Thursday, 19 February 2015

Abbott's 'snoopers' charter continues to cause concern

Liberty Victoria has a history of campaigning for civil liberties and human rights for more than 70 years. Officially known as the Victorian Council of Civil Liberties Inc, its lineage extends back to the Australian Council for Civil Liberties (ACCL).

This is its 22 January 2015 media release:

The human rights group Liberty Victoria today called on the Federal Government to use its review of security laws to introduce a much higher threshold for access to telecommunications data and limit access to agencies directly responsible for national security and the investigation of serious crime.
 Liberty warned that the Telecommunications (Interception and Access) Act, which gives government agencies access to this data, is open to abuse because information can be obtained without a warrant or any independent oversight. “A full-scale campaign has been launched against similar laws in Britain, targeting the `snoopers’ charter,’ as it is known.”

The Abbott government’s proposed data retention bill, which will amend the Act, will make things worse, enabling retrospective surveillance of the private lives of ordinary Australians throughout the two year data retention period.

“The Abbott government is trying to justify this bill as a necessary tool for security agencies and the police in the fight against terrorism and serious crime. The legislation goes much further than is necessary for this purpose, however, allowing access to telecommunications data, even if the investigation only aims at non payment of a fine or a tax.

“The law now allows Australian Post, the tax office and a municipal council, among many others agencies, access to an individual’s telecommunications data. And there is no sanction if information is accessed unlawfully by authorised officers working in these agencies.”

Liberty said that in spite of  statements to the contrary by the Federal Government, the proposed data retention bill will not necessarily limit the number of agencies that have access to telecommunications data and nothing in the bill will set a higher threshold for access to such data.

Liberty echoed the view of Alistair MacDonald, QC, chairman of the English Bar Council, that one of the aims of extremists, who are willing to commit barbaric crimes in support of purportedly religious or political ends, is that the hard-won liberties of the civil population should be curtailed and a wedge driven between those in society with different views about the degree to which personal freedom should be sacrificed for public safety.
Right now the Government is proposing to introduce a mandatory, society-wide regime for the retention of communications data (‘metadata’) for two years. In the latest public hearing into the Government’s proposed legislation a number of important matters were revealed by the Attorney-General and Australia’s law enforcement and intelligence agencies.

If you weren’t paying attention to the workings of Parliament in the lead up to the festive season then you may have missed a crucial public hearing by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), held on 17th December. This hearing delved into the Government’s proposed mandatory, society-wide data retention regime. It was a crucial hearing because from it we learned five things.

1. There remains no final definition for the data set and what exactly will or won’t be retained. In fact the hearing revealed continuing confusion about what the Government and the law enforcement and intelligence communities consider to be relevant data.

2. The Government doesn’t know how much it will cost to implement the Government’s mandatory, society-wide data retention regime, and they won’t be able to make meaningful estimates until they’ve finished defining the data set. What we do have are estimates about the costs to telcos and ISPs for implementing the regime, which the industry has already admitted will be passed on to consumers. So, you’ll end up paying more through higher connectivity charges, through your taxes, or probably both.

3. The Government and the Australian Federal Police cannot say how many times existing surveillance laws and the subsequent data collected have contributed to intercepting criminal activity or successfully prosecuting suspects.

4. There were no new details provided about the circumstances under which access to data is granted or what it will be used for. This is particularly interesting given the recent passage of laws enabling the AFP and ASIO to delete, add or change data on computers of people who are not ‘persons of interest’.

5. It was confirmed that the mandatory, society-wide data retention regime could be utilised to pursue civil legal actions, particularly copyright infringement actions, and admitted that the regime represented a security risk as personal user data would be centrally stored for two years; offering a tempting target for crackers to steal data.

For some, the public hearing confirmed our worst fears about the mandatory, society-wide data retention regime…..

What they want now is for that information to be retained for two years for ALL Australians, even if you’re not being investigated or considered a person of interest. The regime represents a massive invasion of the privacy of all Australians, while subverting a fundamental principle of our legal system – the presumption of innocence – by treating all of us as suspects.

And we the public will get the privilege of paying for it all as telcos and ISPs will pass on the costs of implementing the regime to customers. While the telcos and ISPs have been measuring the possible cost of this poor policy, the Government has yet to work out how much it will cost taxpayers to implement it.

In addition, it was confirmed during the PJCIS public hearing that the laws pave the way for the pursuit of civil legal actions, especially related to copyright infringement, but also potentially unfair dismissal and in many other contexts. This means a new threat to the public who aren’t persons of interest as ordinary Australians get caught up in civil actions because they downloaded some movies from the net….

CNet 29 January 2015:

Both Australia's largest telco and a leading digital privacy organisation have warned that mandatory data retention could create a "honeypot" of personal information that could be compromised by hackers and criminals.

The warning came at a Parliamentary Committee hearing on proposed Data Retention legislation, which is hearing from telecommunications providers, security experts and privacy advocates in Canberra today and tomorrow.

Both Telstra and digital civil liberties group Electronic Frontiers Australia have warned that requiring telecommunications providers and ISPs to store metadata on every Australian for a period of two years would create a massive cache of personal information that would need to be protected with extra security to prevent hacks.

To highlight how much more data could be retained under a mandatory scheme compared to current practices, Telstra Director of Government Relations James Shaw said that, at peak times such as New Years Eve, some data is only retained by the telco for a few hours before it is overwritten -- significantly less than the two-year period that would be required under proposed legislation…

Telstra Chief Information Security Officer Michael Burgess warned that keeping two years' worth of metadata could pique the interest of people aside from law enforcement and security agencies, and that the company "would need to take further steps" to ensure security.

"The internet is a very busy place for people that choose to do harm," he said. "We would have to put extra measures in make sure that data was safe from those that should not have access to it."

Furthermore, Burgess warned that the data retention scheme would require "new functionality" to be rolled out across Telstra's network to ensure the proper storage of the correct information. Compared to current storage methods, he argued that a new centralised system could provide an easier access point for hackers…..

No comments: