There ought also to be heavy penalties and sanctions for the leadership of the police, law enforcement and security agencies when they facilitate or turn a blind eye to, the unlawful gathering of data such as Covid tracing app data.
The Covid pandemic has unprecedented levels of data collection by governments. The movements of Australians, everything from interstate travel to the trip to the local supermarket, are being tracked via the mechanism of apps that each state and territory government has introduced over the past 12 months.
For law enforcement and security agencies, this database is unprecedented and it will be abused by them because frankly, history tells us, when it comes to personal information organisations like police forces, ASIO and the like can’t help themselves. Illegal access and unethical use of personal data are routine among this lot.
As many of us warned last year, the blandishments of governments urging all citizens to cooperate and download the covid apps and travel passes would present a danger unless there are strict protections for the fundamental human right of privacy.
But it seems, and in Western Australia, we have now seen evidence of this, these assurances count for little. What is needed are strong penalties and laws which make it impossible for evidence obtained as a result of accessing covid tracing app data (or any other database for that matter), to be used in legal proceedings.
In Victoria, Police Commissioner Shane Patton revealed this week that his members have tried on three occasions to access covid tracing data but government departments resisted. Concerningly, the State’s Acting Police Minister Danny Pearson thinks it is ok for police to have such autonomy and access serious cases, whatever that means.
In Western Australia, we now know that local police have accessed the SafeWA app, introduced for covid tracing purposes, on three occasions to gather intelligence in criminal investigations. To be fair to WA Premier Mark McGowan his government is legislating to prevent this from occurring again. But it is the attitude of the WA Police Commissioner Chris Dawson which tells us that, as per usual, police and law enforcement types, have a ‘whatever it takes’ attitude to raiding databases of personal information.
Last week, Dawson defended his agency’s actions in accessing personal data from the covid app in two cases (while indicating there had been a third request to him to access data), because the alleged crimes were so serious. Then, and this is the disturbing part, Mr Dawson said: “When I signed up to the app, the terms and conditions said it can be issued for a lawful reason,” and that “police have a duty to investigate crime.”
What also emerged last week was that WA Police refused to accede to a government request not to use the app database for intelligence gathering and, it would appear given the content of the legislation rushed into the WA Parliament last week, that the State’s Crime and Corruption Commission might have sought to do so, or at least have been tempted.
In light of the WA revelations, there was confirmation that police in Victoria and Queensland can also access covid tracing app data. There is a requirement for a warrant to be sought but as we know, the threshold for obtaining one is low.
Then there was the revelation in the latest Inspector-General of Intelligence and Security report (IGIS), released last week which indicated that between November last year and May this year: “While relevant agencies have incidentally collected COVID app data, which the Privacy Act recognises may occur, IGIS had found that there is no evidence to suggest that these agencies have deliberately targeted or have decrypted, accessed, or used such data.” In other words, organisations like ASIO have collected covid data. While it’s benign now, according to IGIS, what is to say it will be so in the future?
Paranoid? No. There are numerous reports of police and security agencies abusing their powers in unlawfully accessing databases containing personal information. In April the ACT Ombudsman reported that the Australian Federal Police had, between 13 October 2015 and 2019 accessed location information over 1700 times, but on only 9 of those occasions did they comply with the law.
In 2017 the AFP admitted illegally accessing the phone records of journalists. In 2019 the ABC revealed New South Wales Police had accessed a database that contains 40 million pieces of information on individuals. In 2015 the Queensland anti-corruption commission revealed serious breaches by that state’s police department of personal information databases. And the list goes on.
Any politician or law enforcement official who suggests there will be no misuse of the billions of pieces of data collected about us courtesy of covid tracing apps is simply fooling us. The abuses of power by police, law enforcement and security agencies in Australia is, as noted above, part of the culture of such organisations and their leadership. It is aided and abetted by governments which, particularly at the federal level, enable such a culture by passing legislation that continually weakens privacy protections.
The 2015 federal data retention law that forces internet and telecoms companies to keep personal data for 2 years is a case in point. Another is the Morrison government’s proposed surveillance legislation which would enable the AFP and the Australian Criminal Intelligence Commission to access a person’s digital data and collect intelligence on the person’s online activities. Would personal covid tracing data be vulnerable to access under this proposed law? Of course. Another example is the Data Availability and Transparency (Consequential Amendments) Bill 2020, currently before the federal parliament, which would enable greater data sharing between governments.
There has been little thinking or reflection by policymakers about the gargantuan amount of data collected by covid tracing apps and other forms of covid information gathering. But there needs to be, given what has happened in Western Australia and the poor track record of respect for privacy on the part of the police, law enforcement and intelligence agencies in Australia.
A good start would be constitutional protection for privacy so that laws which breach that protection are struck down as unconstitutional. The Canadian Charter of Rights and Freedoms, for example, protects privacy from unreasonable searches and seizures. No such protection exists in Australia.
There ought also to be heavy penalties and sanctions for the leadership of the police, law enforcement and security agencies when they facilitate or turn a blind eye to, the unlawful gathering of data such as Covid tracing app data. Just as in occupational health and safety laws, there is a direct liability for leaders of organisations. Evidence laws throughout Australia should also be strengthened so that there is a ban on the admissibility of evidence obtained by illegal accessing of personal data, such as covid tracing profiles.
Australia has a very poor track record in taking privacy seriously and that, along with the cavalier attitude of the police, law enforcement and security agencies and most of their political bosses to breaches of what privacy laws and guidelines exist, will ensure the Covid tracing app data is fertile ground for further undermining of the fundamental human right of privacy which we all have.
Wait for the covid data breach stories to emerge, because unless there is serious law reform and a cultural shift, this will become reality.