I’m about to head off on a four-day organised hike in Southeast Tasmania. I noticed on reading the suggested packing list that it included a headlamp. Now, I’m not one to buy the first bit of technical gear that I come across. Like most tech geeks, I like to do some research on what’s available and what is recommended, before I commit to a purchase. So, as my wife and I are doing more hiking these days, I googled hiking headlamps and spent a bit of time reviewing the results. I also checked out some YouTube reviews.
My online surfing all seemed pretty random and innocuous until I logged into my Facebook account.
As I scrolled through three or four posts on my timeline from friends, I came across an advertisement for a hiking headlamp described as ‘the world’s best’. How did this happen? I hadn’t been using Facebook to look at headlamps.
My wife and I used to share an Amazon account for buying Kindle e-books. Anyone who knows me will be aware that I’m not the kind of bloke who spends his weekends reading the likes of Pride and Prejudice. However, before I knew it, Amazon was sending me endless recommendations for Regency-era romance novels. It drove me crazy. In the end, I suggested to my wife that she open her own Amazon account. She was more than happy to oblige. Even so, it took some months before the romance novel recommendations disappeared from my account.
It wasn’t the first time I’d realised that someone was watching over my shoulder as I surfed the internet. As a result, I started to think about what kind of data is being collected as we enjoy travelling through cyberspace, and about how it’s being used.
What is metadata?
There is a lot of confusion around the issue of metadata. Even the Australian Attorney-General, the Hon. George Brandis, has struggled to understand it. In October 2014, he got into a terrible muddle when he tried to explain, in a SkyNews interview, the Australian Government’s plans for the mandatory retention of metadata.
Before I had bothered to learn more about metadata, I’d thought it was just the hidden information contained in Word documents or emails, such as the author, the dates when created and last modified, etc. However, it turns out that metadata can’t be summed up quite so simply; and it’s becoming more complicated as technology evolves.
Basically, metadata is structured information that describes, explains, locates or otherwise makes it efficient to retrieve, use or manage an information resource. More specifically, it contains information about a communication (the who, when, where and how), rather than its content or substance (the what), in a wide range of contexts.
For example, for phone calls, metadata includes the phone numbers of the people talking and the duration of their call (not what they said). For internet activity, metadata is information such as the sender and recipient’s email addresses and when the email was sent (not the subject line or the content).
But things become more confusing when we consider how technology is evolving, so that it can differentiate between what is data and what is metadata.
Would you regard the following as data or metadata?
Printed copy of an email
Text transcribed from a voice recording
Text created via optical character recognition.
In each case, they could be either data or metadata, depending on the application.
So, why is metadata so powerful?
I recently caught up with forensic specialist Craig Macaulay, from KordaMentha, to discuss the whole question of metadata. I was shocked by what he told me about some of the more extreme implications of a third party being able to access my metadata.
For example, Craig described a joint study conducted in May 2014 by three US universities that analysed three months of credit card metadata from a Massachusetts shopping centre.
By using just four points of the spatiotemporal pattern created by consumers (two of them were where in the shopping centre they conducted the transaction, and the time of day it took place), they were able to re-identify the purchaser to a 90% accuracy. If they were to include the price of the item bought, the accuracy increased to 98%.
I thought about the implications of government agencies having access to such a tool, but I was even more alarmed to discover that the US Army Research Laboratory was one of the funders of this study.
What are the legal ramifications of metadata?
In March 2015, the Australian Government enacted the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth). While the word ‘metadata’ doesn’t appear in the Act, much of it deals with this topic.
Under the legislation, telecommunications service providers don’t have to retain the content of emails or calls, or include a user’s web browsing history, log-in information or password. However, they do need to retain the following types of data for a minimum of two years:
The type of communication (SMS, phone call, email, video chat, social media platform) and what features were used (data volume usage, call forwarding, call waiting)
The date and time of a communication (when a phone call was made, an email message was sent, or a chat began)
What service was used (ADSL, cable, GPRS, WiFi)
The identifiers of the accounts participating in the communication (email addresses, phone numbers of incoming and outgoing callers, identification numbers of the mobile devices used)
The status of the service and any related account or device
The location of the equipment (phone, WiFi hot spot, cell tower) at the beginning and end of the communication.
It is no secret that the legislation caused a lot of controversy and debate. In order to ensure that the privacy of Australians was protected, more than 60 organisations (including government departments, local councils and the RSPCA) were removed from the list that allowed them access to citizens’ metadata without a warrant
(read article here). Instead, non-law enforcement agencies have to apply directly to Attorney-General George Brandis for temporary approval to access the data.
Before the legislation was passed, 69 agencies accessed metadata. As it turns out, nearly all of the government agencies that snooped on citizens’ phone and internet records without warrants have reapplied to access the data. Yes, 61 non-law enforcement federal and state agencies, including organisations such as Australia Post and Bankstown City Council, have applied to access citizens’ metadata, ostensibly in order to pursue criminal activity or protect public revenue
More recently, the ABC reported that federal government departments have attempted to work around the restrictions established by the legislation by requesting that the Australian Federal Police do the searches for them (read article here).
Where are we heading with metadata?
There is no doubt that privacy is going to be harder to maintain as we continue to embrace the digital era. Social media is intruding into more areas of our lives as each vendor tries to take a greater slice of the pie. Just look at the recent launch of Facebook for Business, and at the increased spend by Apple and Google in the household virtual assistant space in a bid to compete with Amazon.
Big Data is changing how and where metadata is being used. WhatsApp is currently under scrutiny in Germany in relation to the passing on of metadata to its parent company, Facebook. I suspect that this is just the beginning, and that we will see many more cases of your information being shared among all sorts of companies.
If you want to see who is collecting information on what you do, go into your browser privacy settings and set the Cookies setting to ‘Prompt’. You may find it interesting to see how many pop-ups appear from companies that have little or nothing to do with the site you are visiting.
Oh, Mr Darcy!