The Federal Government's proposed new law requiring telcos and ISPs to retain their users' metadata for two years has kicked up a stormy debate about the right to privacy and how much of it we should be prepared to surrender in the interests of national security.
As always happens when a government introduces legislation in a hurry, particularly when the government itself hasn't yet worked out what that legislation is supposed to mean (noting here that exactly what data must be retained hasn't been defined, and that the Attorney General clearly has no idea how to turn on a computer let alone tell us what "metadata" is), the effects of this new law are only just starting to be understood.
Yes, it's going to cost an obscene amount of money to implement – this means a lot more server farms in Mongolia – and you can be sure the telcos won't be shy about passing the cost on to you. And, yes it means that the police and other government agencies will be able to find out, without a warrant, who you had lunch with 18 months ago when you were supposed to be in a work meeting.
But guess what else? Anyone else can get the data too. All that's required is that they're a party in a court case, criminal or civil. If there's even the faintest arguable relevance to that case, they can subpoena your friendly service provider and require it to produce your metadata to the court.
Far-fetched? Let's say you're in the Family Court fighting a property or custody battle with your ex. They can subpoena your telco to get data which will help identify where you were at particular moments, who you phoned, texted or emailed, what the subject was, how often you booked in for facials and where you've been on holiday.
There is nothing in the draft legislation preventing or restricting this use of your data. Rest assured that lawyers will be all over it. We will; it's a treasure trove.
Why hasn't this aspect of the metadata law been discussed? Because the Government didn't think of it. Impressive, aren't they.