Worried about online privacy? You should be. Not only are social media corporations spying on you, thanks to Australia’s draconian, poorly-written and over-reaching cyber “security” laws, the government now want to muscle in further on Big Brother’s territory.
Currently, data and information about your calls, texts and internet browsing history is being stored by telecommunications companies for up to two years (although sometimes longer). It can be made available to law enforcement agencies. The Telecommunications and Other Legislation Amendment (Assistance and Access) Act (TOLA), which passed with bipartisan support in 2018, has been described as being like “giving the government keys to your house so they can come in anytime”.
TOLA is aimed at busting data encryption and contains far-reaching rules which threaten the privacy of ordinary citizens, as well as journalists and whistleblowers. As director for the Centre for Cyber Security Research & Innovation (CSRI) at Deakin University Damien Manuel put it, TOLA ensures you have “no privacy” when it comes to your online information and any technology you use.
But this is not enough for the Coalition government. On February 19, the ABC reported that it is seeking to allow the Australian Signals Directorate (ASD), Australia’s radio and telecommunication spy agency, to have more power to spy and hack in Australia, ostensibly because law enforcement agencies do not have enough power to tackle terrorist groups and online paedophile rings.
The ABC said such a change, already in an advanced stage, would allow the Australian Federal Police (AFP) to ask the ASD for assistance, or it could extend the cyber capability of the AFP. Home Affairs Minister Peter Dutton is on the record as wanting to expand the ASD’s powers.
This should be a major concern for all. The AFP raid on News Corp journalist Annika Smethurst last April after she broke the story that the government was seeking to expand its domestic spying powers is a case in point.
The government’s justification for its new spy powers relies on scaremongering about terrorists and paedophiles.
While Labor supported TOLA unamended, it has since flagged new amendments which include changing the definition of what is considered a “systemic vulnerability” so, for example, the government would not be able to order WhatsApp to completely remove end-to-end encryption from its service.
There is already evidence of operational creep: laws are being used in ways beyond the scope that was initially justified and intended. At a hearing of the Parliamentary Joint Committee on Intelligence and Security (PJCIS) into the data retention laws in early February, examples were given of agencies and departments accessing the metadata that went far beyond the remit the legislation allowed. This included telcos handing over browsing history data along with metadata and enforcement agencies authorising metadata requests.
Dutton’s Department of Home Affairs was singled out by the Commonwealth Ombudsman for not accurately accounting for the communication and metadata retention.
In early February, the South Australian health department revealed it had accessed the phone metadata of a couple that had recently arrived from China and potentially had contracted coronavirus. Leaving aside the question of whether or not this was justified, it is beyond the “serious criminal investigation” scope of the metadata retention laws. As well, there are many other government agencies, such as the Australian Taxation Office, that would also love to have similar access.
The data and privacy breaches being tabled at the PJCIS only confirm the concerns raised by IT professionals and members of legal and privacy groups. In almost every instance, their concerns were ignored making any talk of a “public dialogue” about an expansion of the ASD’s powers hollow.
Given the powers already available to law enforcement agencies under the data retention and TOLA laws, Dutton’s claim that “we have no ability to do anything about [online paedophile networks]” are disingenuous.
As the data retention laws show, once law enforcement agencies have access to more power, they are unlikely to relinquish them. Rather, they will seek to expand their power at every opportunity.
A Bill of Rights is needed to provide some legal protections for the privacy and rights of citizens, journalists and whistleblowers from government spying.