Submission No. 10 - Electronic Frontiers Australia
PO Box 382 North Adelaide SA 5006
Email: secretary@efa.org.au
Phone: 08 8362 5183 Fax: 08 8362 5183
http://www.efa.org.au/
25 April 1999
The Secretary
Parliamentary Joint Committee on ASIO
Parliament House
CANBERRA ACT 2600
Via Email: pjcasio@aph.gov.au
Dear Secretary,
EFA submission to joint parliamentary committee on ASIO
Further to the invitation to comment upon the review of the Australian
Security Intelligence Organisation Legislation Amendment Bill 1999, I
make the following submission on behalf of Electronic Frontiers Australia
Inc.
Electronic Frontiers Australia Inc. is a non-profit national organisation
formed to protect and promote the civil liberties of users and operators
of computer based communications systems. EFA was formed in January 1994
and incorporated under South Australian law in May 1994.
This submission is made with the authority of the Board of EFA.
EFA wishes to express the concern that the Bill goes beyond bringing
ASIO powers up-to-date, and in fact extends the powers of the agency and
its Director-General in new and significant ways.
While keeping law-enforcement and intelligence-gathering agencies relevant
to the digital age is a worthy aspiration, it should be remembered that
computer technology also has the capacity to monitor individuals and damage
an individual's reputation in ways not possible in times past. It is important
that the use of technology be restrained by reference to rights of privacy
guaranteed under the UN Declaration of Human Rights and traditional review
of the actions of the Executive by the Courts.
In his second reading speech the Minister acknowledged the need to 'balance
between the rights of individual persons and the preservation of national
security'. He said the Bill did not aim to 'extend ASIO's functions but
simply will enable the organisation to meet its statutory responsibilities
in more efficient and effective ways'.
EFA believes that while the Bill may improve efficiency, for example
by replacing human surveillance with electronic surveillance, it will
not do simply that. Overall the Bill provides for a significant increase
in ASIO's powers, and a corresponding decrease in the rights of Australians.
The balance between individual rights and the security concerns of the
state is shifted in favour of the latter.
There does not appear to be any change in the external circumstances
to warrant this, nor any explanation from the government (apart from a
reference to attacks on US facilities in East Africa!) as to why the individual
rights of Australians should be further eroded.
The following matters give rise to particular concern that the availability
of computer technology has given rise to a 'wish list' of ASIO powers,
without adequate public scrutiny as to whether the powers are warranted.
Concealment. Schedule 1, Item 16
The new section 25 (5)(c) authorises ASIO to 'conceal the fact that any
thing has been done under this warrant'. This includes concealing the
fact that data (defined in the Bill as including both information and
computer programs) has been added, deleted, or altered. This goes beyond
mere eavesdropping on communication, as is done in telephone tapping,
to authorise the covert insertion of material on to a citizen's computer.
This creates a risk to business. Small data changes can have extreme
and unforseen effects. 'Non-destructive' crackers who don't do any damage
except for logfile changes to cover their tracks can still force tens
of thousands of dollars worth of labour costs and downtime, since clean
installations and auditing of all backups can be a mammoth undertaking.
When ASIO, or anyone else for that matter, is authorised to hack into
computer systems, there is always the possibility of accidental damage
to the software or data on the citizen's computer. While Section 25(6)
prohibits interference with or obstruction of the lawful use of the computer,
how is this to be detected if the damage, whether accidental or deliberate,
was done covertly? Should any citizen whose computer mysteriously malfunctions
(and this is not an uncommon event) immediately suspect ASIO, or just
blame Microsoft as usual? Assuming that the citizen did detect some kind
of deliberate interference (rather than yet another mysterious glitch)
how would he or she prove that it was ASIO?
A related issue is the possibility of the deliberate 'planting' of evidence.
Once ASIO officers are authorised to covertly interfere with computers,
the danger is that a future Minister or Director General may find it convenient
for compromising material to appear on the computer of an opponent. Even
assuming the complete probity and honesty of the Minister and the Director
General, the danger remains that an enthusiastic ASIO officer may be tempted
to the electronic equivalent of the old police tactic of 'planting a brick'.
EFA submits that ASIO should have no power to alter or add data to
a computer.
Emergency warrants.
In Holland a similar act requires three Ministers to sign a warrant.
This Bill authorises one Minister to issue a warrant and extends to the
Director General the power to grant emergency 24 hour warrants. These
warrants are no longer confined to listening device warrants, but are
extended to all warrants, including tracking device and search warrants.
EFA submits that warrants should require the signature of three Ministers,
one of whom should be the Attorney-General, and that there should be no
power for the Director General to grant emergency warrants.
Tracking. Schedule 1, item 23
The Minister may authorise ASIO to use tracking devices for up to 6 months.
EFA submits that the use of tracking devices be limited to 7 days,
as is currently the case with search warrants.
Power to Enter Premises. Schedule 1, item 22
Item 22 proposes the addition of Section 6A giving almost open ended
power to enter premises to remove a listening device, and to use reasonable
force. This is no longer restricted to the period when the warrant is
in force, but within 28 days of the warrant expiring, or, failing that,
at the earliest reasonable time thereafter.
EFA submits that the power to enter premises remains restricted to
the period when the warrant is in force.
Basis for warrants. Schedule 1, Item 16 (s25(2))
The test to be satisfied by ASIO in order to obtain a warrant has been
re-worded, and significantly widened. In the existing Act the Minister
may issue a search warrant following a request from the Director General
and after being satisfied that there is material without access to which
the collection of intelligence by ASIO 'would be seriously impaired.'
The Bill applies a different test, where the Minister merely has to be
satisfied that there are 'reasonable grounds for believing' that the warrant
will 'substantially assist' in the collection of intelligece in respect
of a matter 'that is important in relation to security'.
EFA submits that the proposed changes to Section 25 should be subject
to further parliamentary scrutiny, with ASIO to be required to justify
the new powers. The Parliament may well consider that protections for
the computer-using public are not adequate, and that Government agents
hacking into private computers represents a new form of Government intrusion
that requires detailed guidelines, checks and balances.
Duration of warrants. Schedule 1, item 16
The maximum duration of a search warrant has been extended from 7 to
28 days and an 'activation period' of up to 28 days provided after the
grant.
EFA submits that the maximum duration should remain at 7 days.
Tax and Financial Information. Schedule 4 and Schedule 6
The extremely broad nature of this legislation appears to open taxation
records to a whole new class of people. At present AUSTRAC information
can be released only to taxation, federal police, National Crime Authority
and Customs officers.
ASIO's responsibilities are defined so broadly, and its activities can
be carried out so covertly that this gives ASIO virtually carte blanche
access to tax information.
EFA is concerned that Parliament may have been asked to take "on
trust" that ASIO and its Director General will not abuse these new,
sweeping powers over private computers. While a trust in the agencies
of a democracy is appropriate, history and the experience of other countries
have established that rogue intelligence-gathering agencies are uniquely
placed to fabricate evidence, blackmail officials and engage in individual
espionage. Only an extra-agency review of these powers can provide safeguards
against the possibility of ASIO abusing the powers for the Government
of the day, for the agency or an agent's personal purposes.
Yours faithfully,
Darce Cassidy
Executive Director
Electronic Frontiers Australia
A copy of this submission is also available from the
Committee Secretariat.
Top
|