Access to private data has increased by 20 per cent by Australia’s law enforcement and government agencies – and with no warrant. Australians are 26 times more prone to be placed under surveillance than people in other countries, local media report.
In such a way, state structures accessed private information over 300,000 times last year – or 5,800 times every week, figures from the federal Attorney General’s Department showcase.
The data includes phone and internet account information, the details of out and inbound calls, telephone and internet access location data, as well as everything related to the Internet Protocol (IP) addresses visited, the Sydney Morning Herald reports.
Australian media report that every government agency and organization use the gathered telecommunications data, and those include the Australian Crime Commission, the Australian Securities and Investments Commission, the Australian Tax Office, Medicare and Australia Post.
New South Wales (NSW) Police became the biggest users of the private data, with 103,824 access authorizations during the last year – a third of all information accessed by the security forces.
The news triggered massive public outrage, with Australian Greens Senator Scott Ludlam telling Sydney Morning Herald, ‘‘This is the personal data of hundreds of thousands, indeed millions of Australians, and it seems that just about anyone in government can get it.”
He said the move demonstrated the current data access regime was “out of control” and amounted to the framework for a “surveillance state”.
The reports come as the federal government proposes even wider surveillance powers, including a minimum two-year standard for telephone and web providers – a measure causing public controversy.
The president for the local NSW Council for Civil Liberties, Cameron Murphy, told the Australian Financial Review that, according to the statistics, recent proposals to step up police surveillance powers and keep internet and phone data for two years or more was little more than a “fishing expedition”.
“It’s stunning and completely outrageous that so much interception is going on,” Murphy said. “What seems to be happening now is this is being done as a matter of first course and not as a matter of last resort.”
The statistics gathered by the council demonstrate that Australians are 26 times more likely to be placed under surveillance than in comparable countries.
However, a spokesperson for Attorney-General Nicola Roxon indicated that “these new statistics show telephone interception and surveillance powers are playing an even greater role for police so they can successfully pursue kidnappers, murderers and organized criminals.”
Ludlam, on the other hand, detailed what the expansion should be accompanied by.
“It’s incumbent on the parliament’s national security inquiry to recommend some form of warrant authorization be introduced, and that there be a review and reduction of the government agencies that can access the personal communications data of millions of Australians,” he said.
- Spying ‘out of control’ (smh.com.au)
- Sharp rise in private data surveillance (theage.com.au)
- Access to private net, phone use up by 20% – without warrants (smh.com.au)
Australians are fending off threats to their right to privacy from all directions. First, there was Australian Attorney General Nicola Roxon’s push to expand government online surveillance powers, submitted to Parliament in a package of reforms sought in a National Security Inquiry.
Then, on Aug. 22, the Australian Senate approved the Cybercrime Legislation Amendment Bill 2011, granting authorities the power to require phone and Internet providers to store up to 180 days worth of personal communications data. The purpose is to aid in investigations by both foreign and domestic law enforcement agencies, making it especially controversial since it can result in granting foreign governments access to Australian citizens’ communications data. The legislation only allows for data retention in the cases of specifically targeted individuals.
The bill is based on the Council of Europe Convention on Cybercrime – which we’ve flagged in the past as one of the world’s worst Internet law treaties – and the passage of the bill opens the door for Australia to join the Convention.
At least we can welcome the news that one of the most controversial aspects of Roxon’s National Security Inquiry proposal, a vague mandatory data retention provision that would have required service providers to retain all users’ communications data for up to two full years, seems to have been placed on hold – for now, anyway.
Yet at the same time, the newly approved Cybercrime Legislation Amendment Bill 2011 is viewed by some in Australia as a kind of “data retention lite,” and a precursor to the mass, untargeted surveillance that the more extreme proposal may yet usher in. An outcome of the approval of this bill, after all, is that providers will now have to install systems enabling data retention for up to 180 days – and pay for it themselves.
Public Fights Back
Despite the steady march toward expanded online snooping powers for law enforcement in the name of “national security,” a hefty pile of submissions landed in Parliamentary chambers last week, reflecting strong public opposition to the proposed reforms. A total of 177 submissions, representing thousands of individuals and organizations, flowed in to the Joint Parliamentary Committee on Intelligence and Security even though the government allowed only a brief time frame for comment.
Below, we collected some reactions of various Australian stakeholders who drafted lengthy submissions to convey their serious concerns. Civil liberties advocates aren’t the only ones worried about where this is going. The Australian Mobile Telecommunications Association and Communications Alliance, a telecom industry group, also chimed in to express concerns about costly new requirements for telecoms that would come attached to these surveillance measures. Since data retention disproportionately burdens smaller ISPs affected by requiring expensive equipment upgrades, the measure has the potential to hamper innovation by discouraging new startups from entering the market.
Re: Making it a Crime to Refuse to Aid in Decryption
One of the worst ideas contained in the National Security Inquiry package is the creation of a new crime under the Telecommunications (Interception and Access) Act of 1979: Refusing to aid law enforcement in the decryption of communications. That interception law granted law enforcement agencies, such as the Australian Federal Police (AFP) and the Australian Crime Commission (ACC), the ability to legally intercept communications for the first time. Reactions to the proposal hinged on the threat it poses to Australians’ right to silence.
Senator Scott Ludlam, speaking on behalf of the Australian Green Party, had this to say:
While the integrity of Australianʹs right to silence has been damaged by the anti‐terrorism laws, with regard to other criminal offences it remains intact. This proposal further degrades the right to silence, presumably to pre‐trial investigations and undermines the privilege against self incrimination. … The Committee should oppose this proposal as a serious erosion of the legal and human rights of Australians.
Electronic Frontiers Australia, a digital civil liberties organization (which is not formally affiliated with EFF), pointed out a number of problems with this idea:
EFA is concerned about the possible creation of an offence for failing to assist in the decryption of communications for the following reasons:
- it undermines the right of individuals to not cooperate with an investigation
- it poses a threat to the independence of journalists and their sources, particularly in circumstances involving whistle-blowing activity related to cases of official corruption
- it could undermine the principles of doctor-patient and lawyer-client confidentiality and other trusted relationships
- there are foreseeable and entirely legitimate circumstances in which decryption of data is not possible, such as where a password has been forgotten and is unrecoverable.
EFA therefore believes that the Committee should reject this proposal.
Re: Extending the Regulatory Regime to “Ancillary Service Providers”
A discussion paper submitted as part of the National Security Inquiry proposal makes it clear that the Australian government is “considering the need for a new interception regime that better reflects the contemporary communications environment,” i.e. a total overhaul of existing legislation to allow law enforcement to pry into communications taking place over platforms like Facebook or Twitter. The discussion paper defines “ancillary service providers” as “Telecommunications industry participants who are not carriers or carriage service providers.” Ultimately, this suggests the government is angling to bring all forms of online communications into the reach of interception laws.
The Australian Privacy Foundation cited the privacy concerns inherent in this proposal.
Telecommunications legislation already goes much further than regulation in most other sectors in mandating a role for private sector businesses as agents of the state in surveillance and law enforcement (banking and finance is the other main area where this has happened). These proposals would see a further significant extension of this role. Online intermediaries in particular host our communications with our friends, relatives, co-workers etc. They host a vast amount of information, the volume and scope of which is growing exponentially as we move to the cloud, use social networks, etc. Using online intermediaries as an agent of the State dramatically impacts on the state’s surveillance capabilities. Even minor changes in what they are required to do on behalf of government agencies can have very broad implications for people’s privacy.
Ludlam, of the Australian Greens, also blasted the idea.
The Attorney Generalʹs paper does not explain how covering ʹancillary service providersʹ – the many and ever increasing forms of social media – in legislation will address ʹcurrent potential vulnerabilities in the interception regime that are capable of being manipulated by criminalsʹ. The Greens believe it is excessive to extend the reach of surveillance into the retention of all social media exchanges. Does this include all business exchanges on video conferencing platforms?
And EFA pointed out that this proposal could expose anyone to law enforcement scrutiny, not just people suspected of wrongdoing.
Central to many of the services that Australians deliberately sign-up for— e.g. Facebook, Twitter, Pinterest, Apple iCloud, etc.—is the concept of sharing across networks. In surveilling a target’s activities in such services, shared friends or media objects connect target and non-target individuals such that following one surveillance target inescapably involves collateral surveillance necessarily breaching the privacy of non-targets. …. Indeed, “cloud computing” itself underlies “social networking”. As such, the information flows pertaining to individuals cross and recross such services to the point where, again, separating surveillance of a particular target is almost inevitably going to encounter that of other individuals, but in this case in ways that cannot be anticipated and very deeply undermine Australians’ reasonable expectation of privacy.
- Roxon edges towards keeping online data for two years (smh.com.au)
- Roxon backs new online data powers (theage.com.au)
- Australian Government Moves to Expand Surveillance Powers (alethonews.wordpress.com)
- Australian customers could pay for govt spying (zdnet.com)