A few months ago, the federal government quietly began to clear a direct path between your private digital data and law enforcement agents. For the sake of your privacy, it’s time to wake up and pay attention.
The Telecommunications Legislation Amendment (International Production Orders) Bill, introduced in March, essentially allows Australian law enforcement agencies to go straight to foreign communications providers, such as Facebook and Microsoft, and access your private data.
Today, ASIO and others can’t do that. They request access through the governments of the nations where relevant communications companies reside. These government-to-government co-operative arrangements create lengthy delays in gathering evidence. The new bill proposes speeding this up via a framework for Australia to make agreements with other countries — initially Britain and the US. Through these agreements, our security agencies will be able to go straight to the source of the electronic communications and metadata held overseas using “international production orders”.
The operational case for shifting to an agreement-based model is persuasive but, as with most national security laws, the devil is in the detail.
The personal and business communications of most Australians are stored by US-based providers. This includes our postings on private Facebook or Twitter accounts, messages we send through WhatsApp, and cloud storage platforms where we save our files. Many of us communicate and store highly sensitive information using these digital platforms, including private communication with family and friends, health data, and confidential correspondence with our lawyers. Journalists and their sources, including whistleblowers, also commonly communicate through these means. All such information could be accessed under the new scheme.
This is not, in and of itself, necessarily cause for alarm. Most of us appreciate the role our security agencies play in keeping us safe. We accept that we are sometimes asked to relinquish aspects of our digital privacy. And most of us acknowledge the need for agencies’ powers to keep pace with evolving threats in the digital environment — from terrorism and foreign interference to organised crime and child exploitation.
The problem with the international production orders bill as it stands is that it offers very few of the safeguards that exist in comparable nations.
For example, in the US and Britain, production orders must be issued by a judge, providing a crucial independent layer of legal oversight between law enforcement agents and private data. Under our proposed laws, no such requirement exists. Instead, ordinary members of the Administrative Appeals Tribunal, who have been admitted as lawyers for just five years, will be able to sign off on agents’ requests for IPOs.
Unlike in Britain, the Australian bill requires no specific approval for legally privileged or journalists’ information. Nor is there any ability for communications providers to notify the people whose data is proposed to be accessed, where possible, so that they can raise claims of privilege.
The bill also creates major question marks on human rights. In the US, one of the conditions to making agreements is that the attorney-general must certify that a proposed agreement would comply with core human rights obligations. No such condition would exist under our bill.
So, if Australia wants to obtain information in countries with mixed human rights records, under this framework our communications providers would, in turn, be obliged to hand over private content to those countries’ law enforcement agencies. In the case of many nations this could foreseeably be used for a range of purposes that infringe human rights, such as the prosecution of crimes with the death penalty or prosecuting children as adults.
Of significant concern is the lack of parliamentary scrutiny in the making of an agreement under this bill. The amendment of an agreement later has even less scrutiny, so parliament might approve an agreement that includes specific protection for human rights but those protections might later be removed by a revision to the agreement that need not come back to parliament.
Although the bill allows the government discretion in negotiating the terms of individual agreements, a much more fair and rigorous approach would be to legislatively guarantee uniform minimum human rights compliance standards for all agreements.
It should be cause for alarm that the Inspector-General of Intelligence and Security, Margaret Stone, told a parliamentary committee the powers in the bill could lead to “cruel and inhuman punishment”.
The good news is that the problems in this bill are fairly easily rectified. As other jurisdictions already have most of the necessary safeguards in place, replicating them should be relatively straightforward.
The bill is under review by the powerful parliamentary joint committee on intelligence and security. It is due to report on June 26. When it does, parliament must insist on additional safeguards.
There is no justification for Australian citizens to accept fewer privacy rights and guarantees regarding our human rights than our counterparts in the US and Britain.