Corporate Australia

A look into Corporate fraud in Australia, Stranglehold of Monopolies, Telecom's Oppression, Biased Law System, Corporate influence in politics, Industrial Relations disadvantaging workers, Outsourcing Australian Jobs, Offshore Banking, Petrochemical company domination, Invisibly Visible. It's not what you see, it's what goes on behind the scenes. Australia, the warrantless colony. Note: Site has more info in desktop mode or 'web version' as seen at bottom of page, when on smartphone.

06 December 2024

Corrupt Government REDACTS FOI on the Batch testing for the Pfizer/BioNTech vaccine

People in power will tell you this: “Nothing to hide, nothing to fear”, right?

So, let's have the password to your email, or code for your phone since you have "nothing to hide", no?

Sydney Criminal Lawyers will tell you of The Fallacy of 'You Have Nothing to Fear if You Have Nothing to Hide'.

Privacy is something valued by all of us, at least to some degree. Arriving home at the end of the day, it’s important to know that what goes on behind closed doors is not being monitored by authorities or some other party.

Equally, we may not want all of our personal communications with friends, partners and family members to be available without proper justification by some government employee, or our intimate images to be accessible to others without our consent.

In the 1949 novel Nineteen Eighty-Four, George Orwell imagined a dystopian future where telescreens monitoring citizens in both the public and private realms were ubiquitous. And while this idea might send shivers down the spine, the reality is that it’s not far from the truth in 2018.

Indeed, authoritarian leaders of days past could only have dreamed about having access to information as private and pervasive as metadata and the vast amounts of personal information contained in our mobile phones and other devices.

The use of CCTV cameras in public places has been well-established in this country for decades now. And soon, these cameras are set to be linked to a national database containing all Australian driver licence and passport photos, enabling almost-instantaneous biometric matching.

The 2013 Snowden leaks revealed just how far-reaching government digital surveillance has become, along with its deep encroachment upon people’s privacy. The documents revealed that the NSA, along with other Five Eyes nations, were involved in colossal global surveillance programs on their own people.

It doesn’t bother me

Many in the community simply shrug off the ever-increasing whittling away of the basic right to privacy, as it’s supposedly being carried out in the name of protecting us against terrorists. “If you’ve got nothing to hide,” they assert, “then you’ve got nothing to fear.”

But these people may want to think again, as the removal of a basic right is incremental, and, once it’s gone, the legislation and policies that withdrew it can be very hard to knock down.

Distorting the discussion

Chair of the Electronic Frontiers Australia policy team Angus Murray said the nothing to hide argument is a “fundamentally dangerous” proposition, as it creates the premise that “privacy is only invoked where criminals are involved.”

“Unfortunately, the nothing to hide rhetoric has created a situation where this fundamental right has been somewhat distorted,” Mr Murray told Sydney Criminal Lawyers®.

According to him, the starting point to the argument should not be grounded in “criminality or the criminal justice system,” but “rather it should be about a fundamental human right not to be subject to arbitrary interference in private life.”

“This is particularly pervasive in the context of mass surveillance,” he continued, “wherein law-abiding citizens have their private life, often unknowingly, interfered with on the pretence that this is in their best interest, or more correctly, it’s not in their worst interest.”

And the digital rights advocate should know. Electronic Frontiers Australia has been at the frontline of monitoring the encroachment upon the rights of Australians in the digital environment since 1994.

The Australian right to privacy

Article 17 of the International Covenant on Civil and Political Rights enshrines the right to privacy in international law. Being a signatory to the agreement, Australia has committed to uphold the rights contained in the document at the international level.

But, at the domestic level, Australia doesn’t have a bill guaranteeing citizens’ basic rights under the law, and therefore there is no general recognition of privacy being a fundamental right. Indeed, Australia is the only democratic nation in the world without a national bill of rights.

The federal Privacy Act 1988 is the principle piece of legislation protecting Australians’ personal information, although, it’s long been criticised for providing inadequate protections against data breaches.

The Office of the Australian Information Commissioner is the body responsible for enforcing the provisions of the Act. It announced last month that the federal Department of Health had breached privacy laws after it published de-identified health records of 2.5 million Australians online.

It was subsequently found the data could be re-identified. And the commissioner made the announcement a year and a half on.

Your life’s in a databank at ASIO

The federal Coalition government has been implementing policies that have grave implications for citizens’ privacy. Its mandatory data retention regime, which requires all telcos and ISPs to store their customers’ metadata for the period of two years, came into effect on October 13 2015.

The metadata that is stored relates to the time and date of calls, emails, text messages and internet sessions. It reveals who an individual has been in contact with, and their location at the time. And privacy experts warn that a lot can be ascertained about a person via this information.

Currently, warrantless access to this data is reserved to 21 law enforcement agencies led by ASIO.

Mass surveillance

On October 5 last year, all state and territory leaders signed off on the Turnbull government’s National Facial Biometric Matching Capability, which is a database that will store all Australians’ drivers licence and passport photos.

This mass hoarding of most of the population’s images will then be linked up through an exchange, so that it can be instantaneously macheted to identify people captured on CCTV cameras in public places.

The legislation to enact this system was introduced into parliament last month, and is currently under the review of the joint parliamentary committee on intelligence and security. When the program was announced, the prime minister claimed it had nothing to do with mass surveillance.

And in July last year, Turnbull said his government was proposing new laws that would require social media and technology companies, such as Facebook and Google, to allow Australian security agencies access to people’s encrypted messages.

Staring into the sun

Those who simply scoff at this encroachment upon our privacy, declaring that they have nothing to hide, are missing the point. If you mine any individual’s data in a thorough way, it’s sure that you’ll find something that looks suspect.

The deniers are similar to climate change sceptics. Long-term changes to weather are almost imperceptible on a daily basis, just like the erosion of the right to privacy, so the benefits of new technologies are easy to utilise, whilst refraining to consider the detrimental impact they’re having.

Equating privacy with guilt

“Too many wrongly characterize the debate as security versus privacy,” US computer security expert Bruce Schneier explained. “The real choice is liberty versus control.” And with a network of CCTV cameras linked to facial recognition technology, the ability of authorities to control will be overwhelming.

As far as Murray is concerned, the nothing to hide argument sets off the debate around privacy on “an ill-founded footing,” as those who are most vocal about the need for the right to privacy to be upheld are somehow cast as suspects.

“A person does not require something to hide to care about their privacy and the burden should not be reversed onto citizens to demonstrate that they have nothing to hide,” Mr Murray concluded.

“This should be a matter for law enforcement in the course of lawfully obtaining a judicial warrant.”

In any event you can read the heavily redacted document that Australian taxpayers paid for:

03 December 2024

Australia’s new mass surveillance mandate

The Australian government has new laws on the books to hack your computer, your online accounts, and just about any piece of technology and networks you come into contact with. It can happen without a warrant and without you ever knowing. That’s just the start of it. Outraged? Good.

Earlier in August, the Parliamentary Joint Committee on Intelligence and Security (PJCIS) released a report on the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 recommending it be passed with significant changes. Most notably, they recommended narrowing the scope of the new powers introduced by the bill, by limiting the criteria for issuing new warrants, requiring approval from a superior court judge and calling for stronger oversight and review mechanisms.

The bill was passed just over a week later by both houses. Needless to say, most of the recommendations of the PJCIS report have gone ignored, similarly to the concerns previously raised by us, Human Rights Law Center and several others. So let’s dive right in and take a closer look at the powers the legislation will grant to law enforcement. The three big powers given to the Australian Federal Police (AFP) or the Australian Criminal Intelligence Commission (ACIC) are:

Data Disruption Warrants
Account Takeover Warrants
Network Activity Warrants

A DATA DISRUPTION WARRANT enables the agencies to “add, copy, delete or alter” data on devices. And while it’s called a warrant, there is an emergency authorisation process for cases when it is “not practicable” to get a warrant. So a data disruption “warrant” can be issued under something referred to as an emergency authorisation; a new power which the PJCIS insisted in their report should be reserved for a superior court judge. This was ignored and so emergency authorisations remain — which means that Australia now has a warrantless surveillance regime on the books.

A couple of additional notes on data disruption “warrants” is that they: can be issued on devices even if the individual’s identity is not known, if the device is “likely connected” to a suspected offence, or if the information could “assist” in an investigation. It should also be noted that in the final text an emergency authorisation can also be used to simply get “access to data held in a computer.” To do this, the final text allows them to use a computer, a telecommunications facility, any other electronic equipment or a data storage device.

AN ACCOUNT TAKEOVER WARRANT enables the law enforcement agencies to take control of an account, and even lock the account holder out of it. This can be done covertly and without consent, so the individual wouldn’t necessarily know what is going on until or if they are ever charged. It includes removing two-factor authentication and using one account to gain access to others (directly contradicting cyber security best practices for staying safe and secure online). The warrant is applicable for a maximum of 90 days (though extensions are possible) — so that is the length of time a law enforcement officer can impersonate you or use your accounts to monitor your activity and gather information. The emergency authorisation, overseen by a magistrate, is also available under this power.

NETWORK ACTIVITY WARRANTS allow access to networks where there is suspicion of serious online offences, although what qualifies as “serious” has a variety of definitions in the legislation. The desire to “overcome security features like encryption” on this scale should have us all extremely concerned. In their submission to the PJCIS, the Human Rights Law Centre raised alarm at the definitions used under this power, which are so dangerously overbroad they would enable widespread surveillance across social media and messaging platforms. Yes, that means if someone is suspected of using Whatsapp (for instance) for criminal purposes, the power would allow the AFP and ACIC access to all of Whatsapp. They are subject to the same secrecy and time limitation (90 days with a possible extension) as account takeover warrants. Unlike the other powers, evidence gathered this way cannot be used in court, but it can inform further warrants and inform officials where to look — this warrant allows for mass network surveillance.

And we can also note that while there are some restrictions on the extraterritorial application of these warrants, mostly that a consenting official from another country is required in order to proceed with such an investigation, the judge is allowed to authorize network activity warrants for other jurisdictions if the location of the data is unknown or cannot be reasonably determined.

The PJCIS report also insisted on increased powers of reporting for the Independent National Security Legislation Monitor (INSLM). In fact, setting the egregious scope of these new warrants aside for a moment, there are fundamental shifts that happen in these laws about how surveillance power is distributed and overseen in Australia. The distinction between a superior court and the Administrative Appeals Tribunal (AAT) is huge, and most of TOLA is now subject to the oversight of the AAT (see below section on ‘context’ for more information). All these bodies are equipped and resourced in completely different ways. The rules of evidence are different, just as the decision-makers are different; only recently there was a scandal that Christian Porter was appointing underqualified people to the AAT. The INSLM can in fact provide independence in their review, but it is not immune from politics, and reports from the office can certainly be completely ignored at the discretion of the government.

In the final text of Identify and Disrupt, the AAT is given a massive task when evaluating the merits of any application. Among countless other things, it is up to them to determine whether:

There may be any privacy implications “to the extent known.”
The execution of the warrant is likely to cause a person to “suffer a temporary loss of: money, digital currency, or property (other than data).”
The public interest outweighs the importance of protecting a journalist and/or their sources.
There are alternative ways to access the data or otherwise proceed with the investigation.

On the last point, it is not the responsibility of the officers to present that to the tribunal members, just as it is not up to them to run a full privacy impact assessment, or consult software developers or engineers before compromising a piece of equipment. Ultimately, the tribunal members of the AAT who are overseeing these overbroad hacking powers are expected to have a level of technical expertise which many actual subject experts, let alone judges, would struggle to be certain of.

One of the recommendations by the PJCIS was to introduce a public interest advocate in the decisions regarding these warrants, which was also ignored across the board. A public interest candidate is someone who would argue on behalf of the affected individual in the room where right now only a police officer and a judge get to play judge and jury. The PJCIS foresaw using this only in certain instances, but we have suggested a similar mechanism for other surveillance operations. As it stands, the Australian government remains uninterested in allowing individuals to defend their rights: there is no one to argue on your behalf, and there is never any notification to the individual (even after the fact) so you will never know if you were subject to any of these powers.

The context of Australia’s expanding surveillance regime

There was an international uproar when the Australian government passed the Assistance and Access Act, also known as TOLA. Introduced in 2018, it contains some of the broadest powers for law enforcement to intercept and monitor encrypted communications. Its only international parallel is the UK’s equally infamous Investigatory Powers Act, which is under ongoing challenges in the UK Courts over its infringement on privacy — an avenue for challenge that remains unavailable to Australians where the right to privacy continues to be ignored by the federal government (and thus out of reach for such court challenges).

But TOLA, which gave law enforcement and intelligence agencies the power to infiltrate and compromise encrypted communication channels, has been deemed to be not quite enough. It should be said that TOLA remains under review for its incompatibility with human rights and the right to privacy and freedom of expression, and is still waiting for amendments as suggested by the Independent National Security Legislation Monitor (INSLM) in June 2020. In spite of that, the Australian government went on to add two new pieces of legislation to expand its mass surveillance mandate:

International Productions Order (IPO) Bill — even though it passed in Australia, the powers will need to be approved by the US Congress before taking effect.
Identify and Disrupt Bill.

We can refer to both now as acts because — in what is an increasing trend in the Australian Parliament — the bills flew through both houses in a single day.

The Identify and Disrupt Act grapples with the same issue that TOLA did — the need for law enforcement to see and intercept what we do online. However, Identify and Disrupt goes much further and where it was not completely true to call TOLA an attempt at mass surveillance, Identify and Disrupt now provides that capability and overreach for both AFP and ACIC.

In the INSLM report on TOLA, Dr James Renwick, who was serving as the INSLM at the time, recommended that the powers under TOLA be extended to a federal level Independent Commission Against Corruption (ICAC) — this was a calculated decision to pressure politicians to consider what this power means when it extends to investigations of corruption at the federal level. Alas, we will continue holding our breath and waiting for the politicians to hold themselves equally accountable to the surveillance regime they’ve built for the rest of us.

Finally, it should be noted that Australia’s electronic surveillance regime will be overhauled in the years ahead following the recommendations of the Richardson Review into the National Intelligence Community, made public last year. So if you are frustrated with the system, gear up and join us for an end to mass surveillance and a fair system in Australia.

What we recommend…

If you want to have a private confidential conversation, and you have thought about the likelihood you may be subject to surveillance, have it in person with no devices around. We know this is a challenge, particularly in COVID times, but especially for groups in climate activism and those attending protests, this is key.
If it is possible, break your work and life across multiple devices, operating systems, and accounts so that it becomes more difficult for you to be thoroughly compromised.
Digital security! Update your passwords regularly (use a password manager), check that you have 2FA enabled wherever possible, and keep an eye out for any suspicious activity (on your account or those of your friends and network). Always call the person or reach out over text/a second channel if you are unsure about a link/attachment/message that was sent to you. Governments are intent on compromising our digital security for their own purposes, so do your best to limit your exposure to the risks they have created for us.
Write to your MPs to voice your concern about the lack of individual’s rights in this legislation. You can use this post to illustrate your concerns. Ask for the legislation to be referred to INSLM for a human rights impact assessment. There will be a 5 year sunset for the powers in this legislation — meaning that they will need to be revisited and reapproved by Parliament. We can turn the tides on this!
Sign the petition! The more signatures, the louder we will echo through the halls of Parliament.
Support our Work! You can become a member of Digital Rights Watch and/or sign up to our updates. This way you will know once there are further actions for you to take! You can also help by donating to support our work, following us on social media, and sharing our work far and wide!

Source:digitalrightswatch.org