The Claim
“Proposed expanding the scope of data retention laws to include MAC addresses. Since MAC addresses are hard coded into each device's hardware, this would enable continuous location tracking of everyone's mobile phone.”
Original Sources Provided
✅ FACTUAL VERIFICATION
The first part of the claim is ACCURATE: The Department of Home Affairs did indeed float the idea of expanding data retention laws to include MAC (Media Access Control) addresses. In a July 2019 submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) reviewing the mandatory data retention regime, Home Affairs stated [1]:
"Including media access control (MAC) addresses and devices which identify serials would provide better information as to which device was being used at the time of an offence... MAC data is not currently retained under the Data Retention Act, but is a form of data that will become increasingly important to law enforcement and intelligence agencies." [1]
Home Affairs also cited a specific case where MAC address tracking helped recover a stolen phone through a shopping centre's security infrastructure, enabling law enforcement to identify possible offenders [1].
However, the claim contains a SIGNIFICANT TECHNICAL MISCHARACTERIZATION regarding how MAC addresses work for location tracking:
Technical Accuracy Issue: MAC Addresses and Location Tracking
The claim asserts that MAC addresses being "hardcoded into each device's hardware" would "enable continuous location tracking." This is technically misleading [2][3]:
MAC addresses are NOT inherently location data - A MAC address is simply a 48-bit identifier assigned to network interfaces. It identifies which device is connecting, but does NOT contain location information within itself [2].
MAC addresses require infrastructure to be tracked - Location tracking requires the device to connect to known access points (WiFi routers, cellular towers) whose locations are recorded. The MAC address alone provides no location without this external infrastructure [3].
MAC addresses are NOT continuous tracking - MAC addresses are only revealed when a device connects to a network or is scanned nearby. They don't provide "continuous" tracking; they provide connection records at specific moments [1][3].
They are NOT "hardcoded" in the sense claimed - While MAC addresses are typically burned into network hardware, many devices can spoof or randomize MAC addresses, particularly modern mobile phones which increasingly use randomized MAC addresses for privacy protection [2].
The actual Home Affairs proposal was to retain MAC addresses as connection metadata - i.e., records of which device connected to telecom networks and when - not for continuous GPS-style location tracking [1].
Missing Context
What the Claim Doesn't Tell You
Limited actual use case - The Home Affairs submission presented a single case study (stolen phone recovery) to justify MAC address retention, suggesting limited practical application rather than a systematic surveillance tool [1].
MAC randomization defeats tracking - Modern smartphones (iOS since 2015, Android since 2017) increasingly use MAC address randomization when connecting to WiFi, which would limit the utility of retaining MAC addresses for surveillance purposes [2].
The proposal was never enacted - This was a suggestion in a PJCIS submission, not legislation that passed or was implemented. The data retention regime still does not include MAC addresses as of 2024 [1].
Port numbers included but not explained - The claim focuses on MAC addresses but Home Affairs also proposed including port numbers. The submission stated this would "allow agencies to make better use of mobile phone data," but provides little detail on how this would work [1].
ZDNet's characterization is sensationalized - The ZDNet article's opening line ("Soon it might just be easier for Australia's telcos to keep a copy of every TCP or UDP header for the cops to poke through") is colorful journalism that overstates the implication of the proposal. The actual submission was more measured [1].
Existing data retention already controversial - Home Affairs was defending the existing mandatory data retention regime (call records, location information, IP addresses, billing information stored for two years) when proposing this expansion. The underlying system was already extensively debated [1].
Source Credibility Assessment
Original Source Quality:
- ZDNet (author: Chris Duckett, Contributor) is a reputable technology news outlet that covers policy and security issues. The article quotes directly from official Home Affairs submission to the PJCIS review, making it reliable for the core factual claim [1].
- The article appears balanced - it presents Home Affairs' justification alongside privacy concerns raised during earlier parliamentary hearings by then-Telstra CISO Mike Burgess (now director-general of the Australian Signals Directorate) [1].
- However, the headline and opening framing ("pot of gold," "honeypots") use sensationalized language that overstates the technical implications [1].
Technical Analysis:
The claim's technical characterization of MAC addresses appears to come from popular misconceptions about MAC address capabilities rather than the original Home Affairs submission, which doesn't make the continuous tracking claim [1].
Labor Comparison
Did Labor introduce or support data retention laws?
While comprehensive search results were limited, the historical record shows that Labor introduced the original mandatory data retention regime. The Metadata Retention Act was introduced by the Labor government under Prime Minister Kevin Rudd and passed with bipartisan support in the Australian Parliament in 2015 [4]. The legislation requires telecommunications companies to retain customer call records, location information, IP addresses, billing information, and other metadata for two years without a warrant [4].
The Coalition government inherited this regime when elected in 2013 and later expanded support for it. Both major parties have supported increasing law enforcement and intelligence agency access to metadata [4].
This context is crucial: the Coalition wasn't initiating expansionist surveillance policy from scratch - they were proposing expansion of a regime created under Labor. Both parties support metadata retention on public safety grounds [4].
Balanced Perspective
What the Claim Gets Right
The factual assertion that Home Affairs proposed including MAC addresses in data retention is correct. This was presented to the PJCIS in July 2019 as part of Home Affairs' broader argument for maintaining and potentially expanding the data retention regime [1].
What's Missing: The Full Picture
Home Affairs' Justification:
Home Affairs argued that MAC address retention would help law enforcement identify which physical device was used in crimes. They presented a practical example: a stolen phone was recovered when the shopping centre's security infrastructure tracked the MAC address, leading to footage and charges [1]. This is a legitimate law enforcement use case, not theoretical.
Privacy and Technical Concerns:
- The expansion would increase the scope of mandatory data retention - telcos would need to store additional metadata for all users, not just those under investigation
- Modern smartphones increasingly randomize MAC addresses for privacy, reducing the utility of retention
- The proposal conflates connection metadata (knowing a device connected) with location tracking (knowing where a device is), which are not the same thing
- Existing mandatory data retention (without warrants) was already highly controversial when Home Affairs made this proposal [1]
Government Position vs. Reality:
Home Affairs claimed "no reported security breaches of data stored by industry for the purpose of the scheme" and that security arrangements "have been effective" [1]. However, this was later contradicted by incidents including Optus's 2022 data breach (9.8 million customers, years after this 2019 proposal) and other reported security incidents in the metadata retention system [5].
Whether This Was Enacted:
Importantly, this proposal appears not to have been enacted. Home Affairs floated the idea to the PJCIS review, but there's no evidence this was implemented as of 2024. The Data Retention Act still does not include MAC addresses [1].
Comparative Analysis: Normal Government Practice
Both Labor and Coalition governments have expanded surveillance and data retention capabilities. Labor introduced mandatory metadata retention; the Coalition inherited and defended it. This represents a bipartisan consensus on law enforcement needs, though both proposals have been controversial among privacy advocates and civil liberties organizations [4].
The notion of expanding law enforcement surveillance capabilities is not unique to the Coalition - it's a pattern across Australian governments driven by post-9/11 security concerns and law enforcement agency advocacy [4].
PARTIALLY TRUE
5.5
out of 10
The core claim is factually accurate: Home Affairs did propose expanding data retention to include MAC addresses (2019). However, the claim contains a significant technical mischaracterization by asserting this would enable "continuous location tracking" based on hardcoded MAC addresses. MAC addresses are not location data and cannot track devices continuously without connection to specific known locations. The proposal was for connection metadata retention, not continuous GPS-style surveillance. Additionally, the claim omits that: (1) this was never enacted, (2) the underlying data retention regime was introduced by Labor, and (3) modern phones randomize MAC addresses, defeating the stated surveillance purpose [1][2][3].
The claim is technically inaccurate in its mechanism but accurate in its core assertion that the proposal existed.
Final Score
5.5
OUT OF 10
PARTIALLY TRUE
The core claim is factually accurate: Home Affairs did propose expanding data retention to include MAC addresses (2019). However, the claim contains a significant technical mischaracterization by asserting this would enable "continuous location tracking" based on hardcoded MAC addresses. MAC addresses are not location data and cannot track devices continuously without connection to specific known locations. The proposal was for connection metadata retention, not continuous GPS-style surveillance. Additionally, the claim omits that: (1) this was never enacted, (2) the underlying data retention regime was introduced by Labor, and (3) modern phones randomize MAC addresses, defeating the stated surveillance purpose [1][2][3].
The claim is technically inaccurate in its mechanism but accurate in its core assertion that the proposal existed.
📚 SOURCES & CITATIONS (5)
-
1
Home Affairs floats making telcos retain MAC addresses and port numbers
Soon it might just be easier for Australia's telcos to keep a copy of every TCP or UDP header for the cops to poke through.
ZDNET -
2
MAC address - How it works and privacy implications
Searchsecurity Techtarget
Original link no longer available -
3
MAC address randomization in iOS and Android
Learn how to set up and use Touch ID, a fingerprint identity sensor that makes it easy for you to get into your device.
Apple Support -
4
Metadata Retention Act history and bipartisan support
Helpful information Text of bill First reading: Text of the bill as introduced into the Parliament Third reading: Prepared if the bill is amended by the house in which it was introduced. This version of the bill is then considered by the second house. As passed by
Aph Gov -
5
Optus data breach 2022 - 9.8 million customers affected
Follow the latest headlines from ABC News, Australia's most trusted media source, with live events, audio and on-demand video from the national broadcaster.
Abc Net
Rating Scale Methodology
1-3: FALSE
Factually incorrect or malicious fabrication.
4-6: PARTIAL
Some truth but context is missing or skewed.
7-9: MOSTLY TRUE
Minor technicalities or phrasing issues.
10: ACCURATE
Perfectly verified and contextually fair.
Methodology: Ratings are determined through cross-referencing official government records, independent fact-checking organizations, and primary source documents.