The new data retention law seriously invades our privacy – and it’s time we took action



File 20170615 24976 1y7ipnc
Then government’s new law enabling the collection of metadata raises serious privacy concerns.
shutterstock

Uri Gal, University of Sydney

Over the past few months, Australians’ civil rights have come under attack.

In April, the government’s data retention law came into effect. The law requires telecommunications companies to store customer metadata for at least two years. Metadata from our phone calls, text messages, emails, and internet activity is now tracked by the government and accessible by intelligence and law enforcement agencies.

Ironically, the law came into effect only a few weeks before Australia marked Privacy Awareness Week. Alarmingly, it is part of a broad trend of eroding civil rights in Western democracies, most noticeably evident by the passage of the Investigatory Powers Act in the UK, and the decision to repeal the Internet Privacy Law in the US.

Why does it matter?

Australia’s data retention law is one of the most comprehensive and intrusive data collection schemes in the western world. There are several reasons why Australians should challenge this law.

First, it undermines the democratic principles on which Australia was founded. It gravely harms individuals’ right to privacy, anonymity, and protection from having their personal information collected.

The Australian Privacy Principles define limited conditions under which the collection of personal information is permissible. It says personal information must be collected by “fair” means.

Despite a recent ruling by the Federal Court, which determined that our metadata does not constitute “personal information”, we should consider whether sweeping collection of all of Australian citizenry’s metadata is consistent with our right to privacy.

Second, metadata – data about data – can be highly revealing and provide a comprehensive depiction of our daily activities, communications and movements.

As detailed here, metadata is broad in scope and can tell more about us than the actual content of our communications. Therefore, claims that the data retention law does not seriously compromise our privacy should be considered as naïve, ill-informed, or dishonest.

Third, the law is justified by the need to protect Australians from terrorist acts. However, despite the government’s warnings, the risk of getting hurt in a terrorist attack in Australia has been historically, and is today, extremely low.

To date, the government has not presented any concrete empirical evidence to indicate that this risk has substantially changed. Democracies such as France, Germany and Israel – which face more severe terrorist threats than Australia – have not legalised mass data collection and instead rely on more targeted means to combat terrorism that do not jeopardise their democratic foundations.

Fourth, the data retention law is unlikely to achieve its stated objective and thwart serious terrorist activities. There are a range of widely-accessible technologies that can be used to circumvent the government’s surveillance regime. Some of them have previously been outlined by the now-prime minister, Malcolm Turnbull.

Therefore, in addition to damaging our civil rights, the law’s second lasting legacy is likely to be its contribution to increasing the budgetary debt by approximately A$740 million over the next ten years.

How can the law be challenged?

There are several things we can do to challenge the law. For example, there are technologies that we can start using today to increase our online privacy.

A full review of all available options is beyond the scope of this article, but here are three effective ones.

  1. Virtual private networks (VPNs) can hide browsing information from internet service providers. Aptly, April 13, the day the data retention law came into effect, has been declared the Australian “get a VPN day”.

  2. Tor – The Onion Router is free software that can help protect the anonymity of its users and conceal their internet activity from surveillance and analysis.

  3. Encrypted messaging applications – unprotected applications can be easily tracked. Consequently, applications such as Signal and Telegram that offer data encryption solutions have been growing in popularity.

Australian citizens have the privilege of electing their representatives. An effective way to oppose continuing state surveillance is to vote for candidates whose views truly reflect the democratic principles that underpin modern Australian society.

The Australian public needs to have an honest, critical and open debate about the law and its social and ethical ramifications. The absence of such a debate is dangerous. The institutional accumulation of power is a slippery slope – once gained, power is not easily given up by institutions.

And the political climate in Australia is ripe for further deterioration of civil rights, as evident in the government’s continued efforts to increase its regulation of the internet. Therefore, it is important to sound a clear and public voice that opposes such steps.

Finally, we need to call out our elected representatives when they make logically muddled claims. In a speech to parliament this week Tuesday, Turnbull said:

The rights and protections of the vast overwhelming majority of Australians must outweigh the rights of those who will do them harm.

The ConversationThe data retention law is a distortion of the logic embedded in this statement because it indiscriminately targets all Australians. We must not allow the pernicious intent of a handful of terrorists to be used as an excuse to harm the rights of all Australians and change the fabric of our society.

Uri Gal, Associate Professor in Business Information Systems, University of Sydney

This article was originally published on The Conversation. Read the original article.

How the law allows governments to publish your private information



Image 20170310 10926 1lptfki
Controversy has recently surrounded Centrelink and its handling of ‘overpayments’ and personal information.
AAP/Dave Hunt

Bruce Baer Arnold, University of Canberra

Recent controversy over the government’s use of information provided to Human Services and Veterans’ Affairs demonstrates there are major holes in Australia’s privacy regime that we need to fix. The Conversation

Australians are accustomed to providing personal information to federal and state governments. We do it repeatedly throughout our lives. We do so to claim entitlements. We also do so as the basis of public administration – the contemporary “information state”.

In making that state possible we trust we will not be treated as a file number or an incident. We will not be doxed.

A key aspect of that trust, consistent with international rights law since the 1940s, is that our privacy will be protected. We assume officials – and private sector entities they use as their agents – will not be negligent in safeguarding personal information.

We also assume they will not share personal information with other agencies unless there is a substantive need for that sharing – for example, for national security or to prevent harm to an individual. And we expect they will not disclose personal information to the media or directly to the community at large as a way of silencing criticism or resolving disputes.

Australia has a sophisticated body of administrative law and ombudsmen. So, there is no need for public shaming of people who disagree with ministers, officials or databases.

The complicated and inconsistent body of privacy law highlighted by law reform commissions over the past two decades attempts to provide legal protection for personal information. It is overseen by under-resourced watchdogs that – amid threats of termination – are inclined to lick the ministerial hand that feeds them.

That law has major weaknesses, illustrated by the Centrelink controversy and the furore over the Veterans’ Affairs Legislation Amendment (Digital Readiness and Other Measures) Bill. The Commonwealth is able to ignore ostensible protections under the Privacy Act and other statutes. That is quite lawful. It has been so for many years, evident in the watchdog’s finding in L v Commonwealth Agency.

The watchdog’s guidelines state that where someone:

… makes adverse comments in the media about the way [a body] has treated them … it may be reasonable to expect that the entity may respond publicly to these comments in a way that reveals personal information specifically relevant to the issues that the individual has raised.

Put simply, if you complain publicly about a Commonwealth agency that holds personal information relating to you, that agency can lawfully give the information to the media or publish it directly. It can do so to correct what the minister deems to be “misinformation”.

There is no requirement that your complaint be malicious, fraudulent, vexatious or otherwise wrong. Disclosure is at the minister’s discretion, not subject to independent review. You have no legal remedies unless it could be proved that the official was malicious or corrupt.

We have seen such a disclosure. The Department of Human Services gave personal information to a journalist for publication about a person who disagreed with action by Centrelink to recover an alleged overpayment of an entitlement.

There has been much discussion in the media and the national parliament about the vigour with which the government is seeking to recover overpayments. Worryingly, it remains uncertain whether many of the alleged overpayments actually exist.

Ongoing changes to entitlements policy, the hollowing out of key agencies by the annual “efficiency dividend” (that is, ongoing cuts to budgets) and problematical design and management of very large information technology projects mean overpayments might not have occurred.

Public disclosure of someone’s personal information thus looks very much like bullying, if not a deliberate effort to chill legitimate criticism and discussion of publicly funded programs.

The veterans’ affairs minister and the shadow minister have apparently not done their homework. The new Digital Readiness Bill – passed in the House of Representatives but not in the Senate – allows the minister to publicly disclose medical and other personal information about veterans. The rationale for that disclosure is to correct misinformation.

Understandably, veterans are unhappy. Legal practitioners and academics wonder about the scope for public shaming through release of department information that might not be correct.

The national Privacy Commissioner has been complacent. Labor’s veterans’ affairs spokeswoman, Amanda Rishworth, has belatedly expressed concern. The minister has simply referred to the establishment of an independent review by the Australian Government Solicitor and his department. It is difficult to understand why privacy wasn’t properly considered before the bill went into parliament.

There are too many loopholes in Australia’s privacy regime. Government agencies also need to toughen up in the face of criticism – legitimate or otherwise – and not respond by bullying people through publication of personal information.

Bruce Baer Arnold, Assistant Professor, School of Law, University of Canberra

This article was originally published on The Conversation. Read the original article.

Digital Privacy Is “The New Frontier Of Human Rights”


TechCrunch

The impact of mass, digitally-enabled state surveillance upon individuals’ privacy has been described as “the new frontier of human rights” by Member of the European Parliament, Claude Moraes, who was giving an annual lecture on behalf of the Centre for Research into Information, Surveillance and Privacy at the London School of Economics on Friday.

Moraes is chair of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), which conducted an inquiry into electronic mass surveillance of European Union citizens last year, in the wake of Edward Snowden’s revelations about the NSA’s digital dragnets.

Moraes said there is a growing understanding among members of the European Parliament of the need to balance state surveillance practices with individual privacy rights, although he noted there is variation at the level of individual MEPs and Member States, with some (such as the U.K.) taking a far more pro-surveillance and anti-privacy position.

He described the notion that there is an either/or dichotomy…

View original post 881 more words

Facebook Admits Users Are Confused About Privacy, Will Show More On-Screen Explanations


TechCrunch

Facebook today offered reporters a deep dive on how it handles privacy and previewed some upcoming changes. The company revealed it does 80 trillion privacy checks per day on the backend to make sure data isn’t wrongly exposed. It runs 4000 surveys about privacy per day which pushed it to now begin displaying on-screen descriptions of how privacy controls work, including for status update audience selectors and resharing.

Facebook used to have every team work on its own privacy functionality, and then would have dedicated teams for privacy sprints around specific privacy changes. But as the company grew, two specific privacy teams evolved. One is the Privacy Product Engineering team that builds the settings that let users control who sees their content. The other is the Privacy Infrastructure Engineering team, which “helps engineers move the fast and build things” while still being confident there will be no privacy breaches, says Privacy…

View original post 573 more words

Through a PRISM darkly: Tracking the ongoing NSA surveillance story


Gigaom

It was a relatively quiet week for internet news until Guardian blogger Glenn Greenwald dropped a bombshell on Thursday, with a story that showed the National Security Agency was collecting data from Verizon thanks to a secret court order. But that was just the beginning: the Washington Post later revealed an even broader program of surveillance code-named PRISM, which involved data collection from the web’s largest players — including Google (s goog), Facebook (s fb) and Apple (s aapl) — and then the Wall Street Journal said data is also being gathered from ISPs and credit-card companies.

This story is moving so quickly that it is hard to keep a handle on all of the developments, not to mention trying to follow the denials and non-denials from those who are allegedly involved, and the threads that tie this particular story to the long and sordid history of the U.S. government’s…

View original post 4,165 more words

Why Facebook Home bothers me: It destroys any notion of privacy


Gigaom

23-remake-of-path-menuOne of the great things about attending Facebook’s events is that one gets to see Mark Zuckerberg mature as a chief executive and hone his presentation skills. And today, he didn’t disappoint in his ability to spin the media corps. It was all claps for “four colors on HTC First” and ideas “inspired” by the likes of Amazon Kindle (ads) and Path. But what he did most brilliantly was obfuscate the difference between an app (Home), the user experience layer and the operating system.

Zuckerberg did that for two reasons: First, to buy his company time to build a proper OS that will come to us in dribs and drabs and then will wash over us suddenly, like a riptide. And secondly, to convince people that “Home” is just like any other app. Unfortunately, Facebook’s Home is not as benign as that.

In fact, Facebook Home should put privacy advocates on…

View original post 482 more words