from the not-so-free-world dept.
Two items of news from Australia which mirror similar stories from other countries in the West.
Australian legislation to counter piracy finally released
Kept under wraps until this morning [Mar 26], the site-blocking elements of the Copyright Amendment (Online Infringement) Bill 2015 are likely to please rights holders with their significant reach. The bill, which is set to cost telcos about $130,000 a year, contains no cap on the number of websites rights holders can request a judge to block in a single injunction.
Critics of the regime are likely to argue that having no cap on the scheme could result in what happened in India, where a number of legitimate websites were blocked, including Google services, when a judge agreed to block some 472 websites. An updated judgement fixed the error. But it appears consumers and rights groups won't be able to apply to a court to revoke blocks, as they are not listed as one of the types of parties that can do this.
The competition watchdog, the ACCC, and the communications regulator, the ACMA, are the only people envisaged by the government to be able to apply to revoke a block other than the people behind a blocked site, an internet service provider asked to block it, or a rights holder.
Mandatory Data Retention Becomes Law in Australia
The Australian Parliament has passed a series of amendments to the country's Telecommunications Interception and Access Act 1979, requiring "telecommunications service providers to retain for two years telecommunications data (not content) prescribed by regulations". The Coalition government and Labor party joined forces to pass the laws, ignoring a number of last-minute amendments from the Greens and other senators.
The Register reports that Attorney-General George Brandis continues to misrepresent the data retention requirement:
Brandis told ABC Radio's AM program this morning that “nothing is different to the way it has been for the last 20 years or so”. Yet Telstra recently told a Parliamentary Committee that it doesn't record IP addresses or missed call records for users of its mobile networks. So Telstra is clearly being asked to do something new.
The AM interview we've linked to above is worth a listen because Brandis, six months into the metadata debate, still can't speak with authority on the subject. He jitters and struggles to articulate his position. At times he makes little sense, such as when asked why we need metadata retention when there are so many alternative communications media for ne'er-do-wells to use. His response is that criminals always break the law and will continue to do so despite the new legislation.
Boing Boing reports
The exceptionally broad new surveillance bill lets the government do nearly unlimited warrantless mass surveillance, even of lawyer-client privileged communications, and bans warrant canaries, making it an offense to "disclose information about the existence or non-existence" of a warrant to spy on journalists.
Despite that move away from retaining communications metadata by the EU and continuing concerns in the US about the National Security Agency's bulk phone metadata spying program, the Australian government was able to push through the amendments implementing data retention thanks to the support of the main opposition party. Labor agreed to vote in favor of the Bill once a requirement to use special "journalist information warrants" was introduced for access to journalists' metadata, with a view to shielding their sources. No warrant is required for obtaining the metadata of other classes of users, not even privileged communications between lawyers and their clients. Even for journalists, the extra protection is weak, and the definition of what constitutes a journalist is rather narrow--bloggers and occasional writers are probably not covered.
Warrant canaries can't be used in this context either. Section 182A of the new law says that a person commits an offense if he or she discloses or uses information about "the existence or non-existence of such a [journalist information] warrant." The penalty upon conviction is two years imprisonment.
During the relatively quick passage of the amendments, the Australian government made the usual argument that metadata needs to be retained for long periods in order to fight terrorism and serious crime--even though the German experience is that, in practice, data retention does not help. Toward the end of the debate, when concerns about journalist sources were raised, one senior member of the Australian government adopted a more unusual approach to calming people's fears.
Mandatory data retention is set to begin on October 13th in Australia, but it doesn't look like many telecoms/ISPs are compliant:
Today, October 13th, is the day on which Australian telecommunications service providers are required to start retaining customer metadata in an orderly fashion determined by law, but fewer than ten are ready to do so and some have asked the government if they can store the data without encryption.
The legislation, co-sponsored by attorney-general George Brandis and former communications minister (now Australia's "agile" prime minister) Malcolm Turnbull, officially applies as of today, but a survey of members conducted by industry group the Communications Alliance suggests it remains a shambles.
Out of the 63 providers who responded to a survey conducted by the Alliance, nearly nobody knows what's actually going on: 84 per cent of them aren't yet compliant, just under 58 per cent had submitted their data retention implementation plans (DRIPs) to the department, and of those, nearly 76 per cent don't know if their plans have been rubber-stamped by the Communications Access Coordinator. So: around nine providers, presumably starting at the top where legal and technical resources abound, are fully compliant.
ABC reports on the plight of a small ISP and variance in compliance costs:
Craig runs a small ISP in regional Australia and his business will not be ready to collect metadata.
He said he had begun the lengthy process to explain to the Government how the data will be retained, but it was taking too much time and was putting the business at risk. "We've now reached 400 pages of this document [the DRIP]. It's a very complicated process and it's eating into our profitability," he said. "The amount of time we're spending on it is so high that it has become an unviable thing to continue on. "We have to look after our clients, customers and keep working."
[...] There is a huge variance in estimates for the cost to business of implementing data retention - 58 per cent of ISPs say it will cost between $10,000 and $250,000; 24 per cent estimate it will cost over $250,000; 12 per cent think it will cost over $1,000,000; some estimates go as high as $10 million.