Ever since Edward Snowden's first NSA spying revelations, the Australian Signals Directorate (formerly Defence Signals Directorate, DSD hereafter) has been implicated as a complicit 'Five Eyes' partner. The Guardian has today released shocking new information from Snowden showing just how complicit DSD has been.
These latest revelations involve documentation of a 'Five Eyes' information sharing meeting hosted by Britain’s GCHQ at its headquarters in Cheltenham on 22-23 April, 2008. Of all the security agencies involved, the DSD appears to take the least privacy-oriented stance on the kind of information shared, the manner of its sharing, and its oversight obligations. The Guardian summarises the DSD's positions as:
• DSD indicated it could provide material without some privacy restraints imposed by other countries such as Canada
• Medical, legal or religious information 'not automatically limited'
• Concern that intelligence agency could be 'operating outside its legal mandate'
And, most chillingly, from the document itself:
"Given the nascent state of many of these data types then no, or limited, precedents have been set with respect to proportionality or propriety, or whether different legal considerations applies to the 'ownership' of this data compared with the communications data that we were more accustomed to handle."
"It was agreed that the conference should not seek to set any automatic limitations, but any such difficult cases would have to be considered by 'owning' agency on a case-by-case basis."
While the meta-data to be shared could technically be de-identified, the DSD apparently offered to leave data in its raw state. The only caveat was that if, from amongst that data "...a ‘pattern of life’ search detects an Australian then there would be a need to contact DSD and ask them to obtain a ministerial warrant to continue."
Asking for a warrant after raw data has been handed over is the most laissez-faire oversight condition imaginable.
Geoffrey Robertson QC notes in his opinion piece about these revelations that there was some consideration of disclosing information to "'non-intelligence agencies' without first obtaining a warrant". He argues that this "would be a breach of sections 8 and 12 of the Intelligence Services Act 2001."
If this has indeed occurred, it would seem to constitute possible abuse and overreach of the Act, or, perhaps worse, ignorant or wilful misinterpretation of the Act.
This appears to show not only a disregard for Australians' privacy but, far worse, a disregard for the presumption of innocence and accompanying procedures of legal and parliamentary oversight that are supposed to be the hallmarks of democratic societies.
Senator Scott Ludlam, in a media release today, noted that:
"These documents are five years old: there is an urgent need to establish what practices, if any, govern this indiscriminate data collection on law-abiding Australians.
"The Government can no longer avoid the issues and hide behind platitudes that everything is done in accordance with the law. It is the job of this Parliament to conduct a full inquiry, as is happening in many other countries around the world."
Electronic Frontiers Australia (EFA) is one of over 300 civil rights organisations and over 40 highly respected individuals who are co-signatories to the "International Principles on the Application of Human Rights to Communications Surveillance."
The 13 Principles set out for the first time an evaluative framework for assessing surveillance practices in the context of international human rights obligations. When the principles were released, EFA called for the Australian government to follow them.
Today, more than ever, Australians deserve, and must demand, an inquiry into surveillance oversight protections.
Further, EFA believes that this should be coupled with a significant overhaul of Australians' digital rights in general.
Since Australia does not have right to protection from warrantless search and seizure, EFA believes that Australians should have a broad general right to informational self-determination -- personal data control -- that should be used to underpin all legislation and procedures that deal with personal information.
The proposal for a statutory cause of action for serious invasions of privacy is a start, so long as it provides protections against government national security interests as well as others. However, Australian legislation is often drafted with national security 'escape clauses' that limit oversight. For example, the unpassed Privacy Amendment (Privacy Alerts) Bill 2013, which was intended to force institutions to notify users when their data had been deliberately or inadvertently revealed, provided two 'rubber-stamp' processes for law-enforcement and national security to avoid providing notifications.
EFA believes that the time for this kind of 'national security escape clause' is over. While EFA appreciates the position of government not to compromise its security services, there is no reason that good security can not go hand in hand with effective and meaningful oversight. Indeed, Australians might sleep better knowing that their civil liberties were being taken as seriously as 'national security' matters. It is of course those very civil liberties that our security services were created to protect.