Australia’s controversial metadata laws are not going to stop terrorism, according to one counterterrorism expert.
Speaking at a parliamentary review hearing into the metadata retention legislation last Friday, Dr Isaac Kfir warned that the laws were “disproportionate” and may unintentionally aid terrorist groups.
“Some such measures help fuel conspiracy theories and support extremist narratives as to the need to undermine the current political system that we have,” Dr Kfir said.
“There is an assumption by many within that world that the government already surveils them and therefore they need to find different ways to challenge the system.”
Kfir’s concerns speak to the language used by federal government ministers during parliamentary debates around the laws that requires carriage service providers (telcos and ISPs) store certain information about their clients’ telecommunications usage for at least two years.
When introducing the Metadata Bill in 2014, then Communications Minister, Malcolm Turnbull, said that “access to metadata plays a central role in almost every counterterrorism, counterespionage, cybersecurity and organised crime investigation”.
“No responsible government can sit by while those who protect our community lose access to the tools they need to do the job,” Turnbull said.
“In the current threat environment in particular, we cannot let this problem get worse.”
It doesn’t quite work that way
Unfortunately, Dr Kfir said the rhetoric claiming metadata retention would be useful in counterterrorism efforts has actually made the job tougher for security agencies.
Chair of the Parliamentary Joint Committee on Intelligence and Security (PJCIS), Andrew Hastie, was skeptical of Dr Kfir’s claim, saying that “whether or not the government’s interested in their data doesn’t necessarily change [terrorists’] fundamental assumptions about the world, their cause or, indeed, deter them from doing harm to fellow Australians.”
Dr Kfir said he was more concerned that a heightened perception of government surveillance helps decrease trust in democratic institutions, citing a recent report from the Cambrige Centre for the Future of Democracy that found global satisfaction in democracy appears to be waning.
“Now, again, there are a variety of issues, one of which seems to be a decline in the political system in democracies,” Dr Kfir said.
“I do think we need to be mindful that ethnic minority communities are very concerned about how the data is collected, why it is collected and the ramifications that will come with such collections.”
Furthermore, Dr Kfir argued that the metadata retention regime is ineffective as a counterterrorism tool because it sends extremism into more technical, less mainstream online spaces that are more difficult to track.
“It certainly fuels the assumption that the government is always listening and therefore individuals are migrating to other platforms,” Dr Kfir said of the laws.
“[Instead] they would use TamTam. They would use a variety of DWeb facilities. They would even use the dark web. They would form their own little niche communication systems. They’ve moved away from the mainstream platforms for which the measure was designed in 2015.
“Metadata retention might be useful after a terror attack, but in terms of predicting, there is no – at least to my knowledge – publicly available information to show that metadata retention helped foil a terrorist attack.”
A transparent envelope
While Dr Kfir’s testimony questioned the efficacy of metadata retention laws in counterterrorism, other speakers at the parliamentary review noted cases where law enforcement were actively using the regime.
Commonwealth Ombudsman Michael Manthorpe mentioned examples of agencies even receiving more data than they expected from telcos, citing an ‘ambiguity’ in the law that appears to let the content of web pages creep into the stored metadata.
“Essentially the piece of ambiguity we have observed through our inspections is that sometimes the metadata, in the way it's captured –particularly URL data and sometimes IP addresses, but particularly URL data – does, in its granularity, start to communicate something about the content of what is being looked at,” Manthorpe told the committee.
“In some cases the descriptor is long enough that we start to say to ourselves, 'That's almost communicating content, even though it's captured in the URL’.”
He confirmed that, in some cases, telcos were storing the URLs visited by their clients and providing them to government agencies as part of metadata request.
Hastie described it as though “sometimes there’s information on the envelope,” borrowing George Brandis’ ill-fitting analogy from 2014 when he said, of the metadata laws, “imagine a letter, right, the meta is the name and address on the envelope, not the content of the letter”.
Metadata laws aren’t going anywhere
During the PCJIS hearing, Labor’s Anthony Byrne let slip that the committee was “likely” to recommend the metadata laws be retained, though “it might be in a quite modified form”.
Both Privacy Commissioner, Angeline Falk, and Human Rights Commissioner, Ed Santow, expressed concern that metadata was being indiscriminately held for longer than necessary – with Falk mentioning that “the impact of any data breach can increase with the commensurate increase in the volume of data that is retained”.
Santow also said he was concerned about the lack of legal framework governing ‘verbal’ authorisations to request metadata – something Commonwealth Ombudsman Manthorpe also flagged.
The PJCIS will hold another review hearing on Friday, 14 February. The committee will hand down its review of the metadata retention regime by 13 April.