Sep 2, 2021 00:42 UTC
Jun 27, 2023 at 22:29 UTC
Australia passes the Draconian ‘Surveillance Bill’
The post-Internet age has seen a clash between the Privacy of Individual against the Orwellian predilections of the State. With an increased concern of unfettered surveillance and invasion into the private lives of individuals, there has been a strong call to insulate one’s online private affairs against such encroachment. While many jurisdictions across the world have declared one’s privacy as their fundamental rights and have legislations (such as GDPR) in place, the increasing fascination of the Governments across the globe to peep into and control the private life of its citizens seems to be the latest fetish. With the privacy-surveillance issue gathering significant momentum and engulfing the world as a major global issue (just behind Climate change), a problematic trend is seen to evolve across jurisdictions, where states are making legislative efforts to invade the private lives of their citizens. In this light, The Australia Parliament, has unfortunately, sunken to a new low when it rushed the draconian Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 through both the Houses, and passed the law within less than 24 hours on 25 August, 2021.
The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 seeks to amend a whole catena of Australian laws, predominantly, the Surveillance Devices Act, 2004, Telecommunications (Interception and Access) Act 1979 and Crimes Act, 1914 to accommodate invasive powers to Police and Enforcement agencies against citizens.
Other Acts amended are:
- Public Interest Disclosure Act 2013
- Australian Crime Commission Act 2002
- Privacy Act 1988
- Ombudsman Act 1976
- Law Enforcement Integrity Commissioner Act 2006
- Inspector-General of Intelligence and Security Act 1986
- Australian Information Commissioner Act 2010
- Australian Human Rights Commission Act 1986
- Australian Federal Police Act 1979
The legislation does away with any requirement of judicial scrutiny or oversight of the Police action into any investigation into a crime involving computer devices. The new law will allow the Police forces unfettered powers to hack into anyone’s device, collect or delete personal data on anyone’s device, take over one’s social media accounts and such other supplementary actions, all without a judge’s warrant.
Three new powers have been added within the arsenal of the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC) to clamp down on citizens in the name of prevention of cyber crimes and investigation, namely:
- Data Disruption warrant: It gives the Police the ability to ‘disrupt data’. The Australian Police authorities are now empowered by Section 27KE to modify, copy, add or delete data (including private data) within the computer devices and networking websites of anyone. No consent of the owner of the device or website shall be required for this purpose. But the most outrageous part is that the Police is allowed to intercept and modify the communications between users and even change their account credentials. And such unethical exercises have now the approved sanction of the established law of the country. ( It must be noted that there is no safeguard or judicial oversight in place in case such blanket power be used to implant incriminating evidence against users by the Police and government authorities. India recently saw its government agencies plant incriminating evidence against its vocal critics in the case of Bhima Koregaon to falsely frame them in a conspiracy to assassinate their Prime Minister. In the absence of any safeguards, through this new legislation, Australian government can do enjoy such implantation exercises with more or less complete legal impunity.)
- Network activity warrant: The warrant on being issued allows the police to collect intelligence input from devices and networks that are used, or likely to be used, by persons against whom such a warrant is issued. These persons need not have an earlier track-record of any criminal activity.
- Account takeover warrant: The amendment adds Part IAAC to the Crimes Act, 1914 which deals with Account takeover warrants. Such warrant allows the police to confiscate and take control of one or more online accounts (including social media accounts) of anyone for the purpose of gathering information for any investigation.
All these warrants can be issued by any nominated member of the Administrative Appeals Tribunal (AAT) and does away with the mandatory requirement of a Judge’s warrant. On issuance of such warrants by the Administrative Appeals Tribunal, the companies, publishers, intermediaries etc must comply with the Police authorities to collect, modify or delete such user data, be it on the network or on user’s personal devices. Section 64B lays down that failure of such entities or persons to comply with the Police can lead up to 10 years of imprisonment or 600 penalty units.
There is no requirement for bare minimum grounds or concrete evidence in place before an officer of the AFP or the ACC can call for such warrants. Section 27KA added to the Surveillance Devices Act, 2004 stipulates that mere suspicion on part of the officer shall fulfill the requirement. Also, it is not necessary that the individual whose device they seek to intrude upon, must be within their circle of suspicion. If the officer suspects that any data on such individual’s computer device can potentially be used for commission of a crime by anyone, that alone shall be a valid ground to proceed against such persons and their devices.
The law explicitly authorizes the enforcement agencies to conceal their footprints when they access and tamper with the private data of users. An individual may never know that he is being monitored, his data and device been tampered, modified and deleted by enforcement agencies. Such maneuvers can be (and experience has taught us, that they surely will) be used by enforcement agencies to clamp down on civil rights activists and dissenting voices. Provisions such as Section 27KE(9) empower the enforcement agencies to infiltrate the computer resource and access any incriminating evidence, articles, photographs, videos, etc which can threaten exposure of any state malpractices, corruption or sponsored atrocities. The provision reads:
“If any thing has been done in relation to a computer under:
(a) a data disruption warrant; or
(b) this subsection;
then, in addition to the things specified in the warrant, the warrant authorises the doing of any of the following:
(c) any thing reasonably necessary to conceal the fact that any thing has been done under the warrant or under this subsection;
(d) entering any premises where the computer is reasonably believed to be, for the purposes of doing the things mentioned in paragraph (c);
(e) entering any other premises for the purposes of gaining entry to or exiting the premises referred to in paragraph (d);
(f) removing the computer or another thing from any place where it is situated for the purposes of doing the things mentioned in paragraph (c), and returning the computer of other things to that place;
(g) if, having regard to other methods (if any) of doing the things mentioned in paragraph (c) which are likely to be as effective, it is reasonable in all the circumstances to do so:
(i) using any other computer or a communication in transit to do those things; and
(ii) if necessary to achieve that purpose- adding, copying, deleting or altering other data in the computer or the communication in transit;
(h) intercepting a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing mentioned in this subsection;
(i) any other thing reasonably incidental to any of the above;
at the following time:
(j) at any time while the warrant is in fore or within 28 days after it ceases to be in force;
(k) if none of the things mentioned in paragraph (c) are done within the 28 day period mentioned in paragraph (j) – at the earliest time after that 28 day period at which it is reasonably practicable to do the things mentioned in paragraph (c).“
Alarmingly, the law also gives the Australian Enforcement agencies power to execute such Warrants against computer resources and users in foreign jurisdictions. The only requirement as per Section 43C and 43E is that the officer seeking such warrant must satisfy the nominated AAT member or the Judge that the appropriate official of the foreign country has consented to such a request.
With respect to the Network Activity Warrant, the definition of ‘Criminal Network of Individuals‘ as defined under under Section 7A is also enormously problematic. The definition is too vast and vague to allow arbitrary inclusion of any group of individuals. For the purpose of issuance of Network Activity warrant, no concrete evidence or reasonable grounds need to be mentioned. A group of individuals can be designated as ‘Criminal Network of Individuals’ if in the opinion of the enforcement officer, they are ‘likely‘ to engage into ‘relevant offence‘. What constitute these ‘relevant offences’ have interestingly, not been defined. As a matter of fact, as per Section 27KK (2)(b) it is ‘IMMATERIAL‘ that ‘the details of the relevant offences be ascertained‘. The legal sanction with respect to addition, modification, copy, deletion of private data is also allowed in such a warrant. The enforcement agencies are allowed to cover their tracks and conceal their digital footprints.
The warrants have a life of of 90 days from the date of issuance. The enforcement officer can however, apply for its extension for another 90 days before its expiry.
Civil rights groups have contended that these provisions are in gross violation of even the bare minimum conception of individual privacy.
It must be noted that Australia does not have constitutionally protected rights to freedom of speech or even an enumerated Human Rights Charter within its Constitution framework. Other than Victoria and the Australian Capital Territory there is no state or territory which has ensured a human rights legislation in place. If the Commonwealth is found to be in violation of human rights, the Australian courts, unfortunately, could not provide for a remedy.
Australia has suffered much criticism world-wide for its human rights records, specifically in terms of its treatment of Aboriginal population. The United Nations, through its 2011 introduced scheme of Universal Periodic Reviews, has constantly reviewed and reprimanded the Australian state over its human rights record. In spite, the Australian government has always voiced itself for a rejection of any national human rights framework or any concrete alternative mechanism to guarantee them within its territory. It is one of the few jurisdictions in the first world countries, which does not recognize its citizens’ right to privacy as a constitutional right.
Though it has accorded statutory recognition by some degree to right to privacy of individuals with respect to their personal data collected by Government agencies and companies through the Privacy Act of 1988, but that so is very limited in scope. The data granted protection through this Act is limited to the ‘collected data’ (by Government agencies or companies for providing services) and does not extend to the private intimate data of individuals. But even with respect to such ‘collected data’ , the Australian Privacy Principles (APP) enshrined in the 1988 Act makes room for vast field of exemptions for disclosure of such information. Principle 3, 5 and 6 of the APP hold out that Enforcement agencies such as Police are exempted from the application of this Act. The Act therefore, does not offer protection to the individuals against the Australian state or the Enforcement authorities in criminal matters or investigation into criminal matters.
With such asymmetry between the privacy of individuals against invasive powers mandated to the hands of state enforcement agencies, the Australian human rights record is bound to decline. The Australian citizens have taken to streets, protesting against such brute-forcing of state surveillance into their private lives. What shall unfold in Australia, is for the world to watch closely, for such a development in one state often inspires a trend in others to follow as well. Traditionally surveillance has always been an industry operating in the mirth and voids of law. But the latest brandishing of Australian Parliament to sanction it as the supervening legal dictate against the human rights of its citizens, must be taken as a sign of concern for free people across the world.