Australia to Succumb to Mass Surveillance
By Ann-Marie de Veer
Saturday 2 August 2014
On the 12 December 2013, a little over six months after the first revelations about GCHQ and NSA mass surveillance were simultaneously aired by the Washington Post and the UK's Guardian, the Australian Senate launched an inquiry into internet and phone surveillance by Australia’s security agencies.
The inquiry, proposed by Scott Ludlam of the Greens and backed by the Labor Party, was in part a response to these disclosures and to address both a 2008 Australian Law Reform Commission Report, called For Your Information, as well as the more recent 2013 Report of the Inquiry into Potential Reforms of Australia’s National Security Legislation. The review of the former had been delayed for over four years whilst the latter suffered entirely as an inevitable consequence of a regime change in September 2013.
In the Australian Law Commission Report, For Your Information, the focus was to review the 1988 Privacy Act in light of both technological advancements in the acquisition, processing, use and storage of personal data as well as societal changes in the perception of personal privacy. An example of the inadequacy of the act can be found in its definition of personal information, Vol 1 Page 293 states:
- information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
When compared to the EU definition, Vol 1 Page 295:
- At this point, it should be noted that, while identification through the name is the most common occurrence in practice, a name may itself not be necessary in all cases to identify an individual. This may happen when other ‘identifiers’ are used to single someone out. Indeed, computerised files registering personal data usually assign a unique identifier to the persons registered, in order to avoid confusion between two persons in the file. Also on the Web, web traffic surveillance tools make it easy to identify the behaviour of a machine and, behind the machine, that of its user. Thus, the individual’s personality is pieced together in order to attribute certain decisions to him or her … the individual’s contact point (a computer) no longer necessarily requires the disclosure of his or her identity in the narrow sense. In other words, the possibility of identifying an individual no longer necessarily means the ability to find out his or her name. The definition of personal data reflects this fact.
Whilst the report goes on to make many proposals throughout its three volumes, it clearly recognises that individuals create a diverse and unique set of identifiers that can be used to identify them without knowledge of their name or other traditional forms of identification and presents a serious threat to their privacy.
These identifiers can be referred to as a subset of the full metadata spectrum.
More recently, the notion that these subsets of data can reveal much more than was at first thought possible has been shown to be correct when in March 2014, Jonathan Mayer and Patrick Mutchler of Standford University, US conducted an anonymous small scale study of mobile telephone metadata. The results were conclusive as the researchers noted:
- We found that phone metadata is unambiguously sensitive, even in a small population and over a short time window. We were able to infer medical conditions, firearm ownership, and more, using solely phone metadata.
That acquisition, processing and retention of metadata, or any subset thereof, is not an identifier of an individual and does not subvert their privacy is clearly false.
Returning to the May 2013 Report of the Inquiry into Potential Reforms of Australia’s National Security Legislation, on the issue of domestic surveillance, there were two recommendations of particular interest with respect to the retention of identifying data, as detailed on Page 228 and Page 229 respectively:
- Recommendation 42
- There is a diversity of views within the Committee as to whether there should be a mandatory data retention regime. This is ultimately a decision for Government. If the Government is persuaded that a mandatory data retention regime should proceed, the Committee recommends that the Government publish an exposure draft of any legislation and refer it to the Parliamentary Joint Committee on Intelligence and Security for examination. Any draft legislation should include the following features:
- any mandatory data retention regime should apply only to meta-data and exclude content;
- the controls on access to communications data remain the same as under the current regime;
- internet browsing data should be explicitly excluded;
- where information includes content that cannot be separated from data, the information should be treated as content and therefore a warrant would be required for lawful access;
- the data should be stored securely by making encryption mandatory;
- save for existing provisions enabling agencies to retain data for a longer period of time, data retained under a new regime should be for no more than two years;
- the costs incurred by providers should be reimbursed by the Government;
- a robust, mandatory data breach notification scheme;
- an independent audit function be established within an appropriate agency to ensure that communications content is not stored by telecommunications service providers; and
- oversight of agencies’ access to telecommunications data by the ombudsmen and the Inspector-General of Intelligence and Security.
- Recommendation 43
- The Committee recommends that, if the Government is persuaded that a mandatory data retention regime should proceed:
- there should be a mechanism for oversight of the scheme by the Parliamentary Joint Committee on Intelligence and Security;
- there should be an annual report on the operation of this scheme presented to Parliament; and
- the effectiveness of the regime be reviewed by the Parliamentary Joint Committee on Intelligence and Security three years after its commencement.
In essence, the report acknowledges that it is for the current regime to decide whether a metadata retention policy should be implemented but goes on to recommend a number of features that should be included in any future legislation. However, it is more likely that only a few of them will survive the process, if any at all, as this will constitute an unwelcome oversight of their activities when, as is expected, the Abbott regime passes the legislation.
Fast forward to July 2014.
There have been little, if any, serious discussion in the MSM on the issue of domestic metadata retention since Ludlam's Senate inquiry announcement in December last year. Even Labor, originally a co-sponsor of the inquiry, has effectively withdrawn its support for any meaningful public discussion of the subject when Tanya Plibersek, the deputy leader of the party, signalled her support for a domestic metadata retention regime. Ludlam's displeasure was swift but, more importantly, he sought to shine a light on the issue that had been loitering in the shadows for over three months.
Nonetheless, while there has been the odd story on the flagrant misuse and abuse of personal metadata being accessed by all sorts of nefarious and quasi-governmental institutions and Abbott's dictum on whistleblowers and independent investigative journalism no open debate of the issue has transpired. Furthermore, as the late August deadline for the Senate inquiry report into internet and phone surveillance nears a flurry of media reports have appeared that were at best, nominally acquiescent, but in reality cast the adoption of mass domestic metadata retention as a fait accompli.
This is not entirely unexpected given that the MSM have a severe visual impairment and are also known to suffer from cognitive dissonance. What is particularly disturbing on this occasion is that they have unequivocally failed in their duty of due diligence to the public for the wanton excesses of an authoritarian regime and provide yet further proof that they are no longer an independent arbiter in upholding democracy.
Thus, it is highly likely that Abbott's regime, akin to the Cameron and Obama regimes of the UK and the US, and ably supported by a subservient and complicit media, will introduce legislation for the mass retention of domestic metadata.
That the Australian regime will legalise what is already taking place, i.e. the mass retention of domestic metadata, is not in doubt. The only questions that remain are whether they can surreptitiously introduce a bill for the mass retention of domestic data in toto, i.e. metadata and content as well as the criminalisation of whistleblowers and investigative journalists plus any other activity that seeks to shine a light on their felonious plans.
- He who is not contented with what he has, would not be contented with what he would like to have.