Australians are fending off threats to their right to privacy from all directions. First, there was Australian Attorney General Nicola Roxon’s push to expand government online surveillance powers, submitted to Parliament in a package of reforms sought in a National Security Inquiry.
Then, on Aug. 22, the Australian Senate approved the Cybercrime Legislation Amendment Bill 2011, granting authorities the power to require phone and Internet providers to store up to 180 days worth of personal communications data. The purpose is to aid in investigations by both foreign and domestic law enforcement agencies, making it especially controversial since it can result in granting foreign governments access to Australian citizens’ communications data. The legislation only allows for data retention in the cases of specifically targeted individuals.
The bill is based on the Council of Europe Convention on Cybercrime – which we've flagged in the past as one of the world’s worst Internet law treaties – and the passage of the bill opens the door for Australia to join the Convention.
At least we can welcome the news that one of the most controversial aspects of Roxon’s National Security Inquiry proposal, a vague mandatory data retention provision that would have required service providers to retain all users’ communications data for up to two full years, seems to have been placed on hold – for now, anyway.
Yet at the same time, the newly approved Cybercrime Legislation Amendment Bill 2011 is viewed by some in Australia as a kind of “data retention lite,” and a precursor to the mass, untargeted surveillance that the more extreme proposal may yet usher in. An outcome of the approval of this bill, after all, is that providers will now have to install systems enabling data retention for up to 180 days – and pay for it themselves.
Public Fights Back
Despite the steady march toward expanded online snooping powers for law enforcement in the name of “national security,” a hefty pile of submissions landed in Parliamentary chambers last week, reflecting strong public opposition to the proposed reforms. A total of 177 submissions, representing thousands of individuals and organizations, flowed in to the Joint Parliamentary Committee on Intelligence and Security even though the government allowed only a brief timeframe for comment.
Below, we collected some reactions of various Australian stakeholders who drafted lengthy submissions to convey their serious concerns. Civil liberties advocates aren’t the only ones worried about where this is going. The Australian Mobile Telecommunications Association and Communications Alliance, a telecom industry group, also chimed in to express concerns about costly new requirements for telecoms that would come attached to these surveillance measures. Since data retention disproportionately burdens smaller ISPs affected by requiring expensive equipment upgrades, the measure has the potential to hamper innovation by discouraging new startups from entering the market.
Re: Making it a Crime to Refuse to Aid in Decryption
One of the worst ideas contained in the National Security Inquiry package is the creation of a new crime under the Telecommunications (Interception and Access) Act of 1979: Refusing to aid law enforcement in the decryption of communications. That interception law gratned law enforcement agencies, such as the Australian Federal Police (AFP) and the Australian Crime Commission (ACC), the ability to legally intercept communications for the first time. Reactions to the proposal hinged on the threat it poses to Australians’ right to silence.
Senator Scott Ludlam, speaking on behalf of the Australian Green Party, had this to say:
While the integrity of Australianʹs right to silence has been damaged by the anti‐terrorism laws, with regard to other criminal offences it remains intact. This proposal further degrades the right to silence, presumably to pre‐trial investigations and undermines the privilege against self incrimination. … The Committee should oppose this proposal as a serious erosion of the legal and human rights of Australians.
Electronic Frontiers Australia, a digital civil liberties organization (which is not formally affiliated with EFF), pointed out a number of problems with this idea:
EFA is concerned about the possible creation of an offence for failing to assist in the decryption of communications for the following reasons:
- it undermines the right of individuals to not cooperate with an investigation
- it poses a threat to the independence of journalists and their sources, particularly in circumstances involving whistle-blowing activity related to cases of official corruption
- it could undermine the principles of doctor-patient and lawyer-client confidentiality and other trusted relationships
- there are foreseeable and entirely legitimate circumstances in which decryption of data is not possible, such as where a password has been forgotten and is unrecoverable.
EFA therefore believes that the Committee should reject this proposal.
Re: Extending the Regulatory Regime to “Ancillary Service Providers”
A discussion paper submitted as part of the National Security Inquiry proposal makes it clear that the Australian government is “considering the need for a new interception regime that better reflects the contemporary communications environment,” i.e. a total overhaul of existing legislation to allow law enforcement to pry into communications taking place over platforms like Facebook or Twitter. The discussion paper defines “ancillary service providers” as “Telecommunications industry participants who are not carriers or carriage service providers.” Ultimately, this suggests the government is angling to bring all forms of online communications into the reach of interception laws.
The Australian Privacy Foundation cited the privacy concerns inherent in this proposal.
Telecommunications legislation already goes much further than regulation in most other sectors in mandating a role for private sector businesses as agents of the state in surveillance and law enforcement (banking and finance is the other main area where this has happened). These proposals would see a further significant extension of this role. Online intermediaries in particular host our communications with our friends, relatives, co-workers etc. They host a vast amount of information, the volume and scope of which is growing exponentially as we move to the cloud, use social networks, etc. Using online intermediaries as an agent of the State dramatically impacts on the state's surveillance capabilities. Even minor changes in what they are required to do on behalf of government agencies can have very broad implications for people’s privacy.
Ludlam, of the Australian Greens, also blasted the idea.
The Attorney Generalʹs paper does not explain how covering ʹancillary service providersʹ – the many and ever increasing forms of social media – in legislation will address ʹcurrent potential vulnerabilities in the interception regime that are capable of being manipulated by criminalsʹ. The Greens believe it is excessive to extend the reach of surveillance into the retention of all social media exchanges. Does this include all business exchanges on video conferencing platforms?
And EFA pointed out that this proposal could expose anyone to law enforcement scrutiny, not just people suspected of wrongdoing.
Central to many of the services that Australians deliberately sign-up for— e.g. Facebook, Twitter, Pinterest, Apple iCloud, etc.—is the concept of sharing across networks. In surveilling a target’s activities in such services, shared friends or media objects connect target and non-target individuals such that following one surveillance target inescapably involves collateral surveillance necessarily breaching the privacy of non-targets. …. Indeed, “cloud computing” itself underlies “social networking”. As such, the information flows pertaining to individuals cross and recross such services to the point where, again, separating surveillance of a particular target is almost inevitably going to encounter that of other individuals, but in this case in ways that cannot be anticipated and very deeply undermine Australians’ reasonable expectation of privacy.