It recently came to light (thanks to some good reporting) that the Government has been fishing around with ISPs for their support on a new and radical data retention policy. This would legally oblige telcos to retain large amounts of data about their customers' communications activities in case law enforcement needed them at some point in the future.

We know this because some in the industry have spoken out, quietly, about the meetings. The Government, it would seem, would prefer to conduct them in complete and total secrecy.

Ben Grubb at the Sydney Morning Herald today shared some documents he obtained under Freedom of Information about the briefings between the Attorney-General's department and the industry. The screenshot below is indicative of the rest of the document - besides the page numbers, nothing substantive is left uncensored. Even the glossary of terms is heavily elided. One can only imagine the officer responsible for the editing must have made a few trips to the stationery cupboard for a fresh texta.

(more...)

For all his faults, Stalin was a pioneer in the field of image manipulation. Airbrushing liquidated foes from official photographs was the photoshopping of its day. And although Stalin (like modern dicatators) would have loathed the internet for its uncanny ability to let the truth slip out, he would have admired the way information can be changed in realtime and disappear instantly.

Many companies and individuals have been caught out trying to redact embarrassing material, but we can't always be sure when, how and why information is changing. When do personal and corporate interests take over, and when is the law at play? As a champion of an open internet, while at the same time a corporate citizen in hundreds of jurisdictions around the world, Google has a fine line to walk. To many, Google is the internet and they are bombarded with requests to remove unwanted material. They have no choice but to take those that come from governments and the courts very seriously.

Today Google have announced a new initiative to bring some transparency to this process. Google's Government Requests page, announced here, shows breakdowns by country of the number of requests they get to remove information by service. The statistics for Australia for the last 6 months of 2009 are interesting in particular:

155 data requests (requests for private user data for purposes of criminal investigation)

17 removal requests (52.9% of removal requests fully or partially complied with)

• 1 Blogger
• 1 Geo (except Street View)
• 1 Web Search
• 14 YouTube

Despite the important role they play, Google are a for-profit company and not a government department or some kind of public utility. This can be a cause for concern; when the corporate interest an the public interest conflict, such as in matters of privacy, we can only hope that Google's directors give the latter due consideration. We also have no explicit right to know about the inner workings of Google's information management systems. We are therefore encouraged with Google's latest move which we can only take as a good faith attempt to be a better internet citizen.

Around the world it has often been difficult to get a picture on how prevalent such requests are and the Google information will be examined with some interest. The fact that they have released these statistics voluntarily is a welcome sign and Google should be congratulated for doing so. They have raised the bar for the other companies that play such an important role in managing and safeguarding the information that makes up our digital lives.

There has been a lot of discussion about the recent changes to the South Australian Electoral Act 1985, and in particular the amendment to s 116 which extends the requirement of attribution to the internet.

The law seems poorly drafted and unworkable, but it may not pose as much of a threat as is suspected. See over the jump for my analysis.
(more...)

After a very short consultation period, the Attorney-General's Department is soliciting comments on its exposure draft of 'computer network protection' amendments to the Telecommunications (Interception and Access) Act 1979 (Cth).

EFA's submission addresses our key concern that the proposed legislation provides a very broad exception to the prohibition on interception of network communications for the purposes of ensuring that a network is 'appropriately used'. This is a very broad category that means that all network operators in Australia will be able to monitor the substance of communications that pass over their network for compliance with their Acceptable Use Policies - the terms of which could include nearly anything. The AGD suggests that this is necessary to increase security, but have not shown any convincing justification why the contents of communications need to be examined nor why the scheme should extend beyond corporate networks to all Australian networks - including consumer ISPs.

This proposed changed threatens to radically alter the ability of network operators to intercept, store, and disclose information passing over their networks. There are no safeguards to prevent disclosure to law enforcement agencies or third parties. It is entirely possible for these new provisions to be used to examine P2P filesharing data for copyright violations, for example, and to disclose any captured information to copyright owners.

EFA contends that this exposure draft is far too broad and unjustifiably infringes the privacy of Australian internet users. We call upon the Attorney-General's Department to critically examine the proposed legislation and tighten the exceptions to the broad prohibition on interception to a clear set of defined purposes and parties.

by Nic Suzor

Today I attended a briefing session on ACTA (Anti-Counterfeiting Trade Agreement ) hosted by the Australian Department of Foreign Affairs and Trade (DFAT). I felt it was a good meeting, and I really got the sense that DFAT were interested in public participation. There was a good deal of frustration on both sides of the fence – participants expressed serious concerns about the lack of transparency in the negotiating process, and DFAT consistently repeated that they were bound by confidentiality agreements and could not divulge details of the draft text of the agreement. Participants in the Tokyo round of negotiations agreed that the full text of the agreement will only be made available after negotiations have been concluded and the text finalised. Understandably, there were a number of members of the audience who were hesitant to accept any of DFAT's assurances as to the content of the agreement without access to the negotiation documents.

Overall, whilst I think that the process is far too secretive, DFAT appear to have gone a long way to make available what they can, and they seem genuinely interested in hearing from interested parties in Australia. Unfortunately, input will be limited (blind) until negotiations are complete and the text finalised, but DFAT assures us that they are considering the issues thoroughly and there will be genuine opportunity to debate whether or not to sign at the end of the process.

(more...)

Electronic Frontiers Australia (EFA) today expressed its concern about the lack of transparency in the development of the Anti-Counterfeiting Trade Agreement (ACTA). EFA is also troubled by the little information that is available about the substantive content of the proposed plurilateral agreement, which threatens to dramatically alter the copyright balance in favour of corporate rights owners, impose significant liability on Internet Service Providers, and require the institution of invasive surveillance and filtering.

EFA Chair Dale Clapperton slammed the negotiation process. “Negotiations for ACTA have been conducted secretly. The public have a right to be involved in the development of measures which will significantly alter their legal rights. So far, only copyright owners have been involved in this process, and the outcome will undoubtedly favour their interests over the legitimate interests of users and reusers of copyright material.”

(more...)

Electronic Frontiers Australia (EFA) today said that the latest in a long series of embarrassing data security breaches proves that the Commonwealth government can not be trusted to maintain the security of the proposed Health Services Access Card database.

"The government has dozens of databases containing sensitive and personal information about millions of every-day Australians," said EFA Chair Dale Clapperton. "Yet the government is unable to prevent its own employees from illegally snooping through personal records that they have no business accessing."

(more...)

EFA's submission to the Department of Human Services in relation to the Exposure Draft of the Human Services (Enhanced Service Delivery) Bill 2007 pointed out problems with the new proposed legislation, including privacy issues and over-reliance on questionable biometric technology for fraud prevention.

See EFA Media Release

(more...)

EFA has been actively involved during the last four years in efforts by the Parliament to deal with the vexed issue of interception of stored communications (e.g. email), and we have fought to ensure that there is an appropriate balance between protecting the privacy of telecommunications users and meeting legitimate needs for access by security and law enforcement agencies.

The 2007 Bill currently before Parliament includes major new powers for security and law enforcement agencies and significantly changes the existing "telecommunications data" access framework. It contains provisions that were not recommended, nor even mentioned, in the Blunn Report, and some provisions that are contrary to recommendations in the Blunn Report. Furthermore there are a number of technical problems with the drafting of the Bill that would create severe practical problems if implemented. Accordingly, EFA has recommended that this Bill be rejected by the Parliament. A Senate Committee is inquiring into the Bill.

See: EFA's submission to the Inquiry

EFA has sent a submission in support of the Australian Communications and Media Authority's proposed Integrated Public Number Database Scheme which is being established following the enactment of the Telecommunications Amendment (Integrated Public Number Database) Bill 2006.

EFA's submission to the Attorney-General's Department expresses serious concerns about the Exposure Draft of Telecommunications (Interception and Access) Amendment Bill 2007. The draft contains new powers enabling law enforcement agencies to access telecommunications data without a warrant, which were not recommended in the Blunn Review Report, and other provisions that are contrary to some recommendations in the Blunn Report. EFA would be unable to support passage of the proposed legislation in its current form.

See EFA's submission to the A-G's Dept.

The exposure draft of an Access Card Bill has exacerbated EFA's opposition to the system. The broad powers to be granted to the Minister and DHS officers facilitates function creep, negates implied promises about limits on storage of information in the national ID database, and possibly even enables the collection of fingerprints, etc. Proposed offences are seriously deficient: some are unlikely to be enforced due to the nature of criminal law, some would criminalise innocuous activity, and some show DHS has no confidence in the technological security of the card system architecture and enable individuals to be prosecuted for events beyond their control.

See EFA's submission on the Access Card Exposure Draft Bill.

EFA sent a submission to the Australian Law Reform Commission in response to ALRC Issues Paper 31 Review of Privacy. EFA considers the Privacy Act 1988 (Cth) is in need of major overhaul. It is inadquate to protect the privacy of Australians in the 21st century.

See EFA's submission to the ALRC.

The Telecommunications Amendment (Integrated Public Number Database) Bill 2006 was introduced into Federal Parliament. This Bill will improve privacy protection for telephone subscriber information stored in the IPND and will implement a situation substantially similar to that advocated in EFA's July 2005 submission to the ACMA concerning data sourced from the IPND. Unfortunately however the Government has not addressed the related issue of Sensis's collection of data directly from telephone service providers, not the IPND. Hence the Bill will not result in adequate regulation, nor result in a level playing field applicable to public directory producers. EFA considers Sensis should be required to comply with the same rules as any other public directory producer.

EFA sent a submission in response to the ACMA's Discussion Paper on an Industry Standard for the Making of Telemarketing Calls. The ACMA is required by the Do Not Call Register Act 2006 to develop a national telemarketing standard to provide consumers with greater certainty regarding the minimum level of behaviour they can expect from unsolicited telemarketing, opinion polling and survey calls (including from entitities exempt from compliance with the Do Not Call Register).

See EFA's submission to the ACMA and EFA's Use of Telecommunications Customer Information page.

EFA is deeply concerned by the planned rollout of a so-called Access Card smart card linked to a centralised database containing identification, and other, information about almost every adult Australian and Australian residents. The proposal is flawed because it produces a "honeypot effect" - a highly attractive and richly rewarding single target for criminals engaged in identity theft.

See EFA's submission to the DHS Access Card Consumer and Privacy Taskforce and EFA's Access Card page.