Metadata, it's all the rage these days among security organisations, even if those in charge don't have the best understanding of what metadata actually is. Throwing a new spanner in the works — if there weren't enough already — is the apparent inconsistent nature in which ISPs retain your internet activities, with some pitching your data after a couple of days.
However, on the extreme end, there are those who are "storing data for up to two years", according to a story by the SMH's David Wroe. Speaking with spokesperson from the Australian Federal Police, Wroe discovered that no one really follows any particular rules when it comes to data retention, with comments from Communications Alliance CEO John Stanton suggesting it's better for companies to dump what they collect, rather than risk a run-in with the Privacy Act.
The mixed bag of metadata handling isn't a simple complaint about administration, but that it can — and has — interfered with serious investigations. The article describes a situation where the AFP was forced to call it quits on a case where "an internet user who had said online that they planned to sexually assault a baby":
In June last year, Interpol provided IP address details relating to the online comment to the AFP, but the suspect could not be identified because the Australian internet provider kept such metadata for a maximum of seven days.
The detrimental effects of lacklustre metadata retention are then emphasised by Attorney-General George Brandis:
"Both the AFP and ASIO have urgently advised me that inconsistent retention, and even unavailability, of this data is hampering investigations and, in some tragic cases, preventing perpetrators from being brought to justice," Senator Brandis told Fairfax Media.
No one wants any government agency to have free access to their online activities, but on the other hand, it's possible that information is recorded that could aid in catching truly bad people. It's a gigantic grey area with no easy solution, but there has to be a middle ground.