The End to Privacy?

Compatibility with Human Rights

 

The main concern raised about the government’s data retention legislation has been in regard to its breach’s of human rights, and in particular the right to privacy. As Australia does not have a constitution, we lack this specified right to privacy. However, this right to privacy has been addressed in the Privacy Act 1988 (Cth) (although with some holes regarding data retention) and the International Covenant on Civil and Political rights.

 

Article 17 of the ICCPR Provides “No on shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.” Interestingly, the Australian Parliament has even acknowledged that these amendments “clearly limit the right to privacy” with their only justification that checks and balances will be put in place (JCHR, Fifteenth Report of the 44th Parliament).

 

Despite this breach of privacy these amendments also impact on the right to freedom of expression and the right to an effective remedy. Many lobby groups have argued that a mass surveillance regime in Australia bucks international trend. Blueprint for Free Speech argued that it does not reflect necessity or proportionality to the investigation and resolution of criminal activity.

 

In fact, there is little evidence from comparative jurisdictions that show such schemes have worked. A 2011 study conducted by the Legal Service of the German Parliament concluded that the mandatory data retention scheme in Germany led to an increase in the number of convictions by only 0.006%. The question then came down to if it was worth the time, money and invasion of privacy (proved by the EU courts), which for Germany it wasn’t, and they subsequently scrapped their data retention laws. 

 

Sensitive Information

 

Many groups have also opposed the range of data the government is forcing to be kept. This data can contain highly sensitive information. Recent research from Standford University showed that when this data is analysed it may create a revealing profile of a person’s life including medical conditions, political and religious views, friends and associations.

 

A case in the European Court of Justice found in its ruling in Digital Rights Ireland Ltd and Karnter Landersregierun Ors v Minister for Communications, Marine and Natural Resources Ors that such data can allow very precise conclusions to be drawn concerning the habits of everyday life, the social relationships and other movements and activities carried out.

 

Even the Attorney General Department highlights that the ‘dataset includes information that is privacy-sensitive’ and agree that they need to store the information in a secure manner. This also raises the question whether the collection of data can be securely stored, which is addressed below.

 

An interesting case study outlining just how sensitive this information can be is from German Politician Malte Spitz. He  sued to have German Teleco giant Deutsche Telekom hand over 6 months of his phone data. This included phone calls, texts, connection to the Internet and geo-location. He created an interactive website, which highlights some of the information gathered, and it shows by putting the information together it can create a vast and comprehensive image of ones identity.  

 

Keeping up with Technology

 

According to Rubenstein 2013, the European Union’s privacy laws have failed to keep pace with technology changes. He highlights that regulatory reform alone is not enough and would need help from other areas to maintain relevant privacy measures (Rubenstein 2013). Thus as the Australian data retention laws are based on the EU system, it also questions Australia’s ability.

 

Keane 2015, highlights the many ways Australians can prevent their data being collected. From deactivating social media, using offshore services like Gmail that aren’t subject to Australian law and using VPNs (Virtual Private Networks) to encrypt and anatomise your web traffic.  So this then begs the question, if Australians can ‘hide’ types of their metadata, what is the use of implementing an expensive and rights limiting legislation?

 

Storage of Data

 

The amendment introduced by the Bill include mandatory data retention for 2 years. Which forces telcos to retain data, so that it can be accessible by the government. However, many industry giants such as Telstra outline that 2 years is far too long for mandatory data retention.

 

A 2001 report from the European Commission revealed that 90% of data accessed under data retention regimes in European counties was six months old or less. That around 73% of data accessed was 3 months old or less. Plus majority of other counties in the EU have the requirement of data to be retained for 6 months to a year. 

 

The need to store data for this lengthy period of time has also introduced issues regarding the financial implications. In a statement made by iiNet, the cost could add $5 more per month to every Internet account, unless the government chooses to fund such a regime. However, where will if the government funds the regime, it also comes out of Australians pockets.  

 

A joint submission by the Australian Mobile Telecommunications Association and Communications Alliance in 2012 saw that the estimated cost for the scheme could be between $100 million for basic data capture and $500-700 million with IP addresses inclused. iiNet has also included an estimate upwards of $400 million. So with a high cost to maintain, questions regarding the breach of human rights and examples proving the little success of global data retention regimes, it questions whether it is all worth it for faster access to Australians data.

 

Security Risks

With sensitive information now in the hands of the Australian government, comes the question of how will they ensure that this information is not accessed by unauthorised parties. The vast amount of data stored would prove an appealing target for hackers all around the world – creating a risk of information and identity theft in the event that the storage of the data is breached. For example, more than 1.6 billion usernames and password combinations had been stolen by a Russian crime gang in a major security breach of the US security firm Hold Security. This is just one example of many instances where hacker have obtain sensitive information. 

 

Interestingly, even ASIO’s security has been breached, as they had the plans to their new $700 million headquarters stolen allegedly by Chinese intelligence agents (of which the building is still sitting empty). Therefore, it can leave many Australian citizens vulnerable as ASIO have access to this sensitive information and they can even be hacked themselves.

 

Additionally, unlike normal government bureaucracies, ASIO as an intelligence agency has minimal public oversight or accountability and can use national security as a justification to resist media scrutiny. This lack of oversight measures, and access to such sensitive data can mean that corruption and criminal activity are far less likely to come to light than normal government agencies. Plus former whistleblowers such as Edward Snowden, show just how detrimental leaks of confidential information can be to a government.