If you do not want your browsing/email history tracked, you must have something to hide.  This is the new government line.  We must all be secure.  That means giving up a little bit of freedom so everyone feels safer.  I guess it is the same logic that says if we cut all the speed limits by 10 kph, less people will die.  And a few years later someone will say the same thing again.  Suddenly we will be able to walk faster than we can drive.

In the 80’s I worked for Nestle.  There was a great marketing story.  Some genius worked out that if you shaved a millimeter off Maggi stock cubes internationally, you could save hundreds of thousands of dollar.  Not only that, but consumer testing had proven people could not tell the difference.  It was ready to be approved until one of the heads of the company said “No”.  His reasoning was that having saved x hundred thousand dollars, someone would come back in a few years to repeat the exercise and save an equal amount.  After a few cuts people would quietly change brands because Maggi stock cubes were no longer what they used to be.  The term “death by a thousand cuts” comes to mind.

So now to tracking metadata.  Metadata is basically a record that on a particular occasion, a computer or phone in a particular location contacted either a phone in certain location, or visited a certain web page.  It will also record the length of the call, or how long the webpage was visited.  What it does not record is who was using the phone or computer at the time, the contents of the phone call, or the reason.  Could be a wrong number or an incorrectly typed web address.  In fact, it could be some scamming program taking you to a website you don’t want to visit.

If metadata is tracked, records will sit on servers around the world.  Now we know that on the odd occasion, information on Internet servers has been hacked.  There is every reason to believe that at some point this information will become available to people who it was not intended to reach.  Failing that, creeping legislation will make it available to more and more organisations.  A case can be made for all sorts of organisations to get their hands on the data.

Any government who tells you the data is secure is trying to con you.  It is hard to read a newspaper without reference to some data being hacked, leaked or stolen.  It is not uncommon for governments to remove personal identification and make bulk data available for research studies.  It happens all the time.  Lots of companies research medical information provided in an unidentified format.  How many medicare payments relate to GP visits by postcode?  Where are the most cases of snake bite reported?  Has dengue fever spread over the last few years?  All these requests for data have good reasons why they should be provided.

The problem is that the data never exists in isolation.  Match it with some other information and you may just be able to narrow down the person involved.  When the information is cross referenced with another database e.g. banking websites, matches can be made.  How?  The banking website knows you logged in to their site at certain times.  Find the anonymous data with matching web site visits and you know the person.  So now the banks know where else that person visited on the web.  Say they spent time on a real estate search site.  Now the bank knows you are potentially looking for a home loan.  But what if you were researching bankruptcy for a university assignment?  The banks might look at your many visits to bankruptcy sites and assume you are a potential bankrupt.  They could deny you the loan without a reason.

Here is another.  Your brother suffers from depression.  You do some research on the Internet to try and help.  You also apply for a new job.  The recruitment company gets access to your browsing history and decides not to take your application any further because you may suffer from depression.  No reason given for being eliminated from the shortlist.

How about this.  You get spam from a porno site.  You try to stop it by contacting the site.  Over a period of time you send a couple of emails.  Now your metadata has you corresponding with porn sites.  There is no record of what it was about, but your browsing history shows you sending emails to porn sites.  What would mother think????

Tracking metadata is something we think is a bit remote.  Could not effect me.  But think of it this way.  Would you be happy to have a record kept of every person you have ever met in the last three years?  No information on why you came into contact, just that the person was someone you had communicated with.  If the casual introduction was to a seemingly respectable person but that person was a drug dealer you would forever be linked to a drug dealer.  Say you met the parish priest who years later featured in a royal commission, you would be forever associated with a child molester.

So in a few years after metadata collection has been in place, here is my prediction.  Using a few examples of where the metadata threw up innocent calls similar to the ones above, the government will say they propose a fix.  Just record the contents of the call and they would be able to check the context of the conversation, and eliminate the innocent.  They could find the call to the Taliban operative was a wrong number.  The call to a Syrian terrorist phone was due to an incorrect country code.  The calls to Sudan were actually about providing aid, not weapons.  So how could the public object to tracking metadata and content?

If the government is so positive that no leakage of data can ever happen, let them put their jobs on the line.  If data is hacked or stolen, or matched with other data and used at a personal level, they resign ‘en masse’.  At least it will get rid of the Liberal government.