date can not be reliably known other than postmark times at sorting centres - a post box has no memory of who did what when
• There are normally no records of any kind kept by the delivery service
• Letters can be transported by other mechanisms completely isolated from postal system - e.g. couriers

TCP/IP Comms over the Interweb

• Packets are typed by protocol etc - declaring significant data about content-  I am Email or web etc
• Volume of traffic indicates level of activity and volumes of information moving between participants
• Traffic endpoints for both sender and delivery are carefully defined - and traffic can be recorded at many points on journey with great accuracy - unless specific obfuscation measures are taken
• Many traffic types have significant error detection and guarantee reliability
• This type of Metadata is a rich source for retrospective mapping of networks of activity and individuals - it is machine readable and easily stored and indexed and searched - thus the value to Intelligence community

Thus we can see this is a whole new level of surveillance and as such something that could have great value but also can be a very large invasion of privacy and subject to abuse.

It is easy to see why Mr Irvine and his peers see value in such a data store but it will not be cheap and it will be funded by those being monitored. Yet to date no one has presented any hard evidence on value and what the "business case" for this new collection is.

The standard excuse that explaining the use case and the number of times the capability is used is showing secrets is spurious - everyone knows what the capability is - it should be easy to show what the value is in terms of cases, lives and dollars - personally I feel the case is probably pretty nebulous.

The Australian people have the right to TRUST BUT VERIFY