26th October 2014
Circulation:
Circulation:
Teresa Gambaro
George Brandis
Scott Ludlum
Christian Milne
Bill Shorten
George Brandis
Scott Ludlum
Christian Milne
Bill Shorten
I am writing to you today to express my
deep concern regarding the proposed data retention bills that are soon to be
presented to the Senate. I want to make it clear that I am not writing to
discuss the question of whether metadata collection constitutes surveillance.
Nor do I wish to discuss the morality of mass surveillance and whether it
violates a fundamental human right. Finally, I am not going delve into the
ease with which this surveillance can be circumvented using readily accessible
technologies such as Tor or VPNs.
Although all of these issues are
concerning to me, there are others who can frame more elegant and
knowledgeable arguments on these points. My objection to these changes stems
instead from my firsthand experience as a Software Engineer; in particular, my
previous experience as a developer of security software and my current
experience working with big data analytics.
My concerns are pragmatic and relate to
the realities of delivering the infrastructure required to support the
proposed legislation. In particular:
·
The cost to the ISP and the
end user
·
The risk to the Australian
people posed by collecting and storing this information
·
The potential for unseen
follow-on effects resulting from decreased competition between ISPs.
The scale of the metadata to be
collected is enormous. One estimate puts it at around 1 petabyte per day. If
you try to store this on Blu-Ray Discs, you would need 20,000 discs Each day.
In my current job we deal with terabytes of data and I have firsthand
experience of the difficulties involved in managing this volume of data (which
is much smaller than the daily volume required to support this legislation). The
cost of storing this data alone is significant, let alone the cost to move that
data around.
This is the point. The data is useless
unless it is accessible.
To be accessible it has to be indexed
efficiently and readily available. Or, it needs to be archived and stored on
media that can be loaded when needed. Both of these approaches present issues;
one is computational, the other is physical (for example storing 20,000
Blue-ray Discs per day). There are then considerations around redundancy and
back up. For this to be useful, the services recording this data need to be highly
available, as do the services storing the data.
All of these technological hurdles can
be overcome. Companies such as Google, Facebook and Amazon deal with these
volumes of data as part of their daily business. These companies succeed
because they have world leaders in technology, building and maintaining
systems to allow them to do it. But ISPs don’t. This isn’t their core business
and it delivers no value to them or their customers. There is no way for them
to recoup the costs of managing this volume of data, other than being
subsidized by the government or by passing on costs to their customers. Either
way, the taxpayers of Australia foot the bill.
Let us say that these obstacles are
overcome and that the impact to the consumer is somehow managed so as not to
drive the cost of Internet connections to high. We are now in the situation
where vast amounts (in fact all) of the metadata describing the online behavior
of Australia’s citizens are stored in a small number of locations hosted by
the ISPs. This represents a sizeable target to anyone with nefarious
intentions. In the past 18 months we have seen two serious vulnerabilities
appear: first OpenSSL’s Heartbleed, and more recently, the Shellshock
vulnerability in Bash. OpenSSL and Bash are two technologies that form the
cornerstone of computing. They power an enormous amount of the Internet, yet despite
being built and maintained by some of the leaders in the field of computer
science, they still had flaws and these flaws were exploited.
These two cases are presented to
illustrate the difficulty in securing software. The data that these laws
require the ISPs to retain is of critical importance. So much so that many
Australians feel uncomfortable with their own government possessing that data.
How would these people feel if this data was obtained by a third party that
was not bound by the laws of Australia? This is the very real risk of metadata
collection. Once again, the ISP is being asked to take on a significant burden
that is not part of their core business and that they are not equipped to
handle. In this case the responsibility is higher as the risk is greater and
they will be competing against a potentially highly skilled adversary.
As a final point, in the event that ISPs
are able to implement a highly secure and cost effective solution to meet the
requirements of this legislation, these requirements will form an enormous
barrier to entry for any future ISPs wishing to enter the market. The cost overheads
this legislation would place on the operation of an ISP would not only be a
strong deterrent to entering the industry, but could also result in the exit
of smaller ISPs from the industry. The net result would be a smaller number of
ISPs operating under punishing business conditions.
In the end it will be the consumers who
suffer. The true cost of this legislation includes the time and resources to
create the infrastructure, but also the risk to the Australian public that
their data is compromised by a third party. The net effects result from decreased
competition and lower service levels. Australia already lags behind much of
the developed world with our Internet infrastructure. The scrapping of the NBN
ensures that this will remain the case. These laws risk pushing us further behind.
As a result of these concerns I have the
following questions:
·
What estimates have been done
on the cost of this metadata collection? This includes costs for the ISP and
for the government body accessing the data when required? What safeguards will
be put in place to ensure that these cost are not passed on to the consumers?
In short, can the government guarantee that these changes will not directly or
indirectly increase the cost of Internet in Australia?
·
What specific measures are
being taken by the government to ensure the metadata is secure and only
accessible by those authorized to access it? Have the security protocols been agreed
on; if so, what are they? These details should not be concealed under the guise
of national security—obfuscation does not create secure systems. Secure
systems are built through strong collaboration with industry and constant peer
review.
·
What protections are being put
in place to ensure that competition between ISPs does not suffer because of
the dramatically increased cost of collecting and managing this metadata. What
thought has been put into the approval and verification process that would be
required by new and existing ISPs to ensure they meet the standard of the
metadata collection? What body will oversee this and how will it be
administered?
I expect that these questions have
already been raised while discussing the legislation. If not, this legislation
is nowhere near ready for passage through parliament. If they have been
discussed then the answers need to be shared with the Australian people so
that they fully understand the impact on the cost of living, the risk to their
personal data and the threat to competition that this the legislation poses.
Sincerely
David
Healy
