It recently came to light (thanks to some good reporting) that the Government has been fishing around with ISPs for their support on a new and radical data retention policy. This would legally oblige telcos to retain large amounts of data about their customers' communications activities in case law enforcement needed them at some point in the future.

We know this because some in the industry have spoken out, quietly, about the meetings. The Government, it would seem, would prefer to conduct them in complete and total secrecy.

Ben Grubb at the Sydney Morning Herald today shared some documents he obtained under Freedom of Information about the briefings between the Attorney-General's department and the industry. The screenshot below is indicative of the rest of the document - besides the page numbers, nothing substantive is left uncensored. Even the glossary of terms is heavily elided. One can only imagine the officer responsible for the editing must have made a few trips to the stationery cupboard for a fresh texta.

(more...)

After a very short consultation period, the Attorney-General's Department is soliciting comments on its exposure draft of 'computer network protection' amendments to the Telecommunications (Interception and Access) Act 1979 (Cth).

EFA's submission addresses our key concern that the proposed legislation provides a very broad exception to the prohibition on interception of network communications for the purposes of ensuring that a network is 'appropriately used'. This is a very broad category that means that all network operators in Australia will be able to monitor the substance of communications that pass over their network for compliance with their Acceptable Use Policies - the terms of which could include nearly anything. The AGD suggests that this is necessary to increase security, but have not shown any convincing justification why the contents of communications need to be examined nor why the scheme should extend beyond corporate networks to all Australian networks - including consumer ISPs.

This proposed changed threatens to radically alter the ability of network operators to intercept, store, and disclose information passing over their networks. There are no safeguards to prevent disclosure to law enforcement agencies or third parties. It is entirely possible for these new provisions to be used to examine P2P filesharing data for copyright violations, for example, and to disclose any captured information to copyright owners.

EFA contends that this exposure draft is far too broad and unjustifiably infringes the privacy of Australian internet users. We call upon the Attorney-General's Department to critically examine the proposed legislation and tighten the exceptions to the broad prohibition on interception to a clear set of defined purposes and parties.

A substantial amount of media and public attention on the issue of workplace surveillance has been created by an article published in the Sydney Morning Herald on Monday 14 April 2008.  That article quoted the Commonwealth Attorney-General Mr Robert McClelland as saying that Labor intended to give extra powers to intercept telecommunications to private-sector companies dealing with critical infrastructure, and that these new powers were necessary to avoid the threat of cyber terrorism.  These powers are currently only held by a select few intelligence, police, and anti-corruption organisations specifically named in legislation.

Under the law as it currently stands, it is illegal to intercept a communication passing over a telecommunications system unless the person making the communication knows it is being intercepted.  This is why, for example, when you telephone a call-centre you will usually hear a recorded message that your call may be monitored for various purposes.  Similarly, if a company's Internet usage policy notifies employees that their Internet usage may be monitored, then that monitoring would not be an illegal interception under Commonwealth law, although State and Territory laws dealing specifically with the issue of workplace surveillance may impose additional requirements in some states.

(more...)

EFA has been actively involved during the last four years in efforts by the Parliament to deal with the vexed issue of interception of stored communications (e.g. email), and we have fought to ensure that there is an appropriate balance between protecting the privacy of telecommunications users and meeting legitimate needs for access by security and law enforcement agencies.

The 2007 Bill currently before Parliament includes major new powers for security and law enforcement agencies and significantly changes the existing "telecommunications data" access framework. It contains provisions that were not recommended, nor even mentioned, in the Blunn Report, and some provisions that are contrary to recommendations in the Blunn Report. Furthermore there are a number of technical problems with the drafting of the Bill that would create severe practical problems if implemented. Accordingly, EFA has recommended that this Bill be rejected by the Parliament. A Senate Committee is inquiring into the Bill.

See: EFA's submission to the Inquiry

EFA's submission to the Attorney-General's Department expresses serious concerns about the Exposure Draft of Telecommunications (Interception and Access) Amendment Bill 2007. The draft contains new powers enabling law enforcement agencies to access telecommunications data without a warrant, which were not recommended in the Blunn Review Report, and other provisions that are contrary to some recommendations in the Blunn Report. EFA would be unable to support passage of the proposed legislation in its current form.

See EFA's submission to the A-G's Dept.