Parliamentary Joint Committee on ASIO
CANBERRA ACT 2600
Via Email: [email protected]
EFA submission to Joint Parliamentary Committee on ASIO
Further to the invitation to comment upon the review of the Australian Security Intelligence Organisation Legislation Amendment Bill 1999, I make the following submission on behalf of Electronic Frontiers Australia Inc.
Electronic Frontiers Australia Inc. is a non-profit national organisation formed to protect and promote the civil liberties of users and operators of computer based communications systems. EFA was formed in January 1994 and incorporated under South Australian law in May 1994. This submission is made with the authority of the Board of EFA.
EFA wishes to express the concern that the Bill goes beyond bringing ASIO powers up-to-date, and in fact extends the powers of the agency and its Director-General in new and significant ways.
While keeping law-enforcement and intelligence-gathering agencies relevant to the digital age is a worthy aspiration, it should be remembered that computer technology also has the capacity to monitor individuals and damage an individual's reputation in ways not possible in times past. It is important that the use of technology be restrained by reference to rights of privacy guaranteed under the UN Declaration of Human Rights and traditional review of the actions of the Executive by the Courts.
In his second reading speech the Minister acknowledged the need to ‘balance between the rights of individual persons and the preservation of national security’. He said the Bill did not aim to ‘extend ASIO’s functions but simply will enable the organisation to meet its statutory responsibilities in more efficient and effective ways’.
EFA believes that while the Bill may improve efficiency, for example by replacing human surveillance with electronic surveillance, it will not do simply that. Overall the Bill provides for a significant increase in ASIO’s powers, and a corresponding decrease in the rights of Australians. The balance between individual rights and the security concerns of the state is shifted in favour of the latter.
There does not appear to be any change in the external circumstances to warrant this, nor any explanation from the government (apart from a reference to attacks on US facilities in East Africa!) as to why the individual rights of Australians should be further eroded.
The following matters give rise to particular concern that the availability of computer technology has given rise to a ‘wish list’ of ASIO powers, without adequate public scrutiny as to whether the powers are warranted.
Concealment. Schedule 1, Item 16
The new section 25 (5)(c) authorises ASIO to ‘conceal the fact that any thing has been done under this warrant’. This includes concealing the fact that data (defined in the Bill as including both information and computer programs) has been added, deleted, or altered. This goes beyond mere eavesdropping on communication, as is done in telephone tapping, to authorise the covert insertion of material on to a citizen’s computer.
This creates a risk to business. Small data changes can have extreme and unforseen effects. ‘Non-destructive’ crackers who don’t do any damage except for logfile changes to cover their tracks can still force tens of thousands of dollars worth of labour costs and downtime, since clean installations and auditing of all backups can be a mammoth undertaking.
When ASIO, or anyone else for that matter, is authorised to hack into computer systems, there is always the possibility of accidental damage to the software or data on the citizen’s computer. While Section 25(6) prohibits interference with or obstruction of the lawful use of the computer, how is this to be detected if the damage, whether accidental or deliberate, was done covertly? Should any citizen whose computer mysteriously malfunctions (and this is not an uncommon event) immediately suspect ASIO, or just blame Microsoft as usual? Assuming that the citizen did detect some kind of deliberate interference (rather than yet another mysterious glitch) how would he or she prove that it was ASIO?
A related issue is the possibility of the deliberate ‘planting’ of evidence. Once ASIO officers are authorised to covertly interfere with computers, the danger is that a future Minister or Director General may find it convenient for compromising material to appear on the computer of an opponent. Even assuming the complete probity and honesty of the Minister and the Director General, the danger remains that an enthusiastic ASIO officer may be tempted to the electronic equivalent of the old police tactic of ‘planting a brick’.
EFA submits that ASIO should have no power to alter or add data to a computer.
In Holland a similar act requires three Ministers to sign a warrant. This Bill authorises one Minister to issue a warrant and extends to the Director General the power to grant emergency 24 hour warrants. These warrants are no longer confined to listening device warrants, but are extended to all warrants, including tracking device and search warrants.
EFA submits that warrants should require the signature of three Ministers, one of whom should be the Attorney-General, and that there should be no power for the Director General to grant emergency warrants.
Tracking. Schedule 1, item 23
The Minister may authorise ASIO to use tracking devices for up to 6 months.
EFA submits that the use of tracking devices be limited to 7 days, as is currently the case with search warrants.
Power to Enter Premises. Schedule 1, item 22
Item 22 proposes the addition of Section 6A giving almost open ended power to enter premises to remove a listening device, and to use reasonable force. This is no longer restricted to the period when the warrant is in force, but within 28 days of the warrant expiring, or, failing that, at the earliest reasonable time thereafter.
EFA submits that the power to enter premises remains restricted to the period when the warrant is in force.
Basis for warrants. Schedule 1, Item 16 (s25(2))
The test to be satisfied by ASIO in order to obtain a warrant has been re-worded, and significantly widened. In the existing Act the Minister may issue a search warrant following a request from the Director General and after being satisfied that there is material without access to which the collection of intelligence by ASIO ‘would be seriously impaired.’
The Bill applies a different test, where the Minister merely has to be satisfied that there are ‘reasonable grounds for believing’ that the warrant will ‘substantially assist’ in the collection of intelligece in respect of a matter ‘that is important in relation to security’.
EFA submits that the proposed changes to Section 25 should be subject to further parliamentary scrutiny, with ASIO to be required to justify the new powers. The Parliament may well consider that protections for the computer-using public are not adequate, and that Government agents hacking into private computers represents a new form of Government intrusion that requires detailed guidelines, checks and balances.
Duration of warrants. Schedule 1, item 16
The maximum duration of a search warrant has been extended from 7 to 28 days and an 'activation period' of up to 28 days provided after the grant.
EFA submits that the maximum duration should remain at 7 days.
Tax and Financial Information. Schedule 4 and Schedule 6
The extremely broad nature of this legislation appears to open taxation records to a whole new class of people. At present AUSTRAC information can be released only to taxation, federal police, National Crime Authority and Customs officers.
ASIO’s responsibilities are defined so broadly, and its activities can be carried out so covertly that this gives ASIO virtually carte blanche access to tax information.
EFA is concerned that Parliament may have been asked to take “on trust” that ASIO and its Director General will not abuse these new, sweeping powers over private computers. While a trust in the agencies of a democracy is appropriate, history and the experience of other countries have established that rogue intelligence-gathering agencies are uniquely placed to fabricate evidence, blackmail officials and engage in individual espionage. Only an extra-agency review of these powers can provide safeguards against the possibility of ASIO abusing the powers for the Government of the day, for the agency or an agent’s personal purposes.
Electronic Frontiers Australia