(mis)adventures in software development...

28 November 2014

Metadata karma

Category Technology

The government did a couple things I found really disturbing recently.

Well, actually, that seems like a ludicrous understatement given recent events in Australian politics.

Recently, everything this government has done has been disturbing on some level.

For the sake of brevity however, if nothing else, let’s consider just two for now: the mandatory data legislation introduced in recent months; and the prosecution of 21 year old student Freya Newman for uncovering evidence of a secret scholarship awarded to the daughter of the Prime Minister.

The latter has recently concluded, with Freya Newman being sentenced to a 2 year good behaviour bond earlier this week. The former will drag on into next year, the government’s attempt to ram the legislation through like the first two tranches of new national security laws having thankfully failed.

While not directly related, apart from the fact I consider both to be quite shitty things for a government to do, I think it’s interesting that the debates surrounding both played out around the same time.

They’re both issues that you can slice and dice in different ways, and look at from different angles. Generally, I suspect one’s interpretation of both to be colored by how much one trusts the motives of government in general, and this government in particular.

Personally, I have little benefit of the doubt left to give. I have little trust in any government generally, abject apprehension of our current one, and nothing but outrage and dismay at both the prospect of metadata retention and the way Freya Newman was treated.

On both issues I think government motives are far from pure.

For mine, there is little ambiguity: mandatory data retention is an invasion of privacy and represents massive government overreach; Freya Newman might have technically broken the law (possibly a stupid law), but she did nothing wrong, and the information she revealed was definitely in the public interest.

As Senator David Leyonhjelm says, “We should be watching the Government, not the other way around.”

Which is why Freya Newman’s actions were in the public interest. As voters, we have a right to know that a private design school — which stood to benefit from an Abbott government’s policies — had given Frances Abbott a secret scholarship. Not to mention the hypocrisy of the Prime Minister’s daughter given a free ride after all the “lifters and leaners” rhetoric by this government. Probably why the Prime Minister hadn’t publicly declared the scholarship. It was an embarrassing revelation for the Prime Minister.

But while the public has a right to know what our politicians are up to, supposedly on our behalf, the government has no right to invade the privacy of law abiding citizens. Spying on the innocent with mass surveillance is going to far. It will not make us safer from terrorist. But it will undermine our democracy, and our privacy.

Amongst other things, data retention is a deterrent to whistleblowers coming forward to expose government (or corporate) corruption. Which is another aspect the data retention laws have in common with Freya Newman’s prosecution — the intention of both is to discourage whistleblowers. Well, whether it’s an intention or a side effect is debatable, but it will be the result nonetheless. A result that’s beneficial to government, but detrimental to democracy.

Freya Newman was prosecuted to send a message to anyone else who might consider revealing information that proves inconvenient to the government. As her lenient sentence demonstrated, her “offence” was a minor one at most. What she did wouldn’t even have been illegal if it involved a public university, as opposed to a private school.

The authorities have discretion about what they do or don’t prosecute, and it’s likely Freya Newman was only prosecuted as punishment because she revealed information embarrassing to the current Prime Minister. It’s unlikely she would have been charged if the scholarship in question had involved someone less high profile than a sitting Prime Minister’s daughter. It was a vindictive use of the legal system to punish a past whisteblower and discourage future ones.

With the prosecution of Freya Newman, this government has shown it doesn’t take kindly to whistleblowers, and is willing to abuse the legal system to punish them. Even if they’re just a 21 year old university student. This is a reason in itself to be suspicious of government motives when it comes to data retention. While the government might say it’s all in the interests of national security, their real agenda likely involves some combination of whistleblowers, activists, and illegal downloaders.

However, there might actually be a small upside to all this. The government has shown itself to be way out of its depths on the technical issues surrounding metadata retention. Or even definitions of metadata.

Politicians also have a remarkable ability to either ignore or underestimate side effects of their laws, in their misguided belief there is no problem that can’t be legislated away.

These two factors could combine to produce some entertainingly ironic results.

While metadata retention will likely result in less whistleblowers coming forward, it creates the all too likely possibility that the retained metadata will be hacked and leaked. Any hacked metadata will likely contain metadata on politician, their families, business associates, mistresses, etc. This leaked metadata could be mined to expose information embarrassing or damaging to the government. So when one door closes, another opens.

Because if and when mandatory data retention is introduced — and it probably will be, eventually — I can’t imagine any scenario where ISPs are forced to store so much data unnecessary to their core business, and manage to do so securely.

The metadata will inevitably be hacked. It will be hacked because data retention will be really expensive, and IT security is complicated and difficult at the best of times. Already there is squabbling about who will pay for it. Which means it’s likely to be us, the consumers. And when time or money constraints impact any IT project, security is the first thing to suffer.

So the one possible bright side from the government introducing a misguided mandatory data retention regime, possibly in an attempt to discourage whistleblowers revealing government secrets, is that it will lead to hackers getting at the metadata of politicians and revealing government secrets.

The results should be entertaining, and the schadenfreude will be exquisite, as hopefully those politicians who voted for stupid metadata laws will have their careers embarrassingly destroyed by an unnecessary metadata regime they introduced.

It will be karma through metadata. Hopefully.