Audio: ALP Supports Amended Version of Govt's ISP Data Bill

Listen to the Audio on ABC.net.au

Transcript

MARK COLVIN: The ALP has agreed to support an amended version of the Government's bill to force Internet Service Providers to keep their customers' data for two years.

It'll let government agencies see what we've all been doing on the phone or online.

Bipartisan support means the bill is likely to pass.

The bodies expected to get access range from various police and customs agencies to the Competition watchdog, the ACCC.

But there's also a provision for the Attorney-General to let other agencies see your data at the stroke of a pen.

Bruce Schneier is the author of Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World.

BRUCE SCHNEIER: Well the first thing we learn is that retaining data has risks. The United States, we've have had some pretty big data breaches; Target Corporation, Home Depot - another retailer, Anthem Health, a medical insurance company.

Hackers broke into these companies and stole tens of millions of records of individuals. If there were data retention laws there'd be even more data, even more personal data. So as soon as companies have your data you are at risk and the government forcing you to be more at risk seems kind of backwards.

And now this data is a risk by the companies and governments that have it and this is data that's used to judge us, this is data that's used for sort of all sorts of reasons that might not be a good idea. Right now businesses decide whether they should keep our data or not based on business reasons.

For governments to say "business be damned, you're gonna do this because we want you to," seems real backwards.

MARK COLVIN: How much does a government know about us from the metadata that it gathers about us?

BRUCE SCHNEIER: That really depends on the government. A lot of governments are collecting surveillance data and that's what metadata is, it's surveillance data. It's where you went, it's who you spoke to, it's what you did, and different governments collect different amounts.

Right, in the United States we collect telephone metadata so the government knows who your friends are, who your associates are, who your intimates are. I mean the people you call late at night, who are going to be your intimate friends.

The Chinese government collects a lot more data. Australian government we believe collects quite a lot of metadata as well. The thing about metadata is it really reveals who you are, much more than your conversations. So governments know a lot, the question is what they do about it and that depends on the government of course.

MARK COLVIN: And big stores and commercial companies also know a great deal about you?

BRUCE SCHNEIER: Well this again depends on which country you're in. In the United States there's a lot of corporate surveillance going on, on the internet and off, and data brokers are a huge industry in the United States, buying and selling our personal data.

Data of the things we purchased, data of the places we go, the things we look for online. There are hundreds of companies that track us on the internet and this data also provides a surprisingly intimate picture of who we are.

This is data that's used for physiological manipulation, persuasion, convincing you you want to buy something you might not want to buy before you are convinced. Our governments use this data, so yes there's quite a lot of intimate information about us on the internet.

I mean think about it, Google knows exactly what kind of porn every listener likes. Facebook knows you're gay even if you haven't come out. You could use Twitter to figure out where people live even if they don't announce it. A lot of information that we think is private is known by these companies. In the US we have a ride-sharing service called Uber, it's like an internet taxi.

MARK COLVIN: That's come to Australia too.

BRUCE SCHNEIER: So Uber knows where you get dropped off and where you get picked up. It knows the routes. In the United States, the president of Uber posted a funny post on his website, where he looked at people who used Uber to have sex.

So he found rides, people went somewhere late at night and came back the next morning. And he published fun statistics of which cities were the best for this, which neighbourhoods, and he published aggregate stats, so he didn't announce who is using Uber to go have sex, but he has the individual stats, he could have and there's nothing in US law preventing him from doing it, it's just really creepy.

MARK COLVIN: But what about the argument that governments regularly use, which is that if you've got nothing to hide then you've got nothing to fear and that they need these things to trace terrorism and international crime.

BRUCE SCHNEIER: Well, it's a dumb argument.  You know everybody that makes that argument doesn't announce everything they do and they don't put themselves under surveillance, they don't give a detailed account of where they've been every minute, how much money they have, what they buy.

Privacy is not about something to hide, privacy is about personal individuality, autonomy, freedom, privacy is about how you present your face to the world, all those politicians know that. They carefully craft the image they present and they do that because privacy is important, and we all do it.

You know as to the, we needed to catch terrorists and criminals argument, you know I haven't seen at least in the United States a giant crime wave of crimes unsolvable because of the police being unable to eavesdrop on data. You know there might be some enormous crime wave in Australia they desperately need data retention or all of these murderers are going scot-free.

I don't know the data, I kinda doubt it, but police have been solving crimes for a whole lot of years and at least in the United States whenever you ask them, "can you give some evidence of that idea that you can't solve crimes or stop terrorism without it?" they never can produce real examples, they've just got to make up hypothetical stories.

So when a politician says that press them on it, get the data.

MARK COLVIN: Bruce Schneier, whose book is called Data and Goliath. And you can hear a longer version of that interview on our website from this evening.

Categories: Audio, Recorded Interviews, Text, Written Interviews

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.