TMCnet Feature
November 17, 2020

Tech Misunderstood: VPNs and Australia's Data Retention Laws

In October 2015, Australia’s Coalition government introduced new data retention laws in the country that sent the public into privacy paranoia. According to the contents of the legislation, telecommunication companies were required to maintain metadata logs of their customers for two years and share the recorded information with law enforcement agencies if (and when) asked, to help with any pending investigation.

There was, understandably, a huge amount of backlash. Even the outside world joined in the support of the people of Down Under and described the laws as “dangerous”. However, one particular group saw this as an opportunity.

The rise of VPNs

Few VPN companies started cashing on the privacy concerns of internet users in Australia. They started marketing their products—if not always directly—as fail-safe solutions against the implemented data retention laws. The strategy clicked, and their sales grew. Australia had finally found a silver bullet to its online freedom woes.

To this day, many Australians believe in the ability of VPNs to keep them safe from the prying data laws that exist in the country. They purchase VPN subscriptions, thinking their metadata is well and truly hidden from their ISPs when connected to a remote VPN server. When, in fact, that’s not the case at all.

Can VPNs actually help you evade Australia’s data retention laws?

Even the VPNs that employ the most robust security and privacy protocols can’t help you evade Australia’s data retention laws. Any service that claims otherwise is either completely unaware of what the law says or simply pushing out its product on you.

To better understand, let’s quickly go through the type of data ISPs are required to store under Australia’s data retention legislation.

As per section 187 A of the original bill, your internet company must log the following:  

  • Account details
  • Your internet connect and disconnect time
  • Source (News - Alert) of a communication
  • Destination of a communication
  • Information about the device you use
  • Volume of data transferred to and from your device

A VPN doesn’t hide any of these details. When you sign up for an internet connection, you’re assigned account details, which remain with your ISP. That’s how they bill you. It’s not linked in any way to your VPN use.

Before you even connect to a VPN server, you must be online. So your ISP can clearly see your internet connect time. Any data you send or receive from the remote VPN server passes through your internet company’s pipes. As a result, they can tell the source and destination of the communication and the volume of data being exchanged.

In fact, if we talk about your device’s information alone, even that is visible to your ISP in the headers at times; it’s not encrypted with the traffic.

How can then anyone claim that VPNs are effective workarounds against Australia’s data retention laws? We wish they were, but they simply aren’t. It’s an evident case of a technology misunderstood and misexplained.

Where do we go from here?

Of course, none of this is to discredit VPNs and their many benefits. They are quite handy tools and can keep your online activities private and secure. They may not be able to hide the information about when you connect to the internet or how much data you’re downloading or uploading, but they can certainly keep the contents of your data secret from your ISP.

In the context of Australia’s data retention laws, VPNs can stop service providers and government agencies from overstepping their boundaries and covertly spying on you. That’s arguably the biggest plus point of using VPNs. We have seen in the past how authorities can abuse their rights.

Also, we must mention here that not all VPN providers play the game unfairly. Quite a number of them are transparent about the limitations of VPNs.

So, all in all, let’s not go overboard with our criticism of a technology that already has a strong prejudice running against it, and which is often unjust. Let’s appreciate its good parts and maintain a distinction to what it isn’t capable of.

About the author (Brett Thompson)

With over seven years of experience in the cybersecurity industry, Brett has extensive knowledge of the online privacy space. He believes in digital rights and hopes one day people can enjoy internet freedom in the true sense. VPNs fascinate him, and he actively takes part in various beta roll-outs to make sure users get the best solution possible. In his spare time, you can find Brett talking about streaming services, and he currently own a site too in the same niche.

» More TMCnet Feature Articles


» More TMCnet Feature Articles