The man charged with developing Australia's new data retention policy has been caught out struggling to identify what online data the Government is seeking to retain.
After confirming he was the man asked by Prime Minister Tony Abbott to develop a mandatory data retention system for Australia, Attorney General George Brandis outlined the relatively simple details of phone metadata, but staggered through a clumsy description of online metadata.
Speaking on Sky News, Brandis joined the Prime Minister in describing metadata as the "name and address on the envelope" that does not reveal "the content of the letter".
When pressed on the details of online metadata, Brandis conceded that it became "a little" more complicated, "but essentially it's the same principle -- it's not content, it's the details of the call".
After Prime Minister Abbottbetween between sites visited online and actual browsing activity -- "It's not what you're doing on the internet, it's the sites you're visiting," he said -- Brandis also grappled with the distinction between URLs visited and a user's activity online:
What people are viewing on the internet when they web surf is not going to be caught. What will be caught is the web address they communicate to.
What you're viewing on the internet is not what we're interested in. What the security agencies want to know, to be retained, is the electronic address of the website.
When you visit a website, people browse from one thing to the next, and that browsing history won't be retained or there won't be any capacity to access that.
When a connection is made between one computer terminal and a web address, that fact and the time of the connection and the duration of the connection is what we mean by metadata in that context.
Complicating the matter further was the question of online services such as Skype, FaceTime and Google chats. Brandis said "not all Skype conversations are going to correspond to the description of metadata" but that the government wants that kind of information "caught".
It is still not clear just what information the Government wants telcos and ISPs to retain -- it says it is in "discussions" with the major players on the issue -- but Brandis indicated that security agencies were "primarily interested in...mobile phone traffic".
While rooting out terrorism might be the primary motivator for the reforms, Brandis joined Prime Minister Abbott in indicating that data retention could be used to prosecute a range of crimes, saying "access to metadata is an extremely useful criminal investigative tool".
However, he said the government was "not interested" in using metadata to prosecute Australians for downloading illegal content.
Backflip on browsing history?
At a 2012 hearing of the Joint Standing Committee on Intelligence and Security, secretary for the Attorney-General's Department Roger Wilkins (who has advised the Department through various Governments since 2008) said the distinction between content and non-content data was the "hinge" of the debate. He also stipulated that non-content data such a URL could reveal information about content.
If you wanted to get that sort of information [a URL visited] then you would need to get a warrant. The reason for that is because the type of URL or address that would be revealed in terms of web surfing does give some indication of the content. If you're going to Pete's Pornography Store or Amazon, it gives some idea of the nature of the communication or the content of the transaction. So that URL would not be available unless you got a warrant.
Despite Brandis' current intent to require ISPs to track web addresses, ZDNet journalist Josh Taylor has unearthed footage from the 2012 hearing in which Brandis said retention of browsing history would be highly unpopular with Australians.
The public would accept a level of mandatory data retention in relation to telecommunications, they would accept the logic of the regime being technology neutral and therefore reaching the internet, but my political judgement is that there is no way in a million years the public wouldn't react very strongly against a proposal unless they were absolutely guaranteed their internet browsing history or use would not be the subject of the mandatory retention regime.
Updated at 11:55 a.m. AEST: Included comments from the 2012 Joint Standing Committee on Intelligence and Security.