A lot of people may wonder what meta data is, and why it even matters governments throughout the world care so much for collecting it. Let’s take a look at what meta data is all about, how different countries in the world collect it, the amount they collect, and what they do with it.
On the internet, meta data retains information as varied as your name, your email address, your passwords, your IP, the time and day you did a certain thing online, the kind of device you use, where you are, and much more. Meta data is said to be “technical” as well as anonymous, but it says a lot more about you and your use of technologies than you may think. But what do governments make of it, and why are they so interested in that kind of information?
According to official sources, in China, meta data is widely collected and used in many different fields, such as library science, meteorology, computer science, electronics, government, geology, and other industrial or commercial purposes. But it is also used, of course, as a mean of surveillance of its citizens, especially as censorship is very heavy in China, and specifically on the internet. The Chinese government will pass a new Cybersecurity Law on June 1st 2017, allowing officials to pressure ISPs in the country to hand over the metadata of their users if they are suspected of “rights violations”, and to punish them if they refuse to comply. ISPs are requested by China’s highest court to hand over meta data such as their users’ names, IP addresses, and more, to assert the government’s control of the media and online social networks. In that case, meta data allows the government to insure they can easily spot infringers or people who’d spread messages online that aren’t officially approved by the system in order to maintain censorship.
In Europe, meta data is collected according to the EU Data Retention Directive (DRD) since 2006 by ISPs, who are asked to retain their users’ data for up to two years, and to hand over the data to law enforcement if requested. This directive applies to all citizens in the following countries: Austria, Bulgaria, Denmark, Estonia, France, Italy, Latvia, Liechtenstein, Malta, the Netherlands, Poland, Portugal, Slovakia, Slovenia, Spain, Norway, the United Kingdom, Iceland, and Serbia. It is said meta data collected through those means are also used in fighting terrorism. In reality, it also allows ISPs and governments to monitor people’s activities in an effort to subsequently try and tackle online piracy. In April 2011, a report evaluating the Directive was published by the European Commission, and concluded that data retention was a valuable tool for ensuring criminal justice and public protection, but that it had achieved only limited harmonization. There were serious concerns that mandatory data retention was an unacceptable infringement of the fundamental right to privacy and the protection of personal data.
In France alone, citizens’ anger rose as it appeared meta data collected by the government according to the French Intelligence Act of 2015 actually had a very low impact on counter-terrorism, which is what the law was initially put in place for.
In 2015, the Australian government introduced the Data Retention Bill, through which the Australian Security Intelligence Organisation (ASIO) and the Australian Federal Police (AFP), Local councils, Medicare, and many more, can access the meta data of Autralian citizens collected by ISPs and Telecommunication companies without a warrant and for undisclosed purposes. Only the Attorney-General knows exactly which agencies are allowed to access users’ meta data. In 2012-2013 alone, over 330,000 access requests were made for metadata in Australia by different organizations or entities, before the introduction of the bill. The scheme is estimated to cost at least AU$400 million per year, and telecommunication providers as well as ISPs are requested to retain metadata such as telephony and internet history for two years. In Australia, the bill is thought to have been implemented to fight internet piracy, copyright infringements and file sharing. The bill was first strongly rejected by The Greens party, especially since it represented a risk for journalists, but was later implemented after new safeguards were put in place to protect them.
Last November, the Queen of England gave Royal Assent to the controversial Investigatory Powers Act, which ratifies the snooping powers of the UK’s intelligence agencies. Similar in practice to the French Intelligence Act, it aims at fighting off cyber crime and terrorism at what is considered “a time of heightened security threat“, but is perceived by citizens as very intrusive, and for good reasons : for the first time in history, a bill gives the security services the power to hack into computers, mobile devices and networks without alerting the owners, for example by installing malicious software on their system in order to download the information it stores. The bill basically requests ISPs and CSPs to store the internet and communication history of all users located within the UK for a year so the data can be used in any legal investigation. Even though this refers to the meta data and not to the content itself (like messages), the clauses are thought to present a real privacy issue for ordinary users. To this day, 48 authorities are allowed to request access to this information, including the Police Forces as defined in section 81(1) of RIPA, the Met Police, British Transport Police, GCHQ, the National Criminal Intelligence Service, the MoD, the Department of Health, HM Revenue and Customs, and the Home Office.
In the US, meta data is collected and stored according to the Stored Communications Act (SCA). The biggest meta data recording organization is the highly controversial National Security Agency (aka NSA), which commonly records data for the whole planet and stores it for up to a year in its MARINA database, where it is then analyzed. It’s important to note that metadata is not considered actual data in the United States, which allows it to be manipulated in all freedom by all sorts of entities. Amazon is notably known to retain large amounts of data on its customer transactions, and so is Google when it comes to data on searches. Law enforcement can attempt to access such information through any company, even if the targeted people haven’t committed any crimes. However, meta data is not only used in fighting cyber crime, it is also widely used in the USA (and in the rest of the world) for commercial, technologic and scientific purposes, such as the improvement of a target audience in online retail (Google ad services will collect information about your browsing habits in order to propose targeted advertising you may be more interested into). Other meta data like geotagging can also be used by tech giants to identify places and improve GPS services, and much more. However, users should be able to decide whether or not they want their personal information to be used to improve commercial services or third party databases, and that is far from always being the case.
So, considering meta data collection is common practice everywhere in the world, what can users do to protect their privacy? VPN services like TorGuard help people protect their online privacy, and prevent ISPs and other telecommunication providers from tracking their every move online. It is now possible to encrypt internet connections very simply at home and to anonymize your identity to protect yourself and your privacy from abusive data collection laws and processes operated by most countries.