Academic rigour, journalistic flair

 Subscribe

Technophrenia
On the interface between technology, people and society

VPNs become even more important as ISPs start collecting

customer metadata
Published: April 13, 2017 4.54pm CEST •Updated: April 18, 2017 8.58am CEST

David Glance
Director of UWA Centre for Software Practice, The University of Western Australia

VPNs are becoming essential. Shutterstock

As of today, Australian internet service providers (ISPs) and telecommunications companies are
officially required to collect “metadata” about their customers’ communications. According to the
legislation, this data includes:

name, address, date of birth, email addresses and other identifying information of the person that
holds an account
details of any communication, including:
the mode of communication (voice, sms, email, chat, forum, social media)
the location of the person at the start and end of the communication
the address and details of the receiver of the communication
the network used for the communication (ADSL, Wi-Fi, VoIP, cable, etc).

What it does not include is details of websites a person visits, and nor does it include information
about what they did on those sites.

There is still confusion on this point amongst the public and media, and more generally about what
the data retention law really means for Australians. There is still talk about the need to “hide online
browsing” because of this legislation, when in fact ISPs are not required to save such information.

Even in the US where privacy rules have been overturned by the House of Representatives –
theoretically allowing ISPs to sell or market customer’s browsing history – in practice, ISPs have a
vested interest in maintaining customer privacy.

There is still a strong argument to be made regarding being concerned about the metadata being
stored, and consequently about the steps Australians can make to protect their privacy.

The list of Australian government departments that have requested access to metadata, or have
explicit authority to request access to the metadata, collected by the ISPs and telecommunications
companies is extensive and wide ranging. This means that a larger part of Australians’ lives could
become accessible to these agencies, and the information collected could potentially be used against
them.

The most effective way of protecting privacy of communications on the Internet is to use a virtual
private network (VPN), which will quite simply prevent all details of communications (and yes, also
browsing history) from being visible to an ISP.

Although the use of a VPN is a good idea for protecting privacy, there are still some risks involved in
using this technology. Firstly, VPN users have to trust that the company providing the services is
actually doing what they claim and really protecting their customers. Recently, a large number of
Android VPN apps have been shown to have significant privacy and security issues with them. Even
with the better-known VPN providers, customers are required to simply trust that the VPN provider is
doing what they claim and not keeping records or logs.
There are a set of well known and well regarded VPN providers that have “mostly” operated without
controversy. VPN software has become extremely simple to operate on PCs and mobile devices. With
growing numbers of customers, VPN providers have made an effort to scale servers and bandwidth to
make the potential slow-downs from using a VPN less noticeable.

Theoretically, a VPN can be set up to operate continuously whenever there is a network connection.
This would mean that any subsequent communications done over that network would be entirely
private. Using a mobile VPN would allow even the fact that Facetime or WhatsApp was used to
communicate with someone to be hidden from an ISP.

Without a VPN, the ISP would record that a Facetime conversation occurred between the customer
and another person, the length of the connection and the location of the customer at the time. Of
course, identifying the person that the customer talked to would still take some work in tracking down
an internet address and again, this information might yield only the address of a VPN provider and
not the individual.

VPNs are becoming an essential part of being on the internet. Apart from the privacy aspect, there is
the added security they provide, especially when using unknown wireless networks such as in cafes,
airports, or even at work. They also provide the ability to avoid geolocked content on services like
Netflix, which up until the advent of metadata retention was the main reason for most people using a
VPN, especially in Australia.

Given the commitments to privacy and security made by companies like Apple and Google, it would
not be at all surprising if they started to provide their own VPN services to customers that were
seamlessly built into their devices.

Updated 18th April 2017 at 14:30 to reflect a clarification by a senior media adviser for the Office of
the Attorney General on the organisations that have explicit authority to request access to metadata
under section 110A of the Telecommunications (Interception and Access) Act 1979

PREVIOUS POST

Published: March 28, 2017 Now we are six. How The Conversation is transforming the media landscape
NEXT POST

Published: April 18, 2017 As live streaming murder becomes the new normal online, can social media be saved?