Pandora’s Box: Inquiry opens universal surveillance floodgates

15

Businesswoman Looking At Glowing Box In Empty Warehouse

news A move by the Greens to set up a Senate inquiry into the potential reform of Australia’s surveillance laws appears to have opened a giant Pandora’s Box of debate about the issue, with Australian law enforcement agencies using the process to demand massively increased electronic surveillance rights, including data retention of users’ communications.

Following a number of major revelations surrounding Australia’s electronic surveillance activities, especially associated with documents released by former NSA contractor and current whistleblower Edward Snowden, the Greens successfully teamed up with Labor in December to establish a formal inquiry into Internet surveillance practices by government agencies in Australia, through a review that will take place into the controversial Telecommunications (Interception and Access) Act.

The Greens have taken a strong stance against the need for unfettered surveillance of Australians by law enforcement agencies, with Communications Spokesperson Scott Ludlam (who is currently campaigning to save his Senate seat in Western Australia) stating that review of the TIA Act was “well overdue” due to its outdated nature.

The Greens appear to have taken the view that an inquiry into the potential future reform of the Act would lead to it being modernised and Australians receiving higher levels of privacy in terms of their usage of telecommunications services. However, if submissions to the inquiry so far are any indication, the inquiry itself may act as a Pandora’s Box for the issue of surveillance in Australia. Already, several different groups have used the forum to call for massively increased surveillance powers for Australian government agencies, although others have also used the forum to call for increased privacy rights for individuals.

Of particular interest to those interested in digital rights in Australia will be the extensive submission put into the review by the Attorney-General’s Department, which contains within its remit most of the Federal Government agencies who make the most use of Internet surveillance — including the Australian Federal Police and the Australian Security Intelligence Organisation.

The department’s submission (available online in PDF format) acknowledges in its opening pages that the privacy rights contained in the TIA Act are inadequate and that oversight of those agencies using the Act to facilitate telecommunications surveillance is also lacking.

“With the development of communications technology … the Act is in danger of no longer sufficiently fulfilling either of its key objectives and its oversight arrangements are, in part, fragmented and incomplete,” the department wrote in its submission to the Senate inquiry. “The privacy protections in the Act, although strong, require future-proofing to keep pace with the changes in technology.”

However, the submission by the Attorney-General’s Department very quickly segues into a discussion of how surveillance powers could be massively expanded through a reform of the TIA Act, to allow government surveillance to penetrate all layers of modern communications.

Of particular concern to the department and its portfolio agencies is the fact that technological change has meant that it’s no longer easy for government authorities to gain access to individuals’ telecommunications records. When the Act was written, most telecommunications took place over tradition PSTN telephone lines owned and operated by Telecom Australia (now Telstra).

However, as the submission points out, there are now multiple layers of networks over which Australians can communicate, including different physical network layers (mobile, copper, satellite, HFC cable), different network providers, different Internet access providers, and even different application service providers such as Microsoft, Google, Facebook, Twitter and more.

In its submission, the department argued that the warrants required to access telecommunications data should be simplified and that all of these layers should be made available through what it described as an “attribute-based” model for access to users’ telecommunications — in short, that warrants would use information such as a time of day or geographic location to target a users’ data, rather than, say, their specific phone number or mobile device.

The department is also seeking further powers. For example, the submission pointed out that criminals are making increased use of encrypted data in their telecommunications, and argued that law enforcement authorities should be allowed to issue warrants forcing individuals or service providers to, for example, decrypt that data. This is not a current power that law enforcement agencies enjoy.

In addition, the department again raised the spectre of controversial data retention provisions — largely rejected by a parliamentary committee last year — being added to surveillance legislation. This would require ISPs and telcos to maintain data on their subscribers’ use of telecommunications services for a set period — the department’s submission gives the example of two years.

Other submissions to the Senate inquiry went even further than that of the Attorney-General’s Department. For example, the Northern Territory Police has called for individuals’ web browsing history to be logged to assist it with investigations and the Australian Federal Police and ASIO both called for significantly expanded data retention and surveillance powers, especially with relation to the power to monitor telecommunications over increasingly popular platforms such as Internet telephony.

Despite the already high number of warrantless accesses to telecommunications data every year — some 300,000 requests were made in the past financial year — virtually every law enforcement agency also called for simplified systems for obtaining warrants for telecommunications interception.

Most of the law enforcement agencies acknowledged the need for simultaneous reform of rules protecting Australians’ privacy from abuse of the powers outlined in the TIA Act and the need for additional oversight of use of the powers; however, their submissions tended to focus heavily on the need for increased powers and only in a minor fashion on the need to protect individuals’ rights.

Only a handful of submissions out of the 35 currently filed — including digital rights groups Electronic Frontiers Australia and the Pirate Party Australia (both tiny organisations) — focused on the need for stronger privacy rights and oversight of telecommunications surveillance.

opinion/analysis
Wow. I think Greens Senator Scott Ludlam may have bitten off more than he — or anyone else — can chew here. I recommend you read some of the submissions published here, especially those from the Attorney-General’s Department, ASIO and the Australian Federal Police. These are mammoth submissions calling for huge increases in surveillance powers and drastically simplified warrant systems, but generally without producing significant evidence that such powers are required.

Australia’s digital rights community hailed the formation of this inquiry as a victory for transparency and accountability in terms of our national telecommunications surveillance regime, in the context of massive government use of that regime.

In response, our extremely well-funded and resourced law enforcement agencies have hit back with the nuclear option, making giant ambit claims for massively expanded electronic surveillance powers, and re-heating demands for comprehensive and universal data retention, even stretching to individuals’ web browsing history logs.

What we’re seeing here is the war for Internet privacy being definitely lost, right in front of our faces. Let us not forget that both sides of politics — Labor and the Coalition — have a strong track record of attempting to give Australia’s law enforcement authorities whatever they want in this area. Data retention, Internet filtering, universal telecommunications surveillance — it’s all been discussed before and is coming up again in this context.

The tiny submissions made by digital rights groups such as the EFA and the Pirate Party Australia, in comparison to these huge law enforcement documents, look like twigs blowing in the wind of a giant hurricane. And in the face of bi-partisan major party support, the Greens’ efforts here will also look quite miniscule. If you’re interested in digital rights and privacy in Australia at all, I encourage you to share information about what’s happening here. It may well be our last chance to escape a society based on universal law enforcement access to all telecommunications.

15 COMMENTS

  1. Peter Sunde’s comments detailed in this article are highly applicable to this debate:
    http://www.wired.co.uk/news/archive/2013-11/18/peter-sunde-hemlis-political-apathy

    I, and I’d say a non-trivial percentage of Delimiters readers, would tend to lean towards technical solutions to bypassing or rendering moot such surveillance legislation. The point of Peter Sunde’s speech, to my mind, is that technical solutions don’t equate to the progress of society. We may get hot under the collar about the issue, and we may go so far as to take technical measures to ensure that “it doesn’t apply to us” but that doesn’t help anyone else, and therefore it’s an apathetic approach.

    One way or another, we need to involve ourselves in the decision making process.

  2. “Give us more reasons to keep our jobs!” – Law Enforcement agencies

    This inquiry ultimately doesn’t matter, in my opinion. Whichever side of government starts adhering to these ridiculous demands is going to find themselves on the other end of an election belting and the pollies know it. Conroy’s filter and the backlash to it was the end of the line for extreme internet surveillance and censorship.

      • It will be, but I guess that all depends on how much noise the Greens make about it, and how much attention the media choose to pay to it.

        • “and how much attention the media choose to pay to it.”

          This would be the same media that somehow hasn’t yet noticed that Turnbull is full of crap.

          The same media dominated by News Limited.

          That media.

          Good luck with that.

          • The same media with diminishing and aging readers who are decreasing through natural attrition.

            There’s a reason they call it the old media.

            This is increasingly an issue no matter how much the marginalised old media and politicians like to pretend otherwise. It’s not a Right/Left issue but rather an Authority vs Liberty one. The Australian Governments (all of them) are very pro unthinking following of their authority and old media backs this to the hilt.

            It’s a philosophical change that we need – and I think it’s still coming no matter how hard they set themselves against it.

  3. What I found amusing in the AGD’s submission was the AGD serially agreeing with its own proposals. (See Attachment A in their submission.)

    So the AGD made a Proposal, the PJCIS rubberstamps it with a matching Recommendation and then the AGD solemnly records its agreement with the Recommendation – all while keeping a straight face.

    • Actually in Government and Business you’ve just described what commonly passes for a rigorous independent review system.

  4. On the politics of it: Both sides of politics will most likely support most aspects of this massive expansion of the surveillance regime. For this reason there will be limited political backlash.

    @Daniel: Every person who is technically capable of protecting their own privacy has a moral obligation to help everyone else get the same level of protection. Privacy is not the right only of a technical elite.

    You are right we do need to involve ourselves more in the political process.

  5. “Despite the already high number of warrantless accesses to telecommunications data every year — some 300,000 requests were made in the past financial year — virtually every law enforcement agency also called for simplified systems for obtaining warrants for telecommunications interception.”

    this is the important part. Law enforcement agencies DO need a streamlined process for getting warrants. As it stands now, they need to get a warrant or a court order for every single type of communication medium that a suspect may use.

    but it must be balanced by strict controls and serious penalties for warrantless access. We need a new law enforcement agency tasked with investigating and prosecuting law enforcement agencies for breaching the law, with appropriate compensation sought for and on behalf of those who have been affected by their breaches, even if they do not know it!

    • I think this is a more prudent approach. Off course law enforcement needs to change with the times, but as we’ve seen with PRISM, they also need significant oversight.

    • 1. The egency to investigate breaking of the law by ASIO theoretically already exists. The agency to investigate breaking of the law by law enforcement agencies already exists.

      2. However that misses the point somewhat – if the law is changed so that there is a massive expansion of the powers of ASIO / law enforcement agencies then they don’t have to break the law in order to do wrong – to a greater and greater extent. This debate is about what the law should be i.e. what powers the law should grant them.

      For example, the NSA claims that US law grants them the power to intercept 100% of network traffic coming from overseas without any kind of warrant. If that’s correct then as far as *your* traffic or *my* traffic is concerned, there is absolutely no risk that the NSA will break the law because the law doesn’t place any restrictions on them in the first place ! (or so they claim)

      3. I’m not sure what you mean by “every single type of communication medium”. Agencies can get a named person warrant. Such a warrant covers a creative suspect who uses services that the agencies don’t even know about and would presumably cover interception of every type of communication medium provided that that medium uses electromagnetic energy.

      4. There are no penalties for warrantless access to telecommunications data because the law does not currently require agencies to get a warrant at all for that !

      Some people think that that should change.

  6. There was a time, not so long ago, when everything on the web was unencrypted. If the police wanted to intercept somebodies connection they could get a warrant and watch everything that passed through the ISP.

    But we gave them and inch, and now they try to take a mile. They now want ISP’s to store all data – and pay for the exercise. In response the big players like Google and Microsoft encrypt their connections by default. There is a proposal to make http2 encrypt all connections by default.

    So in their zeal they’ve turned the internet into a privacy war zone. They demand more access, and in response everyone encrypts their data to deny it.

    In the long run it’s not a battle they will win. Everything will be encrypted by default with perfect forward secrecy. Not only won’t they get their meta data, they won’t even be able to ask ISP’s to spy on connections even if they have a suitable warrant.

    And in the process they have destroyed useful optimisations – like proxies. Idiots.

  7. The pro-NBN lobby cannot muster the electoral support from the masses to even curb the ridiculous trajectory MT seems to be plotting. And most of the names that bob up frequently in Delimiter articles about the NBN can’t even be bothered making a token appearance here.

    Does that adequately detail just how unlikely broad support against these measures is likely to be?

    The majority vote their party unless there is an issue near and dear to them. In terms of brutality and totalitarianism, both parties are trying to race each other to the bottom. And few care to stand against it.

    If we get the government we deserve, what does that say about the electorate in Australia…

Comments are closed.