“Police state”: Privacy czar slams security reforms

6

news Victoria’s acting Privacy Commissioner has filed a strongly worded critique of the Federal Government’s planned telecommunications surveillance and data retention reform package, labelling some of the included reforms as “being characteristic of a police state”.

The Federal Attorney-General’s Department is currently promulgating a package of reforms which would see a number of wide-ranging changes made to make it easier for law enforcement and intelligence agencies to monitor what Australians are doing on the Internet. For example, the Government is interested in establishing an offence which would allow Australians to be charged with failing to assist in decrypting encrypted communications. Also on the cards is a data retention protocol which would require ISPs to retain data on their customers for up to two years, and changes which would empower agencies to source data on users’ activities on social networking sites.

Instead of law enforcement agencies being forced to request multiple different types of interception warrants, the legislation would be modified to allow authorities to request a new more comprehensive centralised type of warrant with multiple powers. Provisions under the ASIO Act for the intelligence agency to request warrants are to be modernised and streamlined, and the agency is to gain the power to disrupt a target computer for the purposes of accessing the information on it — or even to access other third-party computers on the way to the target machine.

However, in submissions to the Parliamentary Joint Committee on Intelligence and Security, which is examining the proposed reforms, Acting Victorian Privacy Commissioner Anthony Bendall said a number of the proposed reforms were wholly inappropriate.

“In my view, this proposal is completely unjustified,” wrote Bendall with respect to the proposed reform which would allow law enforcement agencies to access an unrelated third-party’s computer on the way gathering evidence from the computer of a suspect. “To access a third party’s computer which has no connection with the target is extraordinarily broad and intrusive. These are powers usually characteristic of a police state.”

Bendall repeated this statement with respect to the proposed data retention scheme which would require Australian telcos and ISPs to maintain records of data pertaining to their customers’ communications for two years.

“This proposal is characteristic of a police state,” wrote Bendall. “It is premised on the assumption that all citizens should be monitored. Not only does this completely remove the presumption of innocence which all persons are afforded, it goes against one of the essential dimensions of human rights and privacy law: freedom from surveillance and arbitrary intrusions into a person’s life.”
Bendall noted that the Federal Government appeared to have already withdrawn its support for the data retention proposal, with the Sydney Morning Herald recently listing the proposal as having been postponed until after the next Federal Election. However, he nethertheles noted that “It would appear that public support for this type of proposal is largely absent.”

“As noted in the introduction to this submission, for there to be any extension of intrusive powers, such powers should be legitimate, necessary, proportionate and effective. I fail to see how the proposal achieves any of these. Collecting the data of all Australians does not appear proportionate to the risk of terrorism, nor is it likely to be effective in stopping terrorist acts,” he wrote.

“Like any information system, would-be criminals and terrorists will either find a way around the technological limits (such as using a Virtual Private Network, encryption services, or an anonymity network such as Tor10), or move communications to other non-electronic channels.”

Bendall was particularly concerned by the potential of ‘function creep’ with respect to the data being stored on Australians’ web, email and telephone records, and also about the threat of illegitimate access to the data.

“‘Function creep’ refers to situations where information collected for one reason is used later for other purposes,” he wrote. “I consider it inevitable that, even if safeguards are put in place, the temptation for others to seek access to that data would place great pressure on legislators to amend the scheme to allow other law enforcement agencies and organisations to access the data, and the safeguards upon which the scheme was predicated would be progressively stripped away.”

“Additionally, the extreme risk of a breach of this data (whether accidental or by unlawful access) and the consequential effects is too great. One needs only look at breaches of mass datasets that have occurred in the private sector within the last year to recognise that the additional risks created by of an ISP storing every transaction a user makes online is immense. In my view, a breach of some kind is inevitable given the interest in the data from hackers.”

In general, Bendall noted that since the events of September 11, 2001, the enactment of multiple anti-terrorism laws in Australia had progressively stripped away many civil rights formerly build up under common law for hundreds of years.

About the current package, he wrote: “The Australian Government‟s Discussion Paper proposes amendments to existing legislation and additional proposals, both of which threaten to have an adverse and significant effect on the privacy rights of individuals across Australia. This submission considers that, in general, the introduction of intrusive powers suggested in the Discussion Paper fails to achieve those tests of legitimacy, necessity, proportionality and effectiveness.”

In general, the package of surveillance reforms discussed in this article has attracted a significant degree of criticism from the wider community over the past few months since it was first mooted. Digital rights lobby group Electronic Frontiers Australia has described the Federal Government’s proposed new surveillance and data retention powers as being akin to those applied in restrictive countries such as China and Iran, while the Greens have described the package as “a systematic erosion of privacy”.

In separate submissions to the Parliamentary Joint Committee on Intelligence and Security, inquiry, a number of major telecommunications companies including iiNet and Macquarie Telecom, as well as telco and ISP representative industry groups, have expressed sharp concern over aspects of the reform package, stating that “insufficient evidence” had been presented to justify them.

The Government has argued that the reforms are necessary for national security and law enforcement reasons.

“We must stay one step ahead of terrorists and organised criminals who threaten our national security,” Federal Attorney-General Nicola Roxon said, upon announcing the package. “At the same time, we need to have the right checks and balances in place to ensure that those who enforce our national security laws do so responsibly. Unlike the Howard Government, the Gillard Government wants to give the public a say in the development of any new laws, which is why I’m asking the Committee to conduct public hearings. National security legislation is important – but also important is the trust and confidence that Australians have in those laws.”

Over the next week Delimiter will be examining more of the submissions to the Parliamentary Joint Committee on Intelligence and Security’s review into the Attorney-General’s Department’s proposed surveillance reforms.

6 COMMENTS

  1. Except that the government just passed the Cybercrime Legislation Amendment Bill 2011, with similar data retention provisions (require an ISP to store your internet traffic for 30 days (renewable) on request by law enforcement).

    Great to hear that the Privacy Commissioner put in a detailed submission, but it didn’t do much good last time.

  2. OzLog is a terrible idea!

    Sure get a warrant against a suspect and start logging his activity from that point onwards but don’t log anyone and everyone as suspected crims. Innocent until proven guilty….

    • Considering that the proposed legislation “…fails to achieve those tests of legitimacy, necessity, proportionality and effectiveness…” yet it is guaranteed to invade everyone’s privacy, I would say that it’s not all that tough a line to draw in this instance.

  3. I have always regarded Victoria as a police state – a place where bad legislation (like 3km/h speed tolerances and mandatory bicycle helmets) is trialled by happy little vegemites (backbones optional) before opportunistic money grubbing public servants in other states bring us into line with their ridiculous ideals. If this proposed legislation looks bad to a Victorian public servant then we should all be duly warned.

  4. what makes this dangerous is most people use encryption everyday without thinking about it (internet banking, email, ebay, just for starters) and would have no idea how to decrypt it. But if this data was intercepted or recovered from a HDD a person could find themselves in trouble if they couldn’t decrypt them.

Comments are closed.