What could possibly go wrong when the Abbott Government is creating Fortress Australia to protect us all from a veritable host of 'terrors'?

When the Abbott Government’s wider surveillance powers were passed by the Senate, the Australian public was being assured by both major parties that the sweeping ‘anti-terrorism’ legislation had built-in safeguards which would protect us all from over reach by intelligence agencies and police.

The good citizens of Tacoma in Pierce County, Washington, United States probably thought they were protected too. After all, didn’t the police need to get a warrant from a Superior Court judge?

The News Tribune article of 15 November 2014 shows just how easily a mockery can be made of surveillance laws:

Pierce County judges didn’t know until recently that they’d been authorizing Tacoma police to use a device capable of tracking someone’s cellphone.

Now they do, and they’ve demanded that police change the way they get permission to use their so-called cell site simulator.

From 2009 to earlier this year, the county’s Superior Court judges unwittingly signed more than 170 orders that Tacoma police and other local law enforcement agencies say authorized them to use a device that allows investigators to track a suspect’s cellphone but also sweeps cellphone data from innocent people nearby.

In August, the assistant chief of the Tacoma Police Department told The News Tribune that investigators never deployed the device — a cell site simulator, commonly known as a Stingray — without court authorization.

The newspaper since learned police never mentioned they intended to use the device when detectives swore out affidavits seeking so-called “pen register, trap and trace” orders allowing them to gather information about a suspect’s cellphone use and location…..

Neither the pen register orders nor the affidavits filed by law enforcement mentioned that police had a Stingray or intended to use it.

Instead, detectives used language commonly associated with requesting an order that would force a cellphone company to turn over records for a particular phone, and, where possible, the real-time location of the phone…..

The News Tribune 17 November 2014:

The Tacoma Police Department, which owns the Stingray, did not want to reveal it to the public. The FBI, which provided it, was leaning on the city to keep the technology secret. As a result, the judiciary that monitors investigations for constitutional abuses wasn’t aware of the kind of surveillance it was authorizing. However noble the motives, this was subterfuge….

But a Stingray — which employs technology known as cell site simulation — is so much more intrusive than conventional surveillance that it demands extra scrutiny. It pulls in cellphone transmissions from all callers in a given area and identifies the unique signatures of each phone…..

This could get spooky in a hurry. The Pierce County Superior Court now has another safeguard in place: Police must sign affidavits that they will not store data on people who are not targets of the investigation…..

Think this example of over reach is too far removed from Australia to matter? Think again…..

The Sydney Morning Herald reported on what is already occurring in Australia on 7 July 2014:

Australian federal and state police are ordering phone providers to hand over personal information about thousands of mobile phone users, whether they are targets of an investigation or not.

Fairfax Media has confirmed Australian law-enforcement agencies are using a technique known as a "tower dump", which gives police data about the identity, activity and location of any phone that connects to targeted cell towers over a set span of time, generally an hour or two.

A typical dump covers multiple towers, and mobile providers, and can net information about thousands of mobile phones.

The dumps are usually used in circumstances when police have few leads and can be a useful, powerful tool in tracking down criminals. But privacy advocates say that while they may be helpful to police, they also target thousands of innocent people and don’t have any judicial oversight.

In addition to no warrant being required to request a tower dump containing the mobile phone data of thousands of people to track down one or more criminals involved in a crime, privacy advocates also question what is being done to the data collected once an investigation is complete….

Australian Information Commission finds Department of Immigration and Border Protection unlawfully disclosed personal information of asylum seekers

Office of the Australian Information Commission, media release on Wednesday, 12 November 2014:

Department of Immigration and Border Protection unlawfully disclosed personal information of asylum seekers

The Department of Immigration and Border Protection (DIBP) has been found in breach of the Privacy Act 1988, by failing to adequately protect the personal information of approximately 9,250 asylum seekers. They have also been found to have unlawfully disclosed personal information.

The Office of the Australian Information Commissioner (OAIC) was notified by the Guardian Australia on 19 February that a ‘database’ containing the personal information of 'almost 10,000' asylum seekers was available in a report on DIBP’s website. DIBP removed the report from its website within an hour of being notified. The report was available on DIBP’s website for approximately eight and a half days.

The categories of personal information compromised in the data breach consisted of full names, gender, citizenship, date of birth, period of immigration detention, location, boat arrival details, and the reasons why the individual was deemed to be ‘unlawful’.

‘This incident was particularly concerning due to the vulnerability of the people involved,’ said Australian Privacy Commissioner, Timothy Pilgrim.

The breach occurred when statistical data was mistakenly embedded in a Word document that was published on DIBP’s website. The report was accessed a number of times, and was republished by an automated archiving service.

Mr Pilgrim said that OAIC’s investigation found that DIBP was aware of the privacy risks of embedding personal information in publications, but that DIBP’s systems and processes failed to adequately address those risks. This meant that DIBP staff did not detect the embedded information when the document was created or before it was published.  

‘This breach may have been avoided if DIBP had implemented processes to de-identify data in situations where the full data set was not needed,’ he said.

This data breach also demonstrates the difficulties of effectively containing a breach where information has been published online, and highlights the importance of taking steps to prevent data breaches from occurring, rather than relying on steps to contain them after they have occurred.

‘I have made a number of recommendations about how DIBP could improve their processes, including requesting that they engage an independent auditor to certify that they have implemented the planned remediation. I have asked DIBP to provide me with a copy of the certification and the report by 13 February 2015’, Mr Pilgrim said.

The OAIC is still receiving privacy complaints from individuals affected by the breach. The OAIC has received over 1600 privacy complaints to date, and these complaints are on-going.

Media contact: Ms Leila Daniels 0407 663 968 media@oaic.gov.au

Background

As this breach occurred prior to 12 March 2014, the Privacy Commissioner’s powers under the Privacy Act 1988 were limited to making recommendations.

The full report can be accessed on the OAIC website: http://www.oaic.gov.au/privacy/applying-privacy-law/commissioner-initiated-investigation-reports/dibp-omi

Tony Abbott's Blue Screen Of Death

What the Abbott Government has been keeping secret from Australian voters

Quotes from an IT News article dated 20 June 2014:

* Negotiations started under Labor in 2013 and are continuing under the Coalition, with trade minister Andrew Robb strongly supportive of TISA.

Robb told The Age that the proposed deal opens up new opportunities for Australia and that he wants to achieve a level playing field for the country's busineses so that they can compete on the same terms as overseas entities.

The leaked text of the Financial Services Annex shows the deal would remove much of the current right the Australian government has to block foreign takeovers of Australian banks.

Foreign banks would also be allowed to set up shop in Australia without setting up local subsidiaries, and be allowed to import workers and IT and communications equipment on a temporary basis.

The Kelsey analysis notes that TISA goes beyond provisions in the controversial Trans Pacific Trade Agreement which has currently stalled after opposition from Japan on market access.

TISA could be close to being concluded. Yesterday, US Trade Representative Michael Froman said a basic outline of the deal is in place ahead of negotiations next week.

* Law professor Jane Kelsey of Auckland University analysed the leaked Financial Services Annex on Wikileaks, and said service industry lobbyists, mostly US based firms that dominate IT and communications technology, are campaigning to stop governments from being able to demand that data be stored and processed locally.

In article X.11, the EU and Panama proposed that a TISA party should not be able to prevent data transfers by financial institutions to overseas. This, Kelsey said, means signatories would not be able to adopt privacy and confidentiality measures that breach TISA provisions.

The US wants a more direct, full ban on countries' abilities to prevent transfer of financial data to services suppliers' usual places of business.

Holding data overseas means it's almost impossible for states to control how it is used, or to impose legal liability on financial services providers, Kelsey said. It also opens up the possibility of abuse by governments.

Wikileaks Press Release - Secret Trade in Services Agreement (TISA) - Financial Services Annex 2014-06-19

Today, WikiLeaks released the secret draft text for the Trade in Services Agreement (TISA) Financial Services Annex, which covers 50 countries and 68.2%¹ of world trade in services. The US and the EU are the main proponents of the agreement, and the authors of most joint changes, which also covers cross-border data flow. In a significant anti-transparency manoeuvre by the parties, the draft has been classified to keep it secret not just during the negotiations but for five years after the TISA enters into force.

Despite the failures in financial regulation evident during the 2007-2008 Global Financial Crisis and calls for improvement of relevant regulatory structures², proponents of TISA aim to further deregulate global financial services markets. The draft Financial Services Annex sets rules which would assist the expansion of financial multi-nationals – mainly headquartered in New York, London, Paris and Frankfurt – into other nations by preventing regulatory barriers. The leaked draft also shows that the US is particularly keen on boosting cross-border data flow, which would allow uninhibited exchange of personal and financial data.

TISA negotiations are currently taking place outside of the General Agreement on Trade in Services (GATS) and the World Trade Organization (WTO) framework. However, the Agreement is being crafted to be compatible with GATS so that a critical mass of participants will be able to pressure remaining WTO members to sign on in the future. Conspicuously absent from the 50 countries covered by the negotiations are the BRICS countries of Brazil, Russia, India and China. The exclusive nature of TISA will weaken their position in future services negotiations.

The draft text comes from the April 2014 negotiation round - the sixth round since the first held in April 2013. The next round of negotiations will take place on 23-27 June in Geneva, Switzerland.

Current WTO parties negotiating TISA are: Australia, Canada, Chile, Chinese Taipei (Taiwan), Colombia, Costa Rica, Hong Kong, Iceland, Israel, Japan, Liechtenstein, Mexico, New Zealand, Norway, Pakistan, Panama, Paraguay, Peru, South Korea, Switzerland, Turkey, the United States, and the European Union, which includes its 28 member states Austria, Belgium, Bulgaria, Cyprus, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.

China and Uruguay have expressed interest in joining the negotiations but so far are not included.

[1] Swiss National Center for Competence in Research: A Plurilateral Agenda for Services?: Assessing the Case for a Trade in Services Agreement, Working Paper No. 2013/29, May 2013, p. 10.

[2] For example, in June 2012 Ecuador tabled a discussion on re-thinking regulation and GATS rules; in September 2009 the Commission of Experts on Reforms of the International Monetary and Financial System, convened by the President of the United Nations and chaired by Joseph Stiglitz, released its final report, stating that "All trade agreements need to be reviewed to ensure that they are consistent with the need for an inclusive and comprehensive international regulatory framework which is conducive to crisis prevention and management, counter-cyclical and prudential safeguards, development, and inclusive finance."

Read the Secret Trade in Services Agreement (TISA) - Financial Services Annex

Read the Analysis Article - Secret Trade in Services Agreement (TISA) - Financial Services Annex