At the end of August, the Australian Parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 granting the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC) extensive new powers.
Senator Lidia Thorpe, the Australian Greens spokesperson for Justice, said the bill enables both law enforcement agencies to be “judge, jury, and executioner”, adding there’s no explanation as to why these powers are necessary. She also highlighted that allies like Canada, New Zealand, the UK and US don’t grant their own law enforcement these rights.
With this bill being brought into law with cross-party support, is Australia moving closer to being a surveillance state?
All eyes on Australia
The bill takes surveillance of Australian citizens to the next level, says Ljiljana Brankovic, a professor at the faculty of Engineering and Built Environment at the University of Newcastle. She says that Australian citizens can now have their communications listened to, data on their computers altered, added, copied, and deleted, and their social media accounts closed and their identities impersonated.
“Initially, it was alleged that this bill would only apply to terrorism, paedophile rings and drug trafficking; however, it’s applicable to all serious crimes, that is, crimes for which the maximum penalty is at least 3 years,” she explains.
One of Brankovic’s concerns is that data disruption and network activity warrants can be issued by a nominated Administrative Appeals Tribunal (AAT) member instead of a judge or magistrate.She says that where it’s impractical to prepare a sworn affidavit specifying the grounds of the warrant and how it would assist in preventing the offence, it’s possible to obtain one without it, and submit it retroactively within 72 hours. Also, if applying for a warrant isn’t practical, an emergency authorisation may be issued.
Another concern is that there are provisions for offences that “are likely to be committed”, says Brankovic. “Preventing a deadly terrorist attack is one thing but seizing data on one’s computer because they are deemed to be likely to evade tax in the future is a quite different thing; it’s up to a nominated Administrative Appeals Tribunal (AAT) member to decide which to approve,” she says.
Brankovic underlines that warrants could also lead to a breach of privacy of a suspect’s associates who use the same computer or communicate with the suspect online.
She says it appears the cost of privacy breaches will be borne by the victims rather than the AFP or ACIC, noting that this can be quite high.
Hybrid cloud for video surveillance
What it is and why you'll want one
The bill had bipartisan support with dissenting voices few and far between, says Brankovic highlighting that this is not out of character for the country. She points out that Austrlalia does not have a national Bill of Rights and that it has introduced 92 counter-terrorism laws since 2001.
Through these new powers, once police want to check someone’s information, there is no way to protect their privacy other than not posting this information on the internet, says James Kang, a lecturer in computing and security at Edith Cowan University.
He says that although cyber crime can be disrupted, forcing criminals to find other ways to carry out their activities, the biggest concern in terms of security is if police data systems are compromised, giving hackers access to data harvested through the legislation. To avoid this, the police should implement hardened security measures to protect the information, he says.
Kang adds that it’s debatable if there is a need for the bill, as it gives police powers to improve public safety, but privacy can be compromised. He explains that to counteract terrorism or crimes, police will need the ability to access data quickly as the crime is now becoming more difficult to detect and prevent.
“In my personal opinion, yes it’s required. However it should be thoroughly audited and managed not to misuse the power by police,” he says.
If you want to keep a secret, you must also hide it from yourself
Every increase in state surveillance has a democratic cost, and we must not underestimate the extent of that cost, according to Kieran Pender, a senior lawyer at the Human Rights Law Centre (HRLC). Pender says surveillance powers intrude on people’s privacy and have a chilling effect on the exercise of political rights.
Pender believes the powers in the law should have been narrowed to what is strictly necessary and subject to robust safeguards, which is why the Parliamentary Joint Committee on Intelligence and Security unanimously recommended significant changes to the bill.
“It’s alarming that, instead of accepting the committee’s recommendations and allowing time for scrutiny of subsequent amendments, the Morrison government rushed these laws through parliament in less than 24 hours,” says Pender.
He adds that the government has consistently failed to ensure robust safeguards to minimise the adverse impact of new surveillance powers, and the bill continues this “deeply troubling trend”. Although he welcomes the safeguards for journalists and whistleblowers, which were only added after the bill was reviewed, Pender says it highlights the lack of wider entrenched safeguards for press freedom and free speech in Australia.
“By enacting wide-ranging surveillance and secrecy laws in the absence of federal human rights laws, successive governments have put the cart before the horse. Australians urgently need protections for fundamental human rights like a Charter of Human Rights,” he explains.
Building the apparatus of control
The bill brings Australia a step closer to becoming a surveillance state, says Raman Jit Singh Chima, senior international counsel and Asia Pacific policy director at Access Now. Chima believes it amplifies the government’s powers without adequate limitations, undermines encryption, and endangers human rights.
“It imperils citizens’ digital privacy and security by conferring unprecedented hacking powers on law enforcement agencies,” he says. “Any device, online network or account, including social media profiles, used by people in Australia, is now vulnerable to hacking by authorities without any meaningful limitations and safeguards.”
Chima doesn’t think the hacking bill should have been passed as it enables surveillance overreach, puts people’s digital privacy and security at risk, and further strengthens the government’s already problematic surveillance powers, which he says need to be restricted and not enhanced.
It’s concerning, he adds, because it’s part of a larger apparatus of laws authorising expansive surveillance that are on the rise in the country, including the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (TOLA). Chima underlines that TOLA has previously been criticised for its adverse impact on privacy, security, and freedom of expression.
“The hacking bill, alongside TOLA, would make it unreasonably difficult to implement end-to-end encryption in Australia, which is important, not only for protecting privacy, free expression, and other human rights, but also for bulwarking the economy, preserving democracy, and ensuring national security,” he says.
Chima says the review of the bill showed lawmakers are increasingly aware of the significant, unchecked powers that Australian police and executive actors are demanding. This concern, however, has only so far manifested in efforts to make minor fixes or cuts to proposals, instead of taking on the wider review and reform of the country’s surveillance ecosystem that’s drastically required.
The only way to ensure long-term safety, says Chima, is for the public to push back against the implementation of the bill and demand TOLA be repealed, or at the very least demand amendments to implement meaningful limitations and safeguards. These include independent judicial oversight and adherence with the principles of necessity and proportionality.
“Australians have to stand up to ensure their lawmakers prioritise a comprehensive review and amendment of Australian surveillance law, including stricter controls and improved human rights protections,” says Chima.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.