The government’s proposed extensions to National Security powers pose serious threats to the security, privacy and freedom of all Australians.
Among these proposals are:
- mandatory retention for two years of data relating to the internet and telecommunications activity of all Australians. This data could include records of your phone calls and texts, your location (if you use a mobile phone) and who you send emails to and who you receive them from. As Sir Tim Berners-Lee said when he was down under last year, retention of data on this scale “is so dangerous, you have to think of it as dynamite”.
- giving ASIO the power to ‘disrupt’ computers by adding, modifying or deleting files.
- giving ASIO the power to spy on a number of computers – including a whole computer network – under a single computer-access warrant.
- giving ASIS (Australia’s foreign intelligence agency) the power to collect intelligence on Australian citizens overseas.
- creating a new criminal offence, with a maximum penalty of 10 years imprisonment for revealing information about ‘special intelligence operations’. This comes with no exceptions and would apply to journalists, even if they were unaware that they were revealing information about such an operation.
Taken together, these and the other proposals would create the potential for government surveillance on a massive and unprecedented scale, with serious implications for the privacy and civil liberties of all Australians. They could have a serious chilling effect on free speech by inducing people to self-censor.
They would also seriously undermine media freedom by allowing police to track who journalists are communicating with, particularly when considered alongside the new, extreme anti-whistleblower offences contained in the first tranche of legislation proposed by the government (see below). Shadow Attorney-General Mark Dreyfus has called the anti-whistleblower section of this legislation (section 35P) ‘an unprecedented overreach’ by the government that the Labor Party will be opposing.
We believe these proposals undermine the presumption of innocence and would create a situation where all Australians would be considered potential suspects, rather than enjoying the freedom from government surveillance and interference that we deserve as citizens of a democracy.
If you care about your privacy and civil liberties, and agree that Australians should be treated as Citizens, Not Suspects, please support this campaign to fight these proposals.
What is metadata?
Metadata is literally ‘data about data’. In the context of communications, this can include information such as the identity of the users involved in that communication, the time, date and duration, the location of the users and so forth.
The government’s initial attempts to define what communications data they are seeking to retain and access have been nothing short of disastrous (see the Attorney-General’s attempt here) and worryingly suggest that the initial decision by Cabinet’s National Security Committee to proceed with a mandatory data retention scheme was an example of ‘policy done on the back of an envelope‘ by a group of digitally illiterate politicians with very little real understanding about what they’re proposing.
One fairly clear definition of what data is being sought comes from a one page sheet distributed by the Australian Federal Police during the hearings of the Parliamentary Joint Committee on Intelligence and Security hearings in the last parliament. This document defines the data being sought as follows – in the context of both telephone (landline and mobile) and internet communications:
1. Information that allows a communication to occur
- The Internet identifier [IP address] assigned to the user by the provider
- Numbers called and texted
- The ‘Service Identifier’ [Phone number, email address, VoIP ID etc] used to send a communication
- Time and date of the communication
- Location information, based on the cell tower a mobile phone is interfacing with
- Duration of the communication
2. Information about the parties to the communications
- Name and address of customer (subscriber)
- Contact details of customer (subscriber) including mobile number, landline number and email address
- Same information on recipient party if known by the service provider
This is, however, only one definition, from one agency.
What can metadata reveal?
Tony Abbott and George Brandis have likened this information to the seemingly innocuous analogy of reading the details on an envelope (the metadata), but not the letter itself (the content). In reality, however this information can reveal far more than the content of the communications itself.
As US whistle-blower Edward Snowden puts it:
“What you care about is the metadata, because metadata does not lie. People lie on phone calls when they’re involved in real criminal activity. They use code words, they talk around it. You can’t trust what you’re hearing, but you can trust the metadata. That’s the reason metadata’s often more intrusive.”
The former General Counsel of the NSA, Stewart Baker explains the power of metadata in even simpler terms:
“Metadata absolutely tells you everything about somebody’s life.”
This example from Germany is a telling example of just how revealing metadata can be.
Requiring ISPs and telcos to store this information for two years will result in the creation of massive databases of highly sensitive information that will almost certainly be compromised at some point, posing genuinely serious threats to the safety of many Australians.
Just this week it was revealed that more than 1.6 billion username and password combinations had been stolen by a Russian crime gang in a major security breach. Earlier this year eBay was the target of a cyber-attack when their database was hacked and more than 1,600 user accounts were broken into. Even ASIO had the plans to their shiny new, $700 million headquarters stolen, allegedly by Chinese intelligence agents. This may explain why the building is still sitting empty…
The only truly secure data is data that does not exist.
Though data storage is increasingly cheap, the security requirements associated with storing this information as well as the need to make it available for queries by government agencies means that there will be very substantial costs involved in setting up and maintaining a mandatory data retention regime.
One estimate is such a regime will add $100 a year to every internet access account in Australia. It will also decrease competition within the telecommunications market as smaller providers will be less able to absorb the costs of compliance, potentially leading to higher overall internet and mobile phone access costs.
How do you feel about paying extra so that the government can spy on you?
Doing nothing wrong, got nothing to hide?
Sure. And that’s exactly why the government shouldn’t be forcing your communications providers to hold information about you for two years. This is about the right to determine for yourself, what you decide to keep private and what you’re happy to share.
Mandatory data retention represents a massive invasion of the privacy of all Australians, while subverting the principle of presumption of innocence by treating all of us as potential suspects.
ASIO and the police say this information is ‘critical’ in combating terrorists and serious criminals.
Maybe. There is very little evidence publicly available to support this assertion though.
Regardless, Australia’s law enforcement and intelligence agencies already possess broad powers to require this information to be retained on ‘persons of interest’ (known as ‘data preservation notices’, which also require the content of communications to be retained). There is therefore no justification for a mandatory, indiscriminate scheme to retain this information on the rest of society.
Do you think that a mandatory, indiscriminate, society-wide data retention regime is an unnecessary invasion of the privacy of all Australians?
SIGN OUR PETITION NOW and tell the government they need to treat us all as Citizens, Not Suspects.
The Senate’s Legal and Constitutional Affairs Reference Committee is currently reviewing the Telecommunications Interception and Access Act, which is the legislation that allows government agencies to access metadata. This inquiry is due to report on 27th August.
National Security Legislation Amendment Bill (No. 1) 2014
The Joint Standing Committee on Intelligence and Security is reviewing this proposed legislation, which is the first tranche of changes proposed by the government.
EFA has made a submission to this inquiry, though that has not been published yet (it’s at the discretion of the Committee whether to do so). EFA will be giving testimony to the Committee shortly.
2012-2013: Inquiry into Potential Reforms of National Security Legislation
The Joint Standing Committee on Intelligence and Security in the previous parliament conducted an Inquiry into Potential Reforms of National Security Legislation. Note that the current Attorney-General, Senator George Brandis, was a member of the Committee throughout this inquiry.
See EFA’s submission to this inquiry [PDF, 830KB].
See the Committee’s report, published in June 2013. The report is the basis for much of the government’s current proposals.
2010-2011: The adequacy of protections for the privacy of Australians online
The Senate Senate Standing Committee on Environment, Communications and the Arts conducted an Inquiry into the adequacy of protections for the privacy of Australians online. Among a range of issues, this inquiry considered the issue of a mandatory data retention scheme.
EFA provided verbal testimony to this inquiry.
See the Committee’s report [PDF, 1274KB], published in April 2011.
See the then government’s response [PDF, 1064KB], published in November 2012.