Two weeks ago, on 5th September, long-standing EFA Board Member Andrew Pam appeared before the Federal Parliament's Joint Committee on Intelligence and Security. The Committee is reviewing the Attorney-General's Discussion Paper on proposed changes to National Security laws, including the proposal for blanket data retention.
Parliament has finally published the transcript of this hearing, which you can read in full at that link. We've selected some highlights for you below.
Committee members present were:
- Anthony Byrne MP (CHAIR) - ALP Member for Holt
- Michael Danby MP - ALP Member for Melbourne Ports
- Philip Ruddock MP - Liberal Member for Berowra, former Attorney-General
- Andrew Wilkie MP - Independent Member for Denison
- Senator John Faulkner - ALP Senator for NSW, former Minister for Defence
Senator FAULKNER: Do you see any way that a data retention scheme can be developed with adequate safeguards that effectively delivers on both of these critically important imperatives that this committee is looking at balancing?
Mr Pam: These are of course very difficult questions. Certainly, it is the case that both of those goals—the goal of preserving civil liberties and freedoms and the goal of addressing national security concerns—are important. They are goals that the government is tasked to accomplish. The difficulty is that there has to be a judgment on which things are achievable and at what cost. Ultimately, 100 per cent safety is not achievable and, for every additional degree of success in prosecuting national security or criminal issues, there has to be a commensurate cost that is weighed against that. Our concern is that, as you increase the amount of data retained, the period of time for which it is retained and the number of organisations required to retain it, you are inevitably significantly increasing not only the costs in the most literal sense of financial costs and so forth but also the degree to which society and the culture of our society is turned towards one in which there is a climate of fear and a climate of concern about being surveilled by the government and a lack of respect for the government and the rule of law, and those are all very serious civil liberties issues which are very difficult to effectively address. As we pointed out in our submission, similar data retention requirements in Europe are now being challenged on constitutional grounds and a number of countries because they are really very difficult to effectively address. We just do not see any adequate justification in the proposal as it is put before us now. It is not that it may not be possible to justify, but no evidence of any serious justification has as yet been put forward.
Senator FAULKNER: That is fair criticism. I have said before that there are no safeguards outlined. In fact, the detail about the proposal itself is obviously very limited. You stress in your submission that transparency and privacy are absolutely critical if such a proposal is to go ahead. Why have you focused particularly on transparency and privacy?
Mr Pam: Evidence has shown in the past that once a system of retention like this is in place there is a very strong temptation at multiple levels: at the organisational level, the temptation for an organisation to take advantage of things that make the organisation's job easier, and at the personal level, where an individual may have access, the temptation to abuse that access. History has shown that routinely—not every day but recurringly, over a period of time—breaches do occur. The mere introduction of any such system of retention immediately exposes one to a risk. The longer the system exists, if it exists for a period of decades, then over that time it is a near certainty that there will be some abuses of the system. And then you have to weigh up the consequences of those abuses against the potential good that has come out of having the system in place. It is sometimes a difficult judgement to make, but history has shown that there are known negative consequences of introducing these systems. I think we have to think very carefully before we go ahead and put these things into place.
Senator FAULKNER: Have you found generally in preparing your submission, which is very helpful from the perspective of this committee, that it is a challenge, given the lack of detail around many of the proposals?
Mr Pam: Absolutely.
Senator FAULKNER: I would be interested in your view, first of all, about lack of detail and, secondly, the breadth and range of the issues the committee has before us. I would be interested in your perspective on how much of a challenge that was, or if you found that a challenge in developing your submission for the committee.
Mr Pam: That is certainly the case. The time period was not enormous to start with; it was four weeks, then extended to six weeks, which was not a great amount of time. Then, as you say, there is enormous scope—and perhaps rightly so, in the sense that this scope of issues certainly needs to be addressed. The change of technology very clearly raises all these issues, and the broad scope of topics that are of concern to law enforcement and national security is a reasonable thing to attempt to address. But when it is presented in this form without any substantive detail as to how exactly these things will be monitored and how we can assure ourselves that there will not be abuses—well, we cannot—or at least how the abuses will be minimised and on whom the cost will fall, and that we have actually investigated the consequences not only for the immediate stakeholders but in terms of the general impression it leaves upon the public, it can be corrosive. It can be corrosive to a democracy when the view of the public is that they are living in a surveillance state. The extent to which we have looked into this is not very great at the moment, and that does concern us.
Mr WILKIE: That is the bottom line I was pursuing—it is technically possible for the government to implement a regime that would harvest and store an enormous amount of data, including information on who a person is sending an email to or getting an email from, and conceivably even storing the content of those emails, if they wanted to go down that path, to go that far. It is technically possible.
Mr Pam: Yes, in general. Particularly with the use of strong encryption, there are mechanisms that would help to bypass that to some degree. One of the things we have pointed out in our submission is that, the more interest people have in disguising information and hiding from surveillance, the more difficult it becomes to capture that information. So the likely result of putting such a regime in place is that one would generally capture everything except the information that is of most value. One would tend to impose significant costs and capture a great deal of traffic from people who are not the most motivated. But there are mechanisms that the people who are the most motivated can take that make their information very difficult to intercept.
Mr WILKIE: So it is quite conceivable that the government could put in place a very tough regime but it could be avoided by those who are a little bit tech savvy.
Mr Pam: Those who are highly motivated, yes, and who are either tech savvy or have access to that information. That is another difficulty—once the information is available, unless you put in place very strong censorship, people can, even if they are not themselves that tech savvy, do a search saying, 'How do I prevent my email being intercepted?'
There are tools being created. Even, for example, the US government has funded tools to help people who are in repressive regimes. It publicises that quite widely, so you can go and look up the software that has been made available by the US government to bypass repressive regimes and say, 'I think I'll use that.'
Mr WILKIE: Putting aside the capabilities of the government agencies, do the ISPs like Telstra have the know-how, in your opinion, to crack commercially available encryption?
Mr Pam: Know-how, yes. Resources is another question. Certainly anybody with any technical education would have both the knowledge to encrypt information to protect it and the information on processes commonly used to crack that. The thing is that generally these things are designed to be asymmetric, so the amount of resources required to crack encryption is significantly more than the amount required to encrypt in the first place.
Mr WILKIE: Okay. My head is well and truly spinning, but I think we have come across a very important point in all that about the effectiveness of anything the government might do.
CHAIR: I have a follow-up question on the same lines, inspired by Mr Wilkie. It is not a fleshed-out proposal, but let us say telecommunications carriers then harvest or keep this data. Say there is a scheme that says that we need to keep all the data for two years. How easy would it be to access it?
Mr Pam: Yes, that is one of the concerns that we have expressed in the submission. The problem is that, first of all, it is not generally the case—much to the concern of security experts everywhere—that people have good security practices, as we constantly find. The bare minimum of security practices that security experts will recommend is that you keep sensitive data encrypted normally when not actually in use. If you keep it backed up or on a CD for transport or any of those kinds of things, the backed-up form or transport form of that data, where it is not in active use, should be encrypted. In the event that it falls into the wrong hands or is lost in the mail or whatever—and these things do happen: laptops get stolen or lost on trains and planes—you would hope that that information is encrypted so that it cannot be used by the first person to pick it up. Sadly, even that does not often happen. So this is a real concern.
Again, there are costs to deploying this sort of regime, and a lot of companies do not do it right or do not to it adequately; or their employees are not rigorous about it—or whatever. It is a real concern. Of course, you could legislate for that, and you could say that there are protective requirements, that telcos are required to ensure that their information is adequately protected against loss or theft. Again, there are costs to that—they have to deploy the necessary technology, they have to train the staff, they have to ensure that those requirements are adhered to. There is going to be a cost in deploying the system in the first place; to deploy it securely adds additional costs. But I think we should be requiring that.
CHAIR: Thinking about all the many terabytes of information that would be stored, again, it looks like, according to what we understand—and that is a limited understanding—that that would be at the behest of the carriers, so it would be the carriers that would be responsible. How secure would that information be?
Mr Pam: As I said, you would hope that there would be some decent measures taken—and possibly even a requirement that decent measures be taken. But there are two kinds of security issues that I immediately see: one is the leakage or loss of control over the data in the first place; and the second is access to and understanding the contents of that. So the first question is: can people walk off the premises with it, or download it from the premises—whether it be physically or over the internet—and the second question is: having obtained that data, is it in some way protected or can they immediately access it and make use of it?
This becomes an even greater concern when you start to cross-link. This is a very serious concern now—that, even in cases where information was not at first thought to be privacy-infringing, linking it with other information can in fact lead to privacy infringements. There was a very embarrassing instance, where I think it was America On Line released anonymous search results for researchers, and it was soon discovered that with a bit of analysis you could actually identify specific people and specific searches they had made. So it turned out not to be sufficiently anonymous and not sufficiently private. That does happen. So it is not just about a single breach but, if the people who have their hands on that information can then link it with other information, it can rapidly worsen the situation.
So how do we ensure that, having put such a regime in place, and that this data is being retained, it is in fact not going to fall into the wrong hands? Well, in fact that is a very difficult question. As I said earlier, it is not only external attackers; it is also misuse by internal staff—and, furthermore, by the organisation which, for internally legitimate reasons, have decided are scope-creep: 'We have this on-hand; what else could we use it for?' So all of these are very serious concerns. Of course, you can try and put more wording in that says that certain things can, must, should be done or not be done; but that complicates legislation and is also more fragile and difficult to keep up to date with changes in technology.
Want more? See the full transcript of this hearing.
You may also be interested in Senator Scott Ludlam's speech from yesterday's Matter of Public Importance debate in the Senate about the privacy implications of the National Security proposals.
Image above Copyright Commonwealth of Australia, licensed under a Creative Commons Attribution 3.0 Australia Licence.