It’s fair to say that Australia’s Attorney-General, George Brandis, has been struggling to explain what he means by metadata:

Brandis: “The web address, um, is part of the metadata.”

Journalist: “The website?”

Brandis: “The well, the web address, the electronic address of the website. What the security agencies want to know, to be retained is the, is the electronic address of the website that the web user is … “

Journalist: “So it does tell you the website?”

Brandis: “Well, it, it tells you the address of the website.”

It appears that Brandis is trying to explain the difference between the address of the webpage (the URL) and the numerical address of the computers serving up the webpage and accessing the webpage (the IP addresses).

If so, then there are a couple of problems with the Government’s proposal:

  • a single IP address may serve web pages for many different and unrelated websites.
  • a home user may have many different IP addresses over time

For example, this webpage is hosted by WordPress, as are many many other webpages.  WordPress uses the URL to know which website to serve, not the IP addresses.  Indeed, WordPress use many different computers with many different IP addresses.

Furthermore, and there are exceptions to this, but most home users, when they connect to the internet, will be given a different IP address each time. There are a finite number of IP addresses, and this may change in the future, but at the moment, common current practice is for ISPs to share IP addresses between customers.

As described, the government’s proposal will not work.  To know who is visiting what website, more than just IP addresses are required.