Submission No. 12 - Financial Services Consumer Policy Centre
Financial Services Consumer
Policy Centre
Submission to the Parliamentary Joint Committee on ASIO
Inquiry re ASIO Legislation Amendment Bill 1999
April 1999
Chris Connolly
Director
Financial Services Consumer Policy Centre
Unit 508
410 Elizabeth Street
Surry Hills NSW 2010
t. (02) 9281 4164
f. (02) 9281 4574
director@fscpc.org.au
http://www.fscpc.org.au
Introduction
The Centre welcomes the opportunity to comment on the ASIO Legislation
Amendment Bill 1999. We note the importance of this rare opportunity to
discuss the role of ASIO and the regulations governing it. We also note
the dramatic extension of ASIO's powers proposed in the Bill, and call
on the Committee to extend the period for consideration of this legislation.
The Centre's submission is made in the following context:
Chris Connolly, the Director of the Centre, is the consumer representative
(as a nominee of the Consumers' Federation of Australia) on the AUSTRAC
Privacy Advisory Committee. The Centre therefore has an interest in the
impact of the new ASIO powers on AUSTRAC.
Chris Connolly is also the Coordinator of the Campaign for Fair Privacy
Laws, and endeavours to represent the public interest on a wide range
of privacy issues, including general law enforcement issues.
This submission argues that the proposed new powers for ASIO under the
ASIO Legislation Amendment Bill 1999 are not justified, are not subject
to sufficient oversight and control, and will have an adverse impact on
privacy. This submission also argues that the Bill will significantly
undermine the work of AUSTRAC and the Australian Taxation Office.
It should be noted that Mr Connolly has been provided with a draft of
the Memorandum of Understanding between ASIO and AUSTRAC, and a draft
of the Memorandum of Understanding between the Inspector General of Intelligence
and Security and AUSTRAC.
These documents are dated 10 February 1999. They have been provided to
Mr Connolly in his capacity as a member of the AUSTRAC Privacy Advisory
Committee. They are marked "in confidence" and AUSTRAC has granted permission
for Mr Connolly to refer to them in this submission.
Those parts of the submission which discuss the content of the MOUs are
therefore marked confidential until further advice is received about the
status of the MOUs.
Mr Connolly has made himself available to the Committee to answer questions
about matters raised in this submission.
Purpose of the Bill
ASIO's current functions are limited by the ASIO Act 1979 to the gathering
and communication of intelligence relevant to security (Section 17). Security
is defined as protection from:
- espionage
- sabotage
- politically motivated violence
- promotion of communal violence
- attacks on Australia's defence system
- acts of foreign interference
Importantly, there are two Sections in the ASIO Act 1979, designed to
ensure that ASIO operates strictly within the ambit of the above functions:
Section 17A states that "This Act shall not limit the right of persons
to engage in lawful advocacy, protest or dissent and the exercise of that
right shall not, by itself, be regarded as prejudicial to security, and
the functions of the Organisation shall be construed accordingly".
Section 20 states that "The Director general shall take all reasonable
steps to ensure that:
a) the work of the Organisation is limited to what is necessary for
the purposes of the discharge of its functions; and
b) the Organisation is kept free from any influence or considerations
not relevant to its functions and nothing is done that might lend
colour to any suggestion that it is concerned to further or protect
the interests of any particular section of the community, or with
any matters other than the discharge of its functions."
We can see from the combination of the definition of security and these
two "warning" sections that the functions of ASIO are to be interpreted
in the narrowest possible sense, and that it was the intention of the
original legislators that ASIO should have the least possible impact on
the normal processes of advocacy and dissent.
The Attorney General seeks to assure the community, in his Second reading
Speech, that the Bill "will not extend ASIO's functions but simply enable
the Organisation to meet its statutory responsibilities in more efficient
and effective ways."
Having considered the contents of the Bill, and having perused some of
the Memorandums of Understanding drawn up to implement the Bill, we can
only assume that the Attorney General was talking about a different piece
of legislation.
In contrast to the words of the Attorney General, our reading of the
Bill and related documents finds that it delivers far more to ASIO than
a mere "updating" exercise could or should deliver.
In this submission we consider these substantial changes to ASIO's functions
and powers:
- The ability to obtain warrants under a new, less stringent test
- The ability to access and copy any computer data
- The ability to alter some computer data
- The ability to gain access (without a warrant) to AUSTRAC records
- The ability to gain bulk access (without a warrant) to AUSTRAC
records
- The ability to undertake bulk "data matching" exercises with
AUSTRAC records
- The ability to gain access (without a warrant) to Tax records
- The ability to gain bulk access (without a warrant) to Tax records
- The ability to undertake bulk "data matching" exercises with
Tax records
The reality is that this Bill represents a major overhaul and extension
of ASIO's functions and powers, coupled with a reduction in the controls
over the operation of ASIO. This is not justified. There is no external
pressure for ASIO's role to expand. Technology may have changed, but technology
itself does not 'create' any new threats, and overall the number of threats
to Australia's security have diminished.
We now turn to discuss each of the matters outlined above in more detail.
1. The ability to obtain warrants under a new, less stringent test
The new Section 25(2) proposed in the Bill replaces the existing test
for warrants with a new test.
The old relevant section - 25 (1) reads:
"Where, upon receipt by the Minister of a request the Minister is satisfied
that there are reasonable grounds for believing that there are in any
premises any records or other things without access to which by the Organisation
the collection of intelligence by the Organisation in accordance with
this Act in respect of a matter that is important in relation to security
would be seriously impaired, the Minister may(issue a warrant)"
This means that the test is only satisfied where all of the following
elements coexist:
There are reasonable grounds for believing that:
- Certain material exists on the premises;
- ASIO requires access to that material;
- The collection of intelligence by ASIO would be "seriously impaired"
without access to that material; and
- The above collection of intelligence is "important in relation to
security"
The proposed Bill replaces this section with the new Section 25 (2):
"The Minister is only to issue the warrant if he or she is satisfied
that there are reasonable grounds for believing that access by the organisation
to records or other things on particular premises will substantially assist
the collection of intelligence in accordance with this Act in respect
of a matter that is important in relation to security."
This new Section completely changes the nature of the test for warrants.
The old test required an 'obstacle' to be in the way of ASIO. That is,
their collection of intelligence on a serious matter would be "seriously
impaired" by not obtaining the information sought. The new test simply
requires some marginal benefit for ASIO if they had the information -
their collection would be "substantially assisted".
There is a great deal of difference between the two tests. It is a significant
lowering of the barrier to ASIO obtaining warrants. One would therefore
expect to see extensive reference to this new Section in the Explanatory
Memorandum and/or the Second Reading Speech.
However, the Explanatory Memorandum only makes a cursory reference to
this Section, stating that "Subsection 25(2) simplifies the description
of matters about which the Minister must be satisfied before he or she
issues a warrant."
The Second Reading Speech simply states "these amendments clarify the
requirements for the issue of a search warrant".
The effect of these two statements is to suggest that the amendment only
changes or clarifies the description of the test for warrants,
and makes no change to the test itself.
This can only be explained as either a mistake, or a disguise (intentional
or otherwise) of the true nature of the amendment.
If we accept the former explanation, then it is clear that the Minister
intends the amendment to clarify only the description of the original
test. Perhaps the original test is worded a little clumsily. A plain English
amendment might prove useful, but the basic requirement of "seriously
impaired" must be retained.
If we accept the latter explanation, then the amendment should be rejected
outright. No evidence has been presented to justify a lessening of the
test. The significant change to the test has been disguised (whether intentionally
or not) by the very Minister responsible for issuing warrants subject
to the test. The Explanatory Memorandum makes no mention of the change.
The test drawn up by the original legislators should remain intact.
Recommendation:
Either amend the original Section 25(1) so that it reads more clearly,
but retains its original meaning; or justify and explain the reasons for
lowering the test for warrants.
2. The ability to access and copy any computer data
As we enter into the age of the "information economy", great care must
be taken to balance the rights of individual users of computers and electronic
communication, and the needs of security agencies.
An amendment to the ASIO Act which is described as "minor" is not an
appropriate forum to discuss, or decide, that balance.
Australia is yet to outline clearly articulated policies and guidance
on the use, development, import and export of cryptography. No forum has
considered the complete social and economic ramifications of either restricting
the availability of cryptography, or providing security agencies with
the ability to access cryptographic keys.
Yet the Government, in this Bill, appears to make a unilateral decision
to allow ASIO to take the necessary steps to access cryptographic keys
by allowing them to hack computers, and copy or alter data, in order to
crack security systems. This is not the forum to either discuss the technical
feasibility of such a proposal, or to decide that the balance should be
so heavily weighted against the user.
Recommendation:
Defer consideration of ASIO's ability to remotely access computer
data, and other powers which may impinge on new forms of electronic communication,
for consideration by a more appropriate forum.
3. The ability to alter some computer data
The ability of ASIO to alter computer data without further restriction
is completely unnecessary. The provision that ASIO may do "any thing reasonably
necessary to conceal the fact that any thing has been done under the warrant"
(Section 25 (5c)) gives ASIO the power to do whatever is necessary (including
presumably to alter data) to "cover their tracks".
No other alteration of data by ASIO can be justified on any grounds.
The 'protection' of Section 25 (6) is a diversion. Whether the alteration
interferes with other persons 'lawfully' using the computer is irrelevant.
The restriction should simply be that ASIO cannot alter data except where
it is absolutely necessary to conceal their presence.
Recommendation:
The ability to "add, delete or alter" computer data should be removed
from Section 25 (5a).
4. The ability to gain access (without a warrant) to AUSTRAC records
We are completely opposed to ASIO being granted any access to AUSTRAC
information beyond that which they might obtain by current means (ie.
where there is a joint investigation with an existing user such as the
Australian Federal Police).
ASIO has a particular role and a particular image within the Australian
intelligence community. Its focus is (correctly) on gathering intelligence
relating to potential risks to national security. It does not have a role
in the investigation of money laundering or tax evasion. The information
which is collected under the Financial Transactions Reporting Act must
be considered, at best, incidental to the purposes for which ASIO was
established.
ASIO's image in the general community is that of a ';spy agency' interested
in terrorism, treason and espionage. The inclusion of ASIO in the list
of users of FTR information will have to be conveyed to consumers in pamphlets
in bank branches, posters etc. This will dramatically change the nature
and perception of the FTR Act and the work of AUSTRAC. A certain stigma
will attach to the work of AUSTRAC, and those responsible for collecting
information under the FTR Act. It will be difficult for AUSTRAC to retain
its current image of being focused on money laundering and tax evasion.
Further access by ASIO to AUSTRAC records is completely unjustified.
Potentially all the previous work that has been done on promoting awareness
of AUSTRAC's role and the assorted privacy issues and protections will
be undone by this amendment.
AUSTRAC will lose the support of the privacy and consumer movement, if
they simply become a de facto collection agency for ASIO.
The proposed Bill is pathetically quiet on what protections are available
should ASIO abuse its right to access AUSTRAC information, and contains
no restrictions on the scope or procedure for ASIO to access AUSTRAC information.
These protections are left to a Memorandum of Understanding between ASIO
and AUSTRAC and a Memorandum of Understanding between the IGIS and AUSTRAC.
You will see below that these MOUs provide absolutely no protections and
we have no confidence at all in this arrangement.
The protections and restrictions should appear in legislation.
This proposal can correctly be categorised as 'function creep' - the
situation where activities which are prima facie privacy intrusive are
allowed to proceed after careful consideration and public debate, often
with restrictions (such as the development of the FTR Act), but which
later become subject to gradual extension without similar debate or restrictions.
I believe that if ASIO had been openly proposed as a user of AUSTRAC information
at the time the FTR Act was introduced, the debate may have been very
different.
It must be remembered that the activities of AUSTRAC are privacy intrusive,
and are tolerated because the public agrees that money laundering and
tax evasion are serious problems, and because the public are assured that
that the information is collected and used in an appropriate way for the
elimination of money laundering and tax evasion. The public should not
be expected to tolerate any use of AUSTRAC information outside those parameters.
ASIO must prove that the benefits of their access to AUSTRAC information
outweigh the risks. Firstly they must prove that AUSTRAC information would
lead to the successful detection and prosecution of those who pose a risk
to national security. Secondly, they must prove that similar results could
not possibly be achieved by traditional investigative methods or, indeed,
through a joint investigation with an existing user.
The Memorandum of Understanding between ASIO and AUSTRAC is deficient
in a number of respects.
In any case, the memorandum of Understanding is completely unsatisfactory
as a regulatory tool. It is not a document that is available to the public.
It can change at any time on the whim of only one party. It can be removed
at any time without notice. It is not the subject of any regulatory oversight.
Recommendation:
ASIO should not have access to AUSTRAC records. They should continue
to access AUSTRAC records on an 'as needed' basis through joint investigations
with existing users such as the Australian Federal Police.
If ASIO is granted further access to AUSTRAC records, this access
should be governed by a series of restrictions and procedures appearing
in legislation - not in a Memorandum of Understanding.
5. The ability to gain bulk access (without a warrant) to AUSTRAC
records
The Memorandum of Understanding anticipates, and allows, situations where
the provision of AUSTRAC information in "bulk" can be made to ASIO.
If ASIO are to have access to AUSTRAC records, restrictions must be placed
on the type and scope of this access. They should only be able to make
individual searches with a specific intent. Fishing trips should not be
allowed. The MOU is an ineffective tool in providing these restrictions
- in its current form it allows virtually unrestricted access, including
bulk access.
Recommendation:
If ASIO is granted access to AUSTRAC records, the legislation should
specifically prohibit bulk access by ASIO to AUSTRAC records.
6. The ability to undertake bulk "data matching" exercises with
AUSTRAC records
The Memorandum of Understanding anticipates, and allows, situations where
data matching exercises can be carried out between ASIO and AUSTRAC.
Data matching between ASIO records and AUSTRAC records should be completely
prohibited. If ASIO are to have access to AUSTRAC records at all, restrictions
must be placed on the type and scope of this access. They should only
be able to make individual searches with a specific intent. Fishing trips
through wide data matching programs should not be allowed. The MOU is
an ineffective tool in providing these restrictions - in its current form
it allows virtually unrestricted access, including data matching.
Recommendation:
If ASIO is granted access to AUSTRAC records, the legislation should
specifically prohibit bulk data matching between AUSTRAC records and ASIO
records.
7. The ability to gain access (without a warrant) to Tax records
The amendments to the Taxation Administration Act proposed in the Bill
are similar to those discussed above in relation to AUSTRAC.
In this case, however, we have not had discussions with the Australian
Taxation Office or access to copies of the relevant Memorandums of Understanding.
In these circumstances we simply repeat our concerns as outlined above,
exchanging tax records for AUSTRAC records.
Tax records are similarly irrelevant to the purposes of ASIO. They are
also accessible through joint investigations with other law enforcement
agencies.
There is no justification for further access to tax records.
We call on the Committee to provide copies of the relevant MOUs or other
regulations guiding ASIO access to tax records.
Recommendation:
ASIO should not have access to tax records. They should continue to
access tax records on an 'as needed' basis through joint investigations
with appropriate government agencies.
If ASIO is granted further access to tax records, this access should
be governed by a series of restrictions and procedures appearing in legislation
- not in a Memorandum of Understanding.
8. The ability to gain bulk access (without a warrant) to Tax records
We presume that a similar power to gain bulk access to tax records is
anticipated or allowed in the relevant Memorandum of Understanding. This
should be prohibited.
Recommendation:
If ASIO is granted access to tax records, the legislation should specifically
prohibit bulk access by ASIO to tax records.
9. The ability to undertake bulk "data matching" exercises with
Tax records
We presume that a similar power to allow data matching between tax records
and ASIO records is anticipated or allowed in the relevant Memorandum
of Understanding. This should be prohibited.
Recommendation:
If ASIO is granted access to tax records, the legislation should specifically
prohibit bulk data matching between tax records and ASIO records.
Appendix About the Centre
The Financial Services Consumer Policy Centre is a non-profit consumer
research and advocacy organisation. We are a national body with an office
in Sydney.
The Centre's mission statement is:
"The Centre will become an ongoing organisation conducting
policy research and advocacy on national issues affecting low income
and disadvantaged consumers of financial services."
The Centre was established by the Financial Services Network as an Incorporated
Association in early 1998. The Centre's initial funding comes from a grant
from the National Consumer Trust Fund. We conduct projects which are relevant
to the needs of low income and disadvantaged consumers, and which have
the potential to help produce pro-consumer changes in the financial marketplace.
The Centre's focus is on access issues and the affordability of financial
services for low income and disadvantaged consumers, including research
on:
- Unfair and anti-competitive fees and charges;
- The relationship between the social security system and financial
services;
- Superannuation choice of fund;
- Best practice in the provision of insurance products;
- Migrants and banking; and
- Consumer protection in electronic commerce.
The Centre's Management Committee is made up of nominees of existing
consumer and community organisations:
Michael Funston, Nominee of Consumer Credit Legal Centre (NSW)
Vicky Geraghty, Nominee of ACOSS
Fiona Guthrie, Nominee of Consumers' Federation of Australia
Jane Hutchison, Nominee of AFCCRA
Su Mahalingham, Nominee of Consumer Credit Legal Service (WA)
Daniel Coyne, Nominee of Australian Consumers' Association
Russell Mitchell, Nominee of Consumer Credit legal Service (VIC)
Financial Services Consumer Policy Centre
Suite 508
410 Elizabeth street
Surry Hills NSW 2010
Tel (02) 9281 4164
Fax (02) 9281 4574
Mobile 0414 938 942
director@fscpc.org.au
http://www.fscpc.org.au
A copy of this submission is also available from the
Committee Secretariat.
Top
|