The devil is in the detail of government bill to enable access to communications data


Monique Mann, Queensland University of Technology

The Australian government has released a draft of its long awaited bill to provide law enforcement and security agencies with new powers to respond to the challenges posed by encryption.

According to the Department of Home Affairs, encryption already impacts 90% of Australian Security Intelligence Organisation’s (ASIO) priority cases, and 90% of data intercepted by the Australian Federal Police. The measures aim to counteract estimates that communications among terrorists and organised crime groups are expected to be entirely encrypted by 2020.

The Department of Home Affairs and ASIO can already access encrypted data with specialist decryption techniques – or at points where data are not encrypted. But this takes time. The new bill aims to speed up this process, but these broad and ill-defined new powers have significant scope for abuse.




Read more:
New data access bill shows we need to get serious about privacy with independent oversight of the law


The Department of Home Affairs argues this new framework will not compel communications providers to build systemic weaknesses or vulnerabilities into their systems. In other words, it is not a backdoor.

But it will require providers to offer up details about technical characteristics of their systems that could help agencies exploit weaknesses that have not been patched. It also includes installing software, and designing and building new systems.

Compelling assistance and access

The draft Assistance and Access Bill introduces three main reforms.

First, it increases the obligations of both domestic and offshore organisations to assist law enforcement and security agencies to access information. Second, it introduces new computer access warrants that enable law enforcement to covertly obtain evidence directly from a device (this occurs at the endpoints when information is not encrypted). Finally, it increases existing powers that law enforcement have to access data through search and seizure warrants.

The bill is modelled on the UK’s Investigatory Powers Act, which introduced mandatory decryption obligations. Under the UK Act, the UK government can order telecommunication providers to remove any form of electronic protection that is applied by, or on behalf of, an operator. Whether or not this is technically possible is another question.

Similar to the UK laws, the Australian bill puts the onus on telecommunication providers to give security agencies access to communications. That might mean providing access to information at points where it is not encrypted, but it’s not immediately clear what other requirements can or will be imposed.




Read more:
End-to-end encryption isn’t enough security for ‘real people’


For example, the bill allows the Director-General of Security or the chief officer of an interception agency to compel a provider to do an unlimited range of acts or things. That could mean anything from removing security measures to deleting messages or collecting extra data. Providers will also be required to conceal any action taken covertly by law enforcement.

Further, the Attorney-General may issue a “technical capability notice” directed towards ensuring that the provider is capable of giving certain types of help to ASIO or an interception agency.

This means providers will be required to develop new ways for law enforcement to collect information. As in the UK, it’s not clear whether a provider will be able to offer true end-to-end encryption and still be able to comply with the notices. Providers that breach the law risk facing $10 million fines.

Cause for concern

The bill puts few limits or constraints on the assistance that telecommunication providers may be ordered to offer. There are also concerns about transparency. The bill would make it an offence to disclose information about government agency activities without authorisation. Anyone leaking information about data collection by the government – as Edward Snowden did in the US – could go to jail for five years.

There are limited oversight and accountability structures and processes in place. The Director-General of Security, the chief officer of an interception agency and the Attorney-General can issue notices without judicial oversight. This differs from how it works in the UK, where a specific judicial oversight regime was established, in addition to the introduction of an Investigatory Powers Commissioner.

Notices can be issued to enforce domestic laws and assist the enforcement of the criminal laws of foreign countries. They can also be issued in the broader interests of national security, or to protect the public revenue. These are vague and unclear limits on these exceptional powers.




Read more:
Police want to read encrypted messages, but they already have significant power to access our data


The range of services providers is also extremely broad. It might include telecommunication companies, internet service providers, email providers, social media platforms and a range of other “over-the-top” services. It also covers those who develop, supply or update software, and manufacture, supply, install or maintain data processing devices.

The enforcement of criminal laws in other countries may mean international requests for data will be funnelled through Australia as the “weakest-link” of our Five Eyes allies. This is because Australia has no enforceable human rights protections at the federal level.

It’s not clear how the government would enforce these laws on transnational technology companies. For example, if Facebook was issued a fine under the laws, it could simply withdraw operations or refuse to pay. Also, $10 million is a drop in the ocean for companies such as Facebook whose total revenue last year exceeded US$40 billion.

Australia is a surveillance state

As I have argued elsewhere, the broad powers outlined in the bill are neither necessary nor proportionate. Police already have existing broad powers, which are further strengthened by this bill, such as their ability to covertly hack devices at the endpoints when information is not encrypted.

Australia has limited human rights and privacy protections. This has enabled a constant and steady expansion of the powers and capabilities of the surveillance state. If we want to protect the privacy of our communications we must demand it.

The ConversationThe Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth) is still in a draft stage and the Department of Home Affairs invites public comment up until 10th of September 2018. Submit any comments to assistancebill.consultation@homeaffairs.gov.au.

Monique Mann, Vice Chancellor’s Research Fellow in Regulation of Technology, Queensland University of Technology

This article was originally published on The Conversation. Read the original article.

Advertisements

New data access bill shows we need to get serious about privacy with independent oversight of the law



File 20180814 2921 15oljsx.jpg?ixlib=rb 1.1

MICK TSIKAS/AAP

Greg Austin, UNSW

The federal government today announced its proposed legislation to give law enforcement agencies yet more avenues to reach into our private lives through access to our personal communications and data. This never-ending story of parliamentary bills defies logic, and is not offering the necessary oversight and protections.

The trend has been led by Prime Minister Malcolm Turnbull, with help from an ever-growing number of security ministers and senior officials. Could it be that the proliferation of government security roles is a self-perpetuating industry leading to ever more government powers for privacy encroachment?

That definitely appears to be the case.

Striking the right balance between data access and privacy is a tricky problem, but the government’s current approach is doing little to solve it. We need better oversight of law enforcement access to our data to ensure it complies with privacy principles and actually results in convictions. That might require setting up an independent judicial review mechanism to report outcomes on an annual basis.




Read more:
Australia should strengthen its privacy laws and remove exemptions for politicians


Where is the accountability?

The succession of data access legislation in the Australian parliament is fast becoming a Mad Hatter’s tea party – a characterisation justified by the increasingly unproductive public conversations between the government on one hand, and legal specialists and rights advocates on the other.

If the government says it needs new laws to tackle “terrorism and paedophilia”, then the rule seems to be that other side will be criticised for bringing up “privacy protection”. The federal opposition has surrendered any meaningful resistance to this parade of legislation.

Rights advocates have been backed into a corner by being forced to repeat their concerns over each new piece of legislation while neither they nor the government, nor our Privacy Commissioner, and all the other “commissioners”, are called to account on fundamental matters of principle.

Speaking of the commissioner class, Australia just got a new one last week: the Data Commissioner. Strangely, the impetus for this appointment came from the Productivity Commission.

The post has three purposes:

  1. to promote greater use of data,
  2. to drive economic benefits and innovation from greater use of data, and
  3. to build trust with the Australian community about the government’s use of data.

The problem with this logic is that purposes one and two can only be distinguished by the seemingly catch-all character of the first: that if data exists it must be used.

Leaving aside that minor point, the notion that the government needs to build trust with the Australian community on data policy speaks for itself.

National Privacy Principles fall short

There is near universal agreement that the government is managing this issue badly, from the census data management issue to the “My Health Record” debacle. The growing commissioner class has not been much help.

Australia does have personal data protection principles, you may be surprised to learn. They are called “Privacy Principles”. You may be even more surprised to learn that the rights offered in these principles exist only up to the point where any enforcement arm of government wants the data.




Read more:
94% of Australians do not read all privacy policies that apply to them – and that’s rational behaviour


So it seems that Australians have to rely on the leadership of the Productivity Commission (for economic policy) to guarantee our rights in cyber space, at least when it comes to our personal data.

Better oversight is required

There is another approach to reconciling citizens’ interests in privacy protection with legitimate and important enforcement needs against terrorists and paedophiles: that is judicial review.

The government argues, unconvincingly according to police sources, that this process adequately protects citizens by requiring law enforcement to obtain court-ordered warrants to access information. The record in some other countries suggests otherwise, with judges almost always waving through any application from enforcement authorities, according to official US data.

There is a second level of judicial review open to the government. This is to set up an independent judicial review mechanism that is obliged to annually review all instances of government access to personal data under warrant, and to report on the virtues or shortcomings of that access against enforcement outcomes and privacy principles.

There are two essential features of this proposal. First, the reviewing officer is a judge and not a public servant (the “commissioner class”). Second, the scope of the function is review of the daily operation of the intrusive laws, not just the post-facto examination of notorious cases of data breaches.

It would take a lengthy academic volume to make the case for judicial review of this kind. But it can be defended simply on economic grounds: such a review process would shine light on the efficiency of police investigations.

According to data released by the UK government, the overwhelming share of arrests for terrorist offences in the UK (many based on court-approved warrants for access to private data) do not result in convictions. There were 37 convictions out of 441 arrests for terrorist-related offences in the 12 months up to March 2018.




Read more:
Explainer: what is differential privacy and how can it protect your data?


The Turnbull government deserves credit for its recognition of the values of legal review. Its continuing commitment to posts such as the National Security Legislation Monitor – and the appointment of a high-profile barrister to such a post – is evidence of that.

But somewhere along the way, the administration of data privacy is falling foul of a growing bureaucratic mess.

The ConversationThe only way to bring order to the chaos is through robust accountability; and the only people with the authority or legitimacy in our political system to do that are probably judges who are independent of the government.

Greg Austin, Professor UNSW Canberra Cyber, UNSW

This article was originally published on The Conversation. Read the original article.

Criminal charges against banking ‘cartels’ show Australia is getting tough on competition law


Barbora Jedlickova, The University of Queensland

A two-year probe by Australia’s consumer watchdog has resulted in criminal charges against ANZ, Citigroup and Deutsche Bank, as well as six of their senior executives, over alleged “cartel-like” behaviour.

The case, brought by the Commonwealth Director of Public Prosecutions (CDPP) after an investigation by the Australian Competition and Consumer Commission (ACCC), is the second prosecution of its kind to be brought in Australia since competition laws were tightened almost a decade ago.




Read more:
Cartel case shows not all corporate misbehaviour goes unpunished


The banks and six investment bankers are charged with cartel conduct related to the sale of A$2.5 billion worth of unsold ANZ shares to investors in August 2015. The ACCC alleges that senior executives from the three banks colluded in the way they dealt with these shares.

The exact details of the alleged criminal conduct will only become clear at a Sydney court hearing on July 3, 2018.

What is cartel behaviour?

Cartels are forms of anti-competitive conduct where cartel participants decide to stop competing and start colluding. Australian civil law has banned cartels for decades. But the practice only became a criminal offence in 2010. Only its serious forms are subject to criminal law; civil law still governs the rest.

Cartels can take different forms. In the most common instance, participants collude by setting their prices. Other forms include: output restrictions; dividing markets among cartel participants on mutually agreed terms; and bid-rigging, in which a commercial contract is decided in advance but other operators put in sham bids to give the appearance of competition.

There is one primary reason why businesses or executives would stop competing and start colluding: profit. In short, cartel participants cheat to get more money, creating higher prices and lower output in the process. This disadvantages consumers, the economy and society at large.

But proving criminal collusion in a court is harder than it might seem.

Beyond reasonable doubt

Although we need to wait for the case to unfold to find out more, what we can tell at this stage is that the ACCC and the CDPP perceive the alleged conduct as serious enough for it to constitute a criminal case. Criminal cases are harder to prove than civil cases. Cartel collusion must be proved beyond reasonable doubt, and the evidence has to show that the individuals involved knew (or believed) that they were colluding.

What these charges also show is that the ACCC and the CDPP are prepared to go after the most powerful corporations and their executives for alleged cartel-like conduct. This is an enormously important step for deterrence, because criminal charges are naturally more attention-grabbing than civil lawsuits.

Charging high-ranking bank executives will potentially make the deterrent more effective still, because high-ranking executives set the cultural tone for their organisations.

Research has shown that significant prison time – or the threat of it – for individuals is a more effective deterrent than civil penalties; especially if the penalties are not high enough, as was argued in the recent OECD report on corporate penalties for cartels in Australia. The report showed that the penalties applied in Australia were low in comparison with competition law regimes in the European Union and the United States.

Just the beginning?

This is the second Australian criminal case of cartel conduct – the first involved a Japanese company shipping cars to Australia. We can reasonably expect more of these kinds of charges in the future, given that the laws are only eight years old and investigations of this type typically take years to reach fruition. (The alleged cartel conduct in the latest case took place in August 2015, almost three years ago.)

There are differences in investigation procedures between criminal and civil cases, to ensure that collected pieces of evidence are admissible in a criminal proceeding. It is ultimately the CDPP’s (and not the ACCC’s) decision whether or not to prosecute.




Read more:
Cartels caught ripping off Australian consumers should be hit with bigger fines


The final step is for criminal proceedings to be prosecuted. The first cartel criminal case, which concerned the shipping industry, can be perceived as successful, with two global shipping companies pleading guilty.

It is still early days for Australia in terms of tracking down and punishing examples of cartel behaviour via criminal prosecutions. But the latest developments suggest that Australia is prepared to follow the example of the world leader in successful cartel-related criminal prosecutions: the United States.

The US criminal regime is one of the oldest in the world, having existed since 1890. The US boom of cartel-related criminal cases began in the late 1990s with the lysine cartel and the vitamin cartel and with the first foreign national being sentenced to imprisonment in July 1999. One of the first criminal cartel investigations inspired the production of the 2009 movie The Informant!.

The ConversationThe numbers further illustrate the success of the US criminal prosecutions. For instance, 27 corporations and 82 individuals were charged in the fiscal year 2011. Australia has a long way to go before it can match those numbers.

Barbora Jedlickova, Lecturer, School of Law, The University of Queensland

This article was originally published on The Conversation. Read the original article.

New electoral law could still hobble charities



File 20180412 584 57hw0v.jpg?ixlib=rb 1.1
Charities are unclear about how they can engage in democracy because the terms in the proposed bill are unclear.
Shutterstock

Krystian Seibert, Swinburne University of Technology

The Joint Standing Committee on Electoral Matters has released its report into the Electoral Legislation Amendment (Electoral Funding and Disclosure Reform) Bill 2017.

The bill seeks to ban foreign donations to political parties and their “associated entities”. But it also seeks to capture organisations, including charities, that undertake public advocacy on policy issues.

While much of the media attention has focused on the foreign donation ban, the bill also introduces a new compliance framework for such actors. This applies irrespective of whether they receive foreign donations or not.

The inquiry received over 200 submissions from a diverse range of charities, not-for-profit organisations, think tanks and legal experts. Most expressed major concerns about the complex and burdensome nature of the proposed compliance framework, and the “chilling effect” it could have on advocacy by charities in particular.

The committee made 15 recommendations in its report, released on Monday. It provided in-principle support for the bill’s passage, subject to the recommendations being adopted.




Read more:
Ban on foreign political donations is both too broad and too narrow, and won’t fix our system


The recommendations are a step in the right direction, responding to many of the concerns raised in the inquiry. But they are light on detail, and much will depend on how the government responds to them.

Contrary to what the chair of the committee, Senator Linda Reynolds, has stated, a number of the recommended changes are complex. This is particularly the case with redefining “political expenditure”, a key term that underpins almost the entire bill.

What is ‘political expenditure’?

If a charity or other organisation incurs “political expenditure” above $13,500, then it becomes subject to the bill’s compliance framework. Additional requirements are imposed for those incurring more than $100,000, but the committee recommended this level be reviewed.

The definition of this term is unclear. It’s also potentially very broad. It includes any expenditure on the public expression of views on an issue that is “likely to be before electors in an election”, regardless of whether an election has been called. This could include activities such as publishing reports advocating for changes to government policies, media engagement, advertising and potentially even paying staff to do this work.

A big problem is that the bill provides no guidance on the specific types of activities that are captured, nor how a charity is meant to look into the future and predict whether an issue is “likely to be before electors in an election”.

This makes it almost impossible for a charity to know with any certainty whether it’s complying with the definition.

The Australian Electoral Commission provided a supplementary submission to the inquiry, setting out the seven steps it uses to interpret the definition.

But it’s complicated and unworkable, and involves looking at different party platforms to assess how topical an issue may be. A leading constitutional law expert, Professor Anne Twomey, has extensively critiqued it.

It’s therefore not surprising that the committee recommended the definition be amended to make it more precise. The aim would be to ensure it applies only to:

expenditure undertaken to influence voters to take specific action as voters, so as not to capture non-political issue advocacy.

However, this will be no simple task, as the line between the two is not clear.

For example, if a charity produces a document outlining the positions of different political parties on the issue of homelessness, how would that be defined? Arguably, it is just providing information to voters, rather than influencing them to “take specific action as voters”.

What should be done?

Although the committee made a laudable attempt to address the various flaws in the bill, there is no quick fix.

Given the key term underpinning the bill is flawed and cannot be easily redrafted, the best outcome would be for it to be withdrawn.

This would allow for more public consultation and the preparation of a comprehensive regulatory impact statement. This would quantify compliance costs and consider alternative policy options.

If the government won’t withdraw the bill, it at least needs to act on each of the committee’s recommendations. In doing so, it should undertake public consultation on the detail of any amendments and seek a genuine outcome that ensures advocacy by charities and other organisations isn’t stifled.




Read more:
Federal government’s foreign donations bill is flawed and needs to be redrafted


More broadly, it’s arguable that the entire premise for increased regulation of non-political party actors such as charities and other organisations is flawed.

Few would argue against the need for some basic disclosure requirements regarding their direct electioneering activities, to provide transparency about the origin of the funds used for these activities. But these requirements already exist.

It’s not clear why a new compliance framework is needed to further burden these organisations, made up of people coming together to participate in our democratic processes. This is something explored in a US context in the book Unfree Speech. It argues against increased regulation because it restricts the free exchange of views, which is meant to be a cornerstone of democracy.

The argument for increased regulation of charities, including banning them from receiving donations from international philanthropy for use towards “political expenditure”, is particularly weak. By their very nature, charities exist for the public benefit. They are not permitted to have politically partisan purposes under the Charities Act 2013.

There is no evidence that international philanthropy is using Australian charities to subvert our democracy. On the contrary, the support it provides helps charities advocate on important issues such as the role of Australian aid.

The ConversationRegulation can have benefits, but it can also have costs. If this bill becomes law, the cost could be a less vibrant democracy, with fewer voices willing to debate the policies that will shape our nation’s future.

Krystian Seibert, Industry Fellow, Centre for Social Impact, Swinburne University of Technology

This article was originally published on The Conversation. Read the original article.

Victoria gets serious on its political donations rules – now it’s the federal government’s turn



File 20170919 22691 1bdcijx
The Andrews government’s proposed reforms will significantly improve Victoria’s donations system.
AAP/Mal Fairclough

Yee-Fui Ng, RMIT University

Victorian Premier Daniel Andrews has announced a suite of reforms to the state’s political donations system. It includes:

  • a cap on donations by individuals, unions and corporations of A$4,000 over a four-year parliamentary term;

  • public disclosure of donations above $1,000;

  • a ban on foreign donations; and

  • real-time disclosure of donations.

Harsh penalties will be imposed on those who breach the rules, with fines of up to $44,000 and two years in jail.

These proposals follow several dubious events, including Liberal Party fundraiser Barrie Macmillan allegedly seeking to funnel donations from a mafia boss to the party after Opposition Leader Matthew Guy enjoyed a lobster dinner with the mafia leader.

According to Andrews, these changes are intended to:

… help put an end to individuals and corporations attempting to buy influence in Victorian politics.

Are these reforms good?

The proposed reforms will significantly improve Victoria’s donations system.

The caps on donations will level the playing field and reduce the risk of corruption in the state’s political system. It will prevent rich donors from exerting greater influence over politicians than those who lack the means to do so. Parties will no longer be able to rely on these wealthy donors to fund their election campaigns.

The caps equally target individuals, unions and corporations, meaning that money cannot be channelled through shady corporate structures to evade the rules. However, donations can still be channelled through the federal level, where there are no caps.

Real-time disclosures, which have already been introduced in Queensland, will improve the timeliness of disclosures. Combined with the lower disclosure threshold of $1,000, these are commendable steps towards enhancing transparency.

The move to ban foreign donations may face constitutional issues.

The tough penalties may deter people from breaching the rules. But proper enforcement by the Victorian Electoral Commission is still essential for the laws to be effective.


Further reading: Banning foreign political donations won’t fix all that ails our system


How will elections be funded?

Election campaigns are currently funded by a mix of public funding and private donations. As there will be caps on private donations, public funding of Victorian elections from taxpayers’ pockets will need to increase.

There will be debate as to the level of public funding that should be given. Public funding should adequately compensate parties, but not be overly generous or allow them to rort the system.

Detractors may argue that, in the age of social media, there may be cheaper ways for political parties to get their messages across, so less public funding would be needed.

It is tricky to work out how to allocate public funding between established political parties, minor parties and new parties. There is also a question of whether public funding should cover activities such as policy development and party administration.

But public funding is already part of Australia’s system. In the 2016 federal election, $62.8 million of public funding was provided, which is about half of federal campaign costs.

Victoria’s move toward more public funding is not unprecedented. New South Wales already has caps on political donations of $5,800 per party and $2,500 for candidates, as well as a ban on donations from property developers and those in the tobacco, liquor and gambling industries. This was accompanied by an increase in public funding of elections, amounting to about 80% of campaign costs.


Further reading: NSW is introducing full public funding of major political parties – by stealth


In Europe and Canada, there are high levels of public funding: between 50% and 90% of costs.

Another worry is that enterprising people and businesses might still circumvent the rules through creative means.

In the US, super PACs (political action committees) are special interest groups involved in fundraising and campaigning that are not officially affiliated with political parties. These groups can raise unlimited sums of money from corporations, unions, associations and individuals, and then spend this money to overtly advocate for or against political candidates.

If this possibility is not regulated in Australian jurisdictions, then our system will remain broken.

How can we improve our national system?

Australia’s political donations system remains fragmented. Ideally, we would have a uniform system with tough rules at both the federal and state levels, so that donors cannot easily evade the rules by channelling their money through more lax jurisdictions.


Further reading: Explainer: how does our political donations system work – and is it any good?


The time is ripe for reform. A federal parliamentary committee is looking into how to improve the federal donations rules. The committee will issue its report by December 2017.

The ConversationVictoria has thrown down the gauntlet – and it’s now time for the federal government to take heed.

Yee-Fui Ng, Lecturer, Graduate School of Business and Law, RMIT University

This article was originally published on The Conversation. Read the original article.

Minister to get unprecedented power if Australia’s new citizenship bill is passed



File 20170615 24963 1y8da97
It’s not clear how proposed extensive powers for the immigration minister strengthen the integrity of Australian citizenship.
AAP/Lukas Coch

Sangeetha Pillai, UNSW

The government has introduced legislation to reform Australia’s citizenship regime, under the guise of strengthening the integrity of citizenship. The bill, if passed in its current form, confers sweeping new powers on the immigration minister.

Access to Australian citizenship has always involved some executive discretion. But if the bill is passed, the minister will gain unprecedented control over the criteria governing citizenship acquisition, the time it takes for a person to gain citizenship after their application has been approved, and even the circumstances in which citizenship can be revoked.

The minister will also be able to override certain citizenship decisions made by the Administrative Appeals Tribunal (AAT).

Powers to control citizenship acquisition

The bill gives the minister a range of new powers that relate to various aspects of the citizenship acquisition process.

As the government’s discussion paper on the proposed changes indicated, the bill creates several new requirements for citizenship applicants. Aspiring citizens will be required to demonstrate “competent English”, and show they have “integrated into the Australian community”.

The bill gives the minister the power to create regulations determining what these requirements mean. It also allows the minister to determine an Australian Values Statement, which applicants will be required to sign and lodge with their citizenship application.

Where a person’s application for citizenship has been approved, the bill gives the minister a new power to cancel this approval, if he or she determines it should no longer be granted – for any reason.

While determining whether to exercise this cancellation power, the minister may block a person from acquiring citizenship for up to two years by barring them from making the mandatory citizenship pledge.

Power to override AAT decisions

As foreshadowed, the bill also seeks to give the minister the power to override certain citizenship decisions made by the AAT.

The AAT is an independent administrative tribunal that reviews executive decisions on their merits. A person whose application for citizenship is rejected may apply to the AAT to have this decision reviewed.

The bill enables the minister to personally override AAT decisions in particular circumstances. This power applies where it has reviewed a departmental decision to refuse citizenship, provided a ground for refusal was that the applicant was not of good character, or that their identity could not be determined. The minister must also be satisfied that overriding the AAT is in the public interest.

Additionally, the bill removes the right for an applicant to appeal to the AAT where the minister decides to refuse them citizenship, and states that this is in the public interest.

The bill’s explanatory memorandum stresses that ministerial decisions to override the AAT can be reviewed by the courts. However, this is likely to be of limited utility. This is because courts typically regard the “public interest” as a matter for ministerial determination.

Immigration Minister Peter Dutton has said the proposed power to override AAT decisions merely aligns the minister’s citizenship powers with powers that exist in relation to visa cancellations.

Current law allows the minister to override certain AAT visa decisions where this is in the national interest, and where the character of the visa holder is at issue. However, these existing override powers weaken – rather than strengthen – the case for the new powers the bill proposes.

To apply for citizenship, a person must have held a visa for several years. Throughout this time, the minister has extensive power to revoke that visa and remove the holder from Australia if they fail to meet character requirements.

Given this, the need for sweeping new powers is unclear.

Power to revoke citizenship

One of the bill’s most insidious features is a proposal to allow the minister to revoke a person’s citizenship, provided they are satisfied the person obtained ministerial approval for citizenship as a result of fraud or misrepresentation. The minister must also be satisfied it would be contrary to the public interest for the person to remain an Australian citizen.

Current citizenship laws allow the minister to revoke citizenship where it is acquired by fraud. However, before this can be done, the person or a third party must be convicted by a court of migration fraud.

If the bill is passed, such a conviction will no longer be necessary. The minister will have the power to determine when fraud or misrepresentation has occurred.

The bill does not spell out the criteria that will be used to make such decisions. But, it does specify that misrepresentation includes “concealing material circumstances”. This absence of criteria creates uncertainty about how the minister will make decisions. It also decreases the prospect of meaningful judicial review.

In particular, it is not clear how the expanded revocation powers interact with the bill’s other provisions.

For example, take a situation where the minister believes a person who has been granted citizenship is not demonstrating the values or integration they were assessed for during the application process. Could the minister revoke citizenship on the basis that the person, when applying for citizenship, misrepresented their values or commitment to integration?

If so, this would create a dangerous back-door route to citizenship revocation for people whose conduct falls far short of the current thresholds that parliament has set.

What’s next?

It is not clear how these extensive ministerial powers strengthen the integrity of Australian citizenship.

The ConversationQuite the contrary, creating broad executive powers with minimal review undermines the rule of law. This, ironically, is said to be one of the fundamental values underpinning Australian citizenship.

Sangeetha Pillai, Senior Research Associate, Andrew & Renata Kaldor Centre for International Refugee Law, UNSW Law School, UNSW

This article was originally published on The Conversation. Read the original article.

The new data retention law seriously invades our privacy – and it’s time we took action



File 20170615 24976 1y7ipnc
Then government’s new law enabling the collection of metadata raises serious privacy concerns.
shutterstock

Uri Gal, University of Sydney

Over the past few months, Australians’ civil rights have come under attack.

In April, the government’s data retention law came into effect. The law requires telecommunications companies to store customer metadata for at least two years. Metadata from our phone calls, text messages, emails, and internet activity is now tracked by the government and accessible by intelligence and law enforcement agencies.

Ironically, the law came into effect only a few weeks before Australia marked Privacy Awareness Week. Alarmingly, it is part of a broad trend of eroding civil rights in Western democracies, most noticeably evident by the passage of the Investigatory Powers Act in the UK, and the decision to repeal the Internet Privacy Law in the US.

Why does it matter?

Australia’s data retention law is one of the most comprehensive and intrusive data collection schemes in the western world. There are several reasons why Australians should challenge this law.

First, it undermines the democratic principles on which Australia was founded. It gravely harms individuals’ right to privacy, anonymity, and protection from having their personal information collected.

The Australian Privacy Principles define limited conditions under which the collection of personal information is permissible. It says personal information must be collected by “fair” means.

Despite a recent ruling by the Federal Court, which determined that our metadata does not constitute “personal information”, we should consider whether sweeping collection of all of Australian citizenry’s metadata is consistent with our right to privacy.

Second, metadata – data about data – can be highly revealing and provide a comprehensive depiction of our daily activities, communications and movements.

As detailed here, metadata is broad in scope and can tell more about us than the actual content of our communications. Therefore, claims that the data retention law does not seriously compromise our privacy should be considered as naïve, ill-informed, or dishonest.

Third, the law is justified by the need to protect Australians from terrorist acts. However, despite the government’s warnings, the risk of getting hurt in a terrorist attack in Australia has been historically, and is today, extremely low.

To date, the government has not presented any concrete empirical evidence to indicate that this risk has substantially changed. Democracies such as France, Germany and Israel – which face more severe terrorist threats than Australia – have not legalised mass data collection and instead rely on more targeted means to combat terrorism that do not jeopardise their democratic foundations.

Fourth, the data retention law is unlikely to achieve its stated objective and thwart serious terrorist activities. There are a range of widely-accessible technologies that can be used to circumvent the government’s surveillance regime. Some of them have previously been outlined by the now-prime minister, Malcolm Turnbull.

Therefore, in addition to damaging our civil rights, the law’s second lasting legacy is likely to be its contribution to increasing the budgetary debt by approximately A$740 million over the next ten years.

How can the law be challenged?

There are several things we can do to challenge the law. For example, there are technologies that we can start using today to increase our online privacy.

A full review of all available options is beyond the scope of this article, but here are three effective ones.

  1. Virtual private networks (VPNs) can hide browsing information from internet service providers. Aptly, April 13, the day the data retention law came into effect, has been declared the Australian “get a VPN day”.

  2. Tor – The Onion Router is free software that can help protect the anonymity of its users and conceal their internet activity from surveillance and analysis.

  3. Encrypted messaging applications – unprotected applications can be easily tracked. Consequently, applications such as Signal and Telegram that offer data encryption solutions have been growing in popularity.

Australian citizens have the privilege of electing their representatives. An effective way to oppose continuing state surveillance is to vote for candidates whose views truly reflect the democratic principles that underpin modern Australian society.

The Australian public needs to have an honest, critical and open debate about the law and its social and ethical ramifications. The absence of such a debate is dangerous. The institutional accumulation of power is a slippery slope – once gained, power is not easily given up by institutions.

And the political climate in Australia is ripe for further deterioration of civil rights, as evident in the government’s continued efforts to increase its regulation of the internet. Therefore, it is important to sound a clear and public voice that opposes such steps.

Finally, we need to call out our elected representatives when they make logically muddled claims. In a speech to parliament this week Tuesday, Turnbull said:

The rights and protections of the vast overwhelming majority of Australians must outweigh the rights of those who will do them harm.

The ConversationThe data retention law is a distortion of the logic embedded in this statement because it indiscriminately targets all Australians. We must not allow the pernicious intent of a handful of terrorists to be used as an excuse to harm the rights of all Australians and change the fabric of our society.

Uri Gal, Associate Professor in Business Information Systems, University of Sydney

This article was originally published on The Conversation. Read the original article.

How the law allows governments to publish your private information



Image 20170310 10926 1lptfki
Controversy has recently surrounded Centrelink and its handling of ‘overpayments’ and personal information.
AAP/Dave Hunt

Bruce Baer Arnold, University of Canberra

Recent controversy over the government’s use of information provided to Human Services and Veterans’ Affairs demonstrates there are major holes in Australia’s privacy regime that we need to fix. The Conversation

Australians are accustomed to providing personal information to federal and state governments. We do it repeatedly throughout our lives. We do so to claim entitlements. We also do so as the basis of public administration – the contemporary “information state”.

In making that state possible we trust we will not be treated as a file number or an incident. We will not be doxed.

A key aspect of that trust, consistent with international rights law since the 1940s, is that our privacy will be protected. We assume officials – and private sector entities they use as their agents – will not be negligent in safeguarding personal information.

We also assume they will not share personal information with other agencies unless there is a substantive need for that sharing – for example, for national security or to prevent harm to an individual. And we expect they will not disclose personal information to the media or directly to the community at large as a way of silencing criticism or resolving disputes.

Australia has a sophisticated body of administrative law and ombudsmen. So, there is no need for public shaming of people who disagree with ministers, officials or databases.

The complicated and inconsistent body of privacy law highlighted by law reform commissions over the past two decades attempts to provide legal protection for personal information. It is overseen by under-resourced watchdogs that – amid threats of termination – are inclined to lick the ministerial hand that feeds them.

That law has major weaknesses, illustrated by the Centrelink controversy and the furore over the Veterans’ Affairs Legislation Amendment (Digital Readiness and Other Measures) Bill. The Commonwealth is able to ignore ostensible protections under the Privacy Act and other statutes. That is quite lawful. It has been so for many years, evident in the watchdog’s finding in L v Commonwealth Agency.

The watchdog’s guidelines state that where someone:

… makes adverse comments in the media about the way [a body] has treated them … it may be reasonable to expect that the entity may respond publicly to these comments in a way that reveals personal information specifically relevant to the issues that the individual has raised.

Put simply, if you complain publicly about a Commonwealth agency that holds personal information relating to you, that agency can lawfully give the information to the media or publish it directly. It can do so to correct what the minister deems to be “misinformation”.

There is no requirement that your complaint be malicious, fraudulent, vexatious or otherwise wrong. Disclosure is at the minister’s discretion, not subject to independent review. You have no legal remedies unless it could be proved that the official was malicious or corrupt.

We have seen such a disclosure. The Department of Human Services gave personal information to a journalist for publication about a person who disagreed with action by Centrelink to recover an alleged overpayment of an entitlement.

There has been much discussion in the media and the national parliament about the vigour with which the government is seeking to recover overpayments. Worryingly, it remains uncertain whether many of the alleged overpayments actually exist.

Ongoing changes to entitlements policy, the hollowing out of key agencies by the annual “efficiency dividend” (that is, ongoing cuts to budgets) and problematical design and management of very large information technology projects mean overpayments might not have occurred.

Public disclosure of someone’s personal information thus looks very much like bullying, if not a deliberate effort to chill legitimate criticism and discussion of publicly funded programs.

The veterans’ affairs minister and the shadow minister have apparently not done their homework. The new Digital Readiness Bill – passed in the House of Representatives but not in the Senate – allows the minister to publicly disclose medical and other personal information about veterans. The rationale for that disclosure is to correct misinformation.

Understandably, veterans are unhappy. Legal practitioners and academics wonder about the scope for public shaming through release of department information that might not be correct.

The national Privacy Commissioner has been complacent. Labor’s veterans’ affairs spokeswoman, Amanda Rishworth, has belatedly expressed concern. The minister has simply referred to the establishment of an independent review by the Australian Government Solicitor and his department. It is difficult to understand why privacy wasn’t properly considered before the bill went into parliament.

There are too many loopholes in Australia’s privacy regime. Government agencies also need to toughen up in the face of criticism – legitimate or otherwise – and not respond by bullying people through publication of personal information.

Bruce Baer Arnold, Assistant Professor, School of Law, University of Canberra

This article was originally published on The Conversation. Read the original article.