Submission, in lieu of appearing at a hearing, Monday 21 July 2014
Civil Liberties Australia (CLA) apologises for not being able to bring forward, at short notice, its scheduled appearance to suit the Senate Legal and Constitutional Affairs Committee’s revised timetable. Employment commitments and hospital appointments mean we can not change our schedule.
CLA welcomes this review of the Telecommunications (Interception and Access) Act. As a piece of written law, the Act is as impenetrable as it is powerful. Replete with jargon and exemptions for a range of bodies, it is beyond the power of many members of the community to understand the effect of this Act on their lives. We believe that a comprehensive revision of the Act should occur and that, as a matter of course, effort is taken to redraw it in plain English, with guides throughout.
The Act begins – albeit at section 7 – with a simple premise: A person shall not intercept; authorize, suffer or permit another person to intercept; or do any act or thing that will enable him or her or another person to intercept a communication passing over a telecommunications system. That the Act’s entire subsequent purpose is to qualify and diminish this protection, this essential touchstone, is inappropriate. The protection must be maintained and, we believe, strengthened. To this section we believe other essential principles should be included, for example:
- The protection of freedom of speech and lawful dissent;
- The protection of privacy, reputation and family from arbitrary interference;
- The presumption of innocence;
- The right to life, including the abolition of the death penalty; and
- That intelligence and policing agencies must not discriminate in their dealings or support discrimination on the basis of race, ethnicity, gender, sexual orientation, etc…
The Act already includes a provision – s 180F – outlining privacy considerations. We believe this section should be amended so as to apply to the collection, storage,disclosure or use of information obtained under this Act, applying to all aspects of the Act.
Our comments below are in relation to Police-Intelligence-Security Agencies (PISAs) and their use of current and proposed “terrorism” and associated legislation. CLA defines PISAs as: the federal, state, and territory police forces, the national and international security agencies (ASIO and ASIS) and similar bodies including, but not limited to, the Australian Crime Commission, the equivalent Defence groups and any other intelligence agencies or committees whose existence is not public knowledge.
In respect of all of these bodies, legislation must be revised so that:
- Clear and explicit reference is made to individual rights and civil liberties. It is not sufficient to have PISAs develop their own guidelines on privacy. The safeguarding of individual citizen rights, including those set out in the International Covenant on Civil and Political Rights is too critical to leave to those who have a vested interest in undermining them.
- To ensure the Telecommunications (Interception and Access) Act and other security related legislation does not become a Snoops’ Charter, there should be explicit mention that no warrant should be granted, or requested/approved, unless the officer can demonstrate that the need for access outweighs the rights of the parties to the communication to privacy.
- There is a presumption in drafting and operation of the Act that a warrant is required for all access and interception requests (unless in an emergency, involving individual life and death). While a lower level of authorisation may be appropriate for certain ‘business subscriber data’ (limited to name, billing address, credit card and service number) a warrant should be required for all content and metadata (IP address, location, search history or time and date of calls).
- A graduated scale of oversight and independence applies to requests for access. In general, if you are requesting more information (both in kind and duration) a higher level of authorisation is required. For example, one type of metadata at one point in time is less intrusive than several types of metadata together, or a single type (e.g. location) over a period of time.
- The number of agencies able to request data, or apply for an interception or retention order, should be as small as possible, and the ‘approved agencies’ with whom that data can be shared should be significantly reduced from what it currently is.
- A clear distinction must be maintained between Intelligence Agencies and Policing agencies – both have different spheres of operation, training and oversight. ASIO officers should not conduct their own undercover operations when the AFP and other policing bodies already have the skills and training to do so.
- The number of ASIO’s interception requests should be included in annual reports, at least for completed operations. If it is necessary reporting could be broken up into less explicit bands (eg. 0-10; 10-50; 50-100; 100-500; 500-1000; 1000+).
- The Australian Law Reform Commission’s recommendations regarding the Telecommunications (Interception and Access) Act should be implemented as per the submission of the ALRC.
- Data retention, if considered, must take place in the context of an open debate, with the Attorney-General’s Department acting with candor and honesty about its prior policy discussions with the telecommunication and intelligence sectors. Clear definitions of ‘meta’ or ‘telecommunications’ data need to be established. If implemented, data retention should be for no more than six months (not two years), with the government to bear the cost of implementation. Access to retained data must be via a warrant in all except cases except emergencies, and the Committee is to have an ongoing oversight role.
- Australia ensures that its implementation of the foreign assistance regime does not undermine Australia’s commitment to human rights and to the abolition of the death penalty. Requests for assistance where the offence alleged is a moral crime (e.g. homosexuality) or where a death sentence is likely to result if such assistance is provided, should be refused.
- The government should consider raising the threshold for ‘serious contravention’ that can justify an interception warrant to 5 or 7 years (currently 3 years), or that some other element must be suspected of being present (for example, a network of co-conspirators).
Background…and the future
Analysing the background to the proposed Telecommunications (Interception and Access) Act changes illustrates problems CLA has highlighted for most of a decade, which the Parliament has not addressed. Below we outline our main concerns and possible solutions:
- Parliament has passed more than 70 new Acts, and major changes to existing Acts, in relation to ‘terrorism’ and related legislation since 2001. The number was certified at 50 when CLA counted, formally, with the help of a Senate research partnership, in late-2007. The rate is about 6 new PISA laws each year for more than 12 years, and it is not slowing.
- There are new PISA laws every time a new government is elected. PISA agencies go fishing: while the individually landed ‘fish’ (a new law) may be within acceptable regulations, the total catch (all the laws) is well beyond the reasonable limit. These laws act like a ratchet, only ever increasing, with past gains locked into place.
- Fragmentation of the system makes accountability and reform impossible. For about 7-8 years, before a number of committees, CLA has said that it is inappropriate for any one committee, such as this one, to look at one law, such as this one, in isolation. (Below, we propose a solution). The answer we are always given is that: “This Committee is only concerned with this particular law”. With respect, all committees should be concerned about the overall effect that each, and all the combined, terrorism legislation is having on the liberties, rights and privacy of Australians.
- Laws related to terrorism – and particularly telecommunications interception laws – should not produce, as their outcome, the prosecution of people keeping tortoises in Tasmania and dogs in boarding kennels in Victoria. Indeed, their effective reach to achieve their stated aims – and no more – should be assessed frequently and independently. We note that President Obama and Congress in the USA are aware, from official reports, that the NSA’s mass surveillance programs have not “played any meaningful role in preventing terrorist attacks”.
- Privacy is increasingly being devalued, ‘traded away’ or ‘balanced’ without any proper debate or discussion. Proposed reforms to the ASIO Act seek to increase five-fold the penalty to leaking information, yet we have weak protections for breaches of our privacy by officers or the Government. By way of example, an AFP officer was charged in Sydney last week on several counts, including bribery and corruption involving maximum sentences of 10 years for each offence. But the maximum sentence the man might receive for allegedly illegally accessing people’s files – violating their privacy – is only 2 years.
- Increasing the ability of national and international telecommunications bodies to intercept and access information – allied to data retention and expansion of ASIS and ASIO powers as proposed by Attorney-General Senator George Brandis – is directly against the international trend in Germany and Europe. We note that the European Court of Justice recently struck down the EU Data Retention Directive as it entailed a “wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data.” And that in March 2014, the UN Human Rights Committee called upon the United States to refrain from imposing mandatory retention of data by third parties.
Solution proposed by Civil Liberties Australia:
The government, in its Budget papers, disclosed that the Independent National Security Legislation Monitor (INSLM), Bret Walker SC, has been paid almost $1m for reviewing security legislation over the past three years. Rather than waste that expensive, informed intelligence, CLA proposes that Mr Walker be asked to draft a Security Principles document, as a prelude to an entire rewrite of all terrorism and terrorism-related legislation.
The Security Principles document would set out, in categories, the type of laws required to protect the nation, the principles which should guide them, and the types of safeguards which should be in each law and in all laws. We envisage the task of producing the Security Principles document as similar to combining all elements of crime into a Crimes Act, for which models exist.
With his unique perspective and knowledge of the field, no-one is better situated than Mr Walker to propose a new suite of PISA and related powers that would achieve the required safety and security for the nation, at the same time as retaining maximum possible civil liberties, human rights and privacy for its citizens. We note that he has already produced a number of reports for the Government that could form the basis for this project.
Recommendation: Civil Liberties Australia proposes Mr Bret Walker SC be retained for 12-24 months to write a new set of principles, based on his knowledge gained over past three years, from which an all-embracing Bill can be written to bring the tentacles of PISA legislation back into some sort of control by Parliament.
We also propose Mr Walker be asked to recommend a monitoring and checking system for assuring such sweeping and secret powers are not abused.
Addendum: Recent comments on terrorism and related interception activity in the UK:
21 June 2013:
… GCHQ’s Operation Tempora and a snoopers’ charter – the bulk collection of everyone’s data for mining by spooks at their leisure, whether any suspicion exists or not. Tempora makes all of us objects of desire to the state, whoever we are. It renders all human discourse the subject of government inquiry without warrant or discrimination and in doing so it redraws the line between citizen and state in an ugly way. The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases. The documents reveal that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.
18 July 2014:
The intelligence services are constructing “vast databases” out of accumulated interceptions of emails, a tribunal investigating mass surveillance of the internet has been told.
Matthew Ryder QC, for Liberty and other human rights groups, told a hearing the government had not disputed “that databases gathering material that may be useful for the future is something that may be permissible under Ripa [the Regulation of Investigatory Powers Act 2000]”.
If they are deemed under the legislation to be “necessary”, he said, that may mean their use “can stretch far into the future”.
Other recent relevant stories relating to intercepts, access and data holdings:
Germany expels CIA spy chief: http://www.washingtonpost.com/world/europe/germany-expels-us-intelligence-station-chief-over-spying-allegations/2014/07/10/dc60b1f0-083c-11e4-8a6a-19355c7e870a_story.html
For ineffectiveness of stockpiled, intercepted data, see:
For collateral spying damage, see:
“Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded.”
 See for example s17A of the Australian Secret Intelligence Organisation Act 1970 – This Act shall not limit the right of persons to engage in lawful advocacy, protest or dissent and the exercise of that right shall not, by itself, be regarded as prejudicial to security, and the functions of the Organisation shall be construed accordingly.
 As ASIS was unknown by the public until 1975.
 CLA does not suggest that these conditions are sufficient for its support for data retention, but that they are merely essential features of any such scheme.