Ben Grubb
The RSPCA, councils and other law-enforcement agencies can obtain reporter Ben Grubb's internet and phone metadata but Telstra won't release it to him. Here he details his 15-month fight for access.
I'm in a non-descript building in Sydney's central business district.
In a hearing room inside are 13 people. Five work for Telstra, six work for the privacy commissioner, one is an expert witness. They are here to hear what they see as a landmark case.
On the other side of the room is me, representing myself.
Telstra's representatives, flown from Melbourne, include their chief privacy officer, an in-house lawyer, a hired barrister, and two other senior officials.
This hearing isn't where I expected to be 15 months ago when I sent Telstra an email requesting access to my metadata.
But, after more than a year of phone calls and emails and a private mediation session, it still hasn't released the information or answered my one key question satisfactorily: the government can access my Telstra metadata, so why can't I?
My local council, the Australian Taxation Office, spy agency ASIO and Australian law enforcement authorities including federal and state police and even the RSPCA can trawl through my internet and phone metadata, seeing who I've spoken to – and who has spoken to me – for how long, where and on what date.
They can also potentially see which websites I've visited, who's emailed me, who I have emailed, and much more.
My geo-location at any time – sometimes down to the street or house – can also be exposed by metadata, thanks to mobile phone tower triangulation.
And importantly, access to this type of information by agencies is without judicial oversight and done more than 330,000 times each year. Considering this, you'd think I should be able to access it too, right? Apparently not, according to Telstra.
After former US National Security Agency contractor Edward Snowden leaked thousands of top-secret documents revealing the extent of spying by the US and other "Five Eyes" agencies, including ones in Australia, I decided it was time to see if I could access what they could on me from my telco.
So I asked Telstra to provide me with all of the metadata it had stored about my mobile phone account, informing them that they had a duty to do this under the Privacy Act's National Privacy Principles, which gives Australian citizens a right of access to their "personal information" from a company, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
After about a month of back and forth phone calls chasing up a response, Telstra refused me access, saying I needed a subpoena to access the data. A subpoena is a writ usually issued by a court with authority to compel production of evidence under a penalty for failure.
As I didn't have the cash to sue Telstra and get a court to issue a writ, I complained to the federal privacy commissioner, claiming Telstra was in breach of the Privacy Act.
On Thursday last week the public hearing was held before the commissioner, his staff, an expert witness assisting the commissioner, and five Telstra representatives.
Just before the hearing, Telstra handed me printouts of all of my Telstra bills dating back to January 2011 in a big binder along with a CD it said contained more granular information about which mobile phone tower I was connected to when I made calls.
But the CD and invoices didn't include the metadata I was seeking. After all, I already had access to most of this information through my bills on the Telstra website.
In the hearing shortly after, Telstra's barrister Jeremy Masters spent more than two hours explaining Telstra's reasons for refusing access, which centres on the company's belief that my metadata is not personal information because it is not information about an individual whose identity can reasonably be ascertained from the information in isolation (i.e. without my identity attached)
Telstra also argued that identifying, gathering and providing me access to my metadata would be a difficult and expensive exercise, which would have an adverse impact on the operation of its network.
It's an odd statement, considering they provide this type of information every day to government agencies for a fee – a fee I am also prepared to pay.
Telstra's one and only valid argument to date has been that identifying who calls me would be in breach of that person's privacy if they called from an unlisted number. I've agreed and said that in providing me with my metadata they should remove unlisted numbers.
They argue this would be too difficult to do, which I think is baloney.
Privacy commissioner Timothy Pilgrim is set to decide within the next little while who will win. I am hoping he will side with me, especially considering a response to a freedom of information request by reporter Josh Taylor for access to Attorney-General George Brandis' metadata resulted in the Attorney-General's Department calling that metadata "personal information".
The government is still considering whether to reveal Brandis' private metadata and has asked Mr Taylor for more than $600 in order to consider divulging it.
In the meantime, Australians face the very real prospect of having all their personal metadata stored for up to two years when the federal government introduces a bill later this year - possibly this month - that forces mandatory data retention on all Australian communications providers.
The government is sneaking the new laws in under the guise of "national security", but already access to this data has been used for questionable purposes.
Take for instance the case of senior officials at Queensland Police allegedly accessing metadata of cadets last July to determine whether they were sleeping with one another or faking sick days. This was labelled by the state's police union as "disturbing" and "potentially unlawful".
Then there's the many times the Australian Federal Police have used metadata in an attempt to find out the source behind a leak in Canberra. Veteran political reporter Laurie Oakes famously had his telephone records trawled through in 2008 to find out who was behind an embarrassing cabinet leak.
Metadata checks were also used in 2004 to find the alleged leaker of Department of Veterans' Affairs material to reporters Michael Harvey and Gerard McManus, according to the Herald Sun. Both reporters refused to name their source and in June 2007 were convicted of contempt of court and fined $7000.
Less controversial requests include Bankstown Council in NSW using metadata to find and fine litterbugs, and the Department of Commerce in Perth using it to track down illegal car dealers.
There are many more examples. Given this, do we really want councils, the RSPCA, the AFP and other agencies having warrantless access to this data, especially considering we ourselves can't access it?
In my view, it's time agencies got a warrant for trawling through it and it's time Telstra handed over what is clearly my personal information.
I await with bated breath the privacy commissioner's decision.
20141015
Spies can access my metadata, so why can't I? My 15-month legal battle with Telstra
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment