Government must leave encryption alone, or it will endanger blockchain

With Sinclair Davidson and Jason Potts

If we could give Malcolm Turnbull one piece of economic advice right now – one piece of advice about how to protect the economy against a challenging and uncertain future – it would be this: don’t mess with encryption.

Earlier this month the government announced that it was going to “impose an obligation” on device manufacturers and service providers to provide law enforcement authorities access to encrypted information on the presentation of a warrant.

At the moment it’s unclear what exactly this means. Attorney-General George Brandis and Malcolm Turnbull have repeatedly denied they want a legislated “backdoor” into encrypted devices, but the loose way they’ve used that language suggests some sort of backdoor requirement is still a real possibility.

Hopefully we’ll discover more when the legislation is introduced in the August sitting weeks. Turnbull did say at the press conference “I’m not suggesting this is not without some difficulty”. The government may not have made any final decisions yet.

But before any legislation is introduced, the government needs to understand what the stakes are in as they strive against encryption.

Anything the government does to undermine the reliability of encryption could have deleterious consequences for what we believe will be the engine of economic growth in decades to come: the blockchain protocol.

The blockchain is the distributed and decentralised ledger that powers the Bitcoin cryptocurrency. Blockchain constitutes a suite of five technologies: cryptography, a database that can be added to but not altered, peer-to-peer networking, an application of game theory, and an algorithm for ensuring a consensus about what information is held on the ledger.

Taken separately, these are long established technologies and techniques – even mundane ones. But taken together, they constitute an entirely new tool for creating political, economic, and social relationships.

The possibilities far exceed digital currencies. Already banks and other financial institutions are trying to integrate blockchains into their business structures: blockchains drastically reduce the costs of tracking, recording, and verifying transactions. Almost any business or government organisation that is done with a database now can be done more efficiently, more reliably, and cheaper with a blockchain – property registers, intellectual property, security and logistics, healthcare records, you name it.

But these much publicised blockchain applications are just a small taste of the technology’s possibility. “Smart” self-executing contracts and massively distributed organisational structures enabled by the blockchain will allow the creation of new forms of business structures and new ways to work together in every sector and every industry.

In fact, we think that the blockchain is so significant that it should be treated as its own category of human organisation. There are firms, there are markets, there are governments, and now there are blockchains.

But the blockchain revolution is not inevitable.

If there is one key technology in the blockchain, it is cryptography. There are lots of Silicon Valley entrepreneurs playing around with lots of different adaptations of the blockchain protocol, but this one is a constant: the blockchain’s nested levels of encryption are built to ensure that once something is placed on the blockchain it is permanent, immutable, and only accessible to those who own it.

Blockchains only work because their users have absolute confidence that the system is secure.

Any legal restrictions, constraints or hurdles placed on encryption will be a barrier to the introduction of this remarkable new economic technology. In fact, any suggestion of future regulatory challenges to encryption will pull the handbrake on blockchain in Australia. In the wake of the banking, mining and carbon taxes, Australia already has a serious regime uncertainty problem.

Melbourne in particular is starting to see the growth of a small but prospective financial technology industry of which blockchain is a central part. The Australian Financial Review reported earlier this week about the opening of a new fintech hub Stone & Chalk in the establishment heart of Collins St. What’s happening in Melbourne is exactly the sort of innovation-led economic growth that the Coalition government was talking about in the 2016 election.

But the government won’t be able to cash in on those innovation dividends if they threaten encryption: the simple and essential technology at the heart of the blockchain.

Malcolm Turnbull’s Super Ministry

The new Home Affairs Ministry will be an administrative behemoth. It is unlikely that it will bring any great national security dividends. It is very likely that it will have undesirable consequences for Australia’s immigration program.

The Home Affairs Ministry takes the federal police, ASIO, the Australian Transaction Reports and Analysis Centre, and the Australian Criminal Intelligence Commission away from the Attorney-General. It takes the Office of Transport Security away from the Infrastructure Minister. It gives them all to the Immigration Minister Peter Dutton, who already has his own quasi-security agency, the Australian Border Force.

The politics here are obvious. Dutton is a senior conservative in a government that conspicuously lacks senior conservatives. But as a policy matter, there’s little public evidence to suggest that we our federal agencies are struggling to coordinate on security matters – although the 2014 Sydney siege did reveal weaknesses in federal-state security coordination, which the government has rightly moved to repair.

Where agencies sit on the ministerial map can have significant policy consequences. The creation of the Home Affairs Ministry locks in this government’s recasting of immigration as an economic opportunity to immigration as a security threat – a threat to national security, biosecurity, even economic security. Malcolm Turnbull has begun to use Julia Gillard’s old formulation: “Australian jobs are for Australians”.

Immigration and security are only a good fit if you squint very hard. For the most part Dutton’s day job has been the mundane work of supervising and approving or denying marginal visa applicants. The immigration minister is vested more discretionary powers than anyone else in the cabinet. Now that his focus is on security – taking constant briefings from ASIO and the AFP about domestic threats – security is how Australia’s immigration program will now be framed.

Submission to the Acting Independent National Security Legislation Monitor Inquiry into section 35P of the ASIO Act

With Simon Breheny

Introduction: This submission has been drafted in response to an invitation to the Institute of Public Affairs to make a submission to the Acting Independent National Security Legislation Monitor’s Inquiry into section 35P of the ASIO Act.

Our submission recommends the repeal of section 35P. We contend that there are three key problems with section 35P:

  • Individuals can engage in illegal conduct without being aware they are breaking the law
  • Restrictions on disclosure about special intelligence operations last forever
  • Any exemption will provide only limited protection for journalists but journalism is an ambiguous term, and the exemption will not protect freedom of speech

Available in PDF here.

Why It’s OK To Strip Foreign Fighters Of Citizenship

Citizenship is one of the central ideas of political philosophy. But not one most people spend a lot of time thinking about.

The Abbott Government proposes to strip Australian citizenship from dual nationals who fight for Islamic State. (This would only apply to dual citizens as there is a strong presumption in international relations against making anybody stateless.)

And there is legislation before Parliament that would make it harder for children who have lived in Australia for 10 years to automatically qualify for citizenship.

Announcing the citizenship amendments, Parliamentary Secretary to the Minister for Communications Paul Fletcher told Parliament that, “Australian citizenship involves a commitment to this country and its people. It is a privilege which should not be taken lightly.”

Yet beyond fuzzy little nostrums about “membership” and “belonging” it’s not obvious what citizenship actually means.

What principles would allow us to judge whether such legislative changes are good or bad? Is citizenship a right or a privilege? Who should be a citizen? But most importantly, why?

Some countries give citizenship automatically to anybody born on their soil. Australia doesn’t. Here you need an Australian parent too.

The word “citizenship” is absent from the Australian constitution, save an incidental, negative mention in the prohibition on foreign citizens from serving in parliament.

Legally, citizenship is an odd beast. Citizenship is neither necessary nor sufficient for many of the most important Australian rights and privileges.

Citizenship doesn’t give you an absolute right to vote. Underage citizens can’t vote, and neither can citizens who are serving a prison sentence of three or more years.

Citizenship isn’t the criteria for enjoying welfare and publicly funded health. They are protected by our laws. Non-citizens pay taxes and have access to our courts. Permanent residents can buy property.

Non-citizens enjoy our version of free speech – the right to political communication – and the freedom to lobby and protest.

A Senate committee roundtable last week batted around the pros and cons of putting citizenship in the Australian Constitution. (I was one of the participants.)

The idea is that this would offer the High Court some clarity when deciding cases that concern questions of who is and isn’t a citizen for legal purposes.

But if we’re not clear what citizenship is, then why trust the High Court to decide?

At Federation, Australian “citizenship” was based on whether you were a British subject. However, this worldly and cosmopolitan idea co-existed clumsily with the other, racist idea of Australianness that was manifest in the White Australia Policy.

Putting anything that reflected that idea of citizenship in the constitution would have been a disaster.

While there exists a thing called citizenship in Australian law, citizenship is really a philosophical concept not a legal one. And it is a fuzzy concept because the idea of group membership is a fuzzy concept.

Yet, for all that fuzziness, it is central to our notions of identity and politics.

The whole point of citizenship is that it is exclusionary – it is a unique national identity, one that confers specific rights and privileges.

To adopt a nationality is not to join just any old community. At citizenship ceremonies, new citizens transfer their identity and allegiance from the old country to their new one.

Dual citizenship sits awkwardly with even the most modern ideas of citizenship.

One argument for dual citizenship is that formally offering it is something we sell to potential migrants, making Australia an attractive destination for foreigners.

A more powerful argument is that dual citizenship is simply inevitable. Children born to parents with different nationalities automatically receive the citizenship of both. And we have no way of forcing other countries to strip the nationalities of those who become Australians. We live in a complex, globalised world, etc.

Dual nationals who go to fight for the Islamic State are effectively renouncing their Australian citizenship. Many dispose of their passports when they get to Iraq and Syria. It would be hard to imagine a more thorough rejection of democratic values – the values that citizenship is supposed to represent – than going to wage war for a theocratic slave state.

Surely, if we were willing to deny people citizenship because they failed a trivia quiz about Don Bradman, then fighting for Islamic State is also a reasonable disqualification.

Some experts say that giving the government the power to revoke citizenship status from dual citizens makes the very idea of citizenship less valuable. Citizenship is meaningless if it can be taken away.

But this argument confuses the legal concept of citizenship – a contingent and not particularly coherent bundle of privileges and rights – with the deeper philosophical one.

At a philosophical level, dual citizenship is a lesser form of citizenship, as it represents a less than absolute allegiance and national identity.

And just as importantly, if citizenship is most valuable as a bond between members of a political community, then treating the citizenship of those who reject the community as inviolate undermines that bond.

Fuzzy nostrums sometimes matter. And if citizenship is to matter it has to mean something.

Communications Minister Malcolm Turnbull’s Metadata Move Will Aid Regulators, Not Security

The Abbott government has rightly focused on red tape reduction and deregulation.

But Communications Minister Malcolm Turnbull could well preside over one of the largest increases in the regulatory burden since the telecommunications market was liberalised two decades ago.

At the very moment when Turnbull seems to have cleaned up the mess that was the national broadband network, his mandatory data retention policy puts the entire competitive dynamic of the Australian telecommunications sector at stake.

Terrorism is a very real problem. The existence of the Islamic State in Iraq and Syria has heightened the terror threat. If there are serious gaps in our anti-terror law framework, they should be filled. The government has spent the past six months doing so.

However, the data retention bill the government has put forward – which requires telecommunications providers to store masses of data on their customers for no other purpose than if a law enforcement agency or regulator wants to have a look at it in the future – is not a targeted anti-terror law.

If data retention is just for terrorism, the government could legislate to ensure it was just for terrorism. But from what we know, both the Australian Competition and Consumer Commission and the Australian Securities and Investment Commission are likely to get access to the new data.

Indeed, over the half a decade that data retention has been debated, its most fervent advocates have been economic regulators, not counter-terror agencies.

One draft data set (even as Parliament is set to vote on the bill, we still don’t know what the final data set to be retained will be) included a requirement to store records of “download volumes” for two years. What anti-terror benefit would that add? Download volumes would useful in copyright infringement cases.

The threat data retention poses to privacy has been widely discussed. But data retention is, first and foremost, a new economic regulation. So let’s treat it as sceptically as we would any increase in the regulatory burden on business.

Prime Minister Tony Abbott has said that the cost of data retention would be around $300 to $400 million, or just 1 per cent of the total revenue of the telecommunications industry.

This is a very significant amount of money. Telcos are already some of the most highly regulated firms in the country.

Turnbull has suggested government will contribute substantially to the cost of implementing data retention. But whether we pay for data retention through internet bills or just general taxation, we’ll still pay for it.

This new burden could dramatically reshape the telecommunications sector. All else being equal, large firms, with their well-established regulatory teams, are able to comply with new regulation much easier than small firms, which lack the economies of scale to absorb costs.

The unfortunate result of burdensome regulation is push smaller firms out of the market, reducing competition as they disappear. Less competition will, in the long run, result in higher prices.

In the case of data retention, it isn’t just size however that matters. Some telcos have more complex networks and technologies and legacy systems – think of Telstra – for whom imposing these new requirements might be disproportionately expensive.

Turnbull and Attorney-General George Brandis claim that mandatory data retention will require telcos to store no more data than some firms do already – just store it for a bit longer.

It’s not clear which firms they’re referring to. The entire industry has been up in arms about data retention. The proposed policy is not just a minor extension of existing practice.

Nevertheless, there’s a reason some telcos store data more than others. The smallest internet service providers survive by keeping their data storage and infrastructure costs as low as possible, hoping to pull customers away from the big firms with lower prices or better service.

For the law enforcement and regulatory agencies that have spent the past six years lobbying for data retention, regulatory compliance costs are an abstract second-order issue.

But for internet users and taxpayers, who will be charged higher prices by a declining number of internet service providers, the economic effect of mandatory data retention is a big deal.

Submission to Parliamentary Joint Committee on Intelligence and Security Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

Introduction: Recent terrorist attacks have emphasised the need for counter-terrorism and law enforcement policy to be flexible, robust, and up-to-date. The rise of Islamic State is a significant threat, materially changing the foreign fighter problem. Many of the government’s recent anti-terror law changes have been welcome and necessary. As I argued in December 2014, the “knee-jerk reaction against any and all national security changes is not merely wrong, it’s dangerous. There is no more basic responsibility of government than security.”

However, The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 (“data retention bill”) will mandate the creation of large databases of information about the activities of all Australian internet users, not just those suspected of criminal activity.

The information contained in these databases will be sufficient to reconstruct extremely deep profiles of the activities of internet users. The information within the databases will be potentially available in any court proceeding, including, for instance, as the result of a subpoena in civil litigation. The government has made a decision not to limit access to this information to national security purposes. The creation of these databases manifests substantial new privacy risks to Australians, both from lawful and unlawful access.

The government has not demonstrated that the risks and consequences of mandatory data retention outweigh the benefits to law enforcement, nor has it demonstrated that the existing legal framework – which was substantially revised in 2012 – is insufficient to tackle the security challenges which the government has identified.

Available in PDF here.

Anti-Terrorism Law Reform Follows Legislate In Haste, Repeal At Leisure Approach

The national security debate over the past four months has been one of the most revealing about Australian political culture in a long time.

It’s exposed serious weaknesses in parliamentary oversight. It’s offered a case study of how big reform needs careful work. And it’s demonstrated how easily public debate slips into well-worn factions.

On August 5, the Abbott government launched its national security legislative agenda – three giant tranches of new anti-terror laws.

For good measure it also announced it was abandoning the proposed reforms of Section 18C of the Racial Discrimination Act. They were, apparently, a “complication”.

This was as complete a philosophical reversal as Australian politics has ever seen. One day the government was wholeheartedly dedicated to restoring freedom of speech. The next day Prime Minister Tony Abbott was saying that the delicate balance between liberty and security would have to shift, and not in favour of liberty.

But there were actually good reasons for the government to be in such a rush.

A knee-jerk reaction against any and all national security changes is not merely wrong, it’s dangerous. There is no more basic responsibility of government than security.

It’s hard to believe now, but until the 9/11 attacks anti-terrorism policy was the responsibility of the states, not the federal government. The first proper Commonwealth anti-terror legislation was enacted in 2002.

Even after more than a decade, in 2014 there is still a strong case for national security law change. The security environment has materially changed over the past 12 months. The Islamic State has attracted more foreign fighters – Australians travelling to be militants for the caliphate – than any other conflict since the war on terror began.

This is a big problem. A study published in the American Political Science Review last year found that one in nine Islamist foreign fighters between 1990 and 2010 later attempted terrorist attacks in their home country.

So we need to be talking about passport control and how to prosecute somebody under the Crimes (Foreign Incursions and Recruitment) Act 1978. Many of the Abbott government’s legislative changes reflect recommendations along these lines by the Council of Australian Governments and the Independent National Security Legislation Monitor.

It’s all complicated stuff. It’s highly technical and legalistic. It concerns marginal changes to existing legal frameworks.

Yet the debate over anti-terror law changes has been dominated by that school of thought which believes that to offer anything less than uncritical support of government proposals is to downplay the threat of terrorism.

This is incredible considering the number of extra security changes the government has pushed through the parliament over and above those targeted at the foreign fighter problem – and over and above those recommended by the many inquiries into counter-terrorism law in recent years.

The government hasn’t explained why the particular threat of foreign fighters means we need to make it illegal for journalists to report on ASIO operations.

Nor has it explained why IS means we need mandatory internet data retention, a requirement that internet service providers store vast databases of information about their users for two years.

The government’s national security laws look more like a shopping list of security desires rather than a targeted response to the specific foreign fighter threat.

Indeed, if you add all the legislative tranches together, it constitutes a reform program of incredible size. It’s a much more ambitious reform program than anything else the government has pursued, even including the budget. It’s more ambitious than you’d expect from any government in its first year.

But pushing through a reform program of this size in such haste has created problems.

For instance, last week parliament passed a follow-up bill to a security bill that was passed in October, designed to fix problems identified in the earlier legislation.

The debate has exposed some remarkable ignorance of the details of the legislation being proposed.

Take Anthony Albanese’s objection that the security measures threaten freedom of the press. This only came after he had supported those measures in parliament. Labor is terrified of looking soft on security, but that’s no reason not to do due diligence.

Likewise, the Attorney-General George Brandis seems to have been caught off guard by the details of his own bill. First Brandis denied that the restrictions on releasing information about ASIO operations was targeted at the media, then he tried to assure journalists he wouldn’t personally approve the prosecution of one of their number.

These issues should have been resolved while the legislation was being drafted. Not weeks after it was passed.

Then there are the problems the national security reforms have caused for the government’s economic agenda.

The time the government spent negotiating with the crossbench on national security issues not directly related to the urgent foreign fighters threat was time not spent negotiating the $7 medical co-payment and the higher education changes.

Now politics has been reset to where it was left in August. Parliament’s focus is back on the budget and the economy.

The foreign fighter threat is likely to ebb when it becomes obvious to Western jihadis that a trip to the Islamic State is a trip to certain, pointless, death.

But the hurried security decisions made in the past few months will stay on the books for a very long time.

The Jig Is Up On Data Retention Plans

Last week was the second time the Government announced its mandatory data retention policy, and the second time it gave the game away while doing so.

Data retention keeps spinning out of the Government’s control.

First, in August, Tony Abbott admitted in a television interview that requiring internet service providers to retain data on their customers’ activity was not just about anti-terrorism and national security but could be used to fight “general crime”.

This time the mistake was made not by politicians but by the Australian Federal Police commissioner Andrew Colvin.

Asked whether data retention could be used to police copyright infringement, Colvin responded:

Absolutely, I mean any interface, any connection somebody has over the internet, we need to be able to identify the parties to that connection … So illegal downloads, piracy … cyber-crimes, cyber-security, all these matters and our ability to investigate them is absolutely pinned to our ability to retrieve and use metadata.

Over the next few days George Brandis, Malcolm Turnbull and Colvin tried to roll this back. Copyright is a civil wrong, not a criminal one, they said. Copyright holders are responsible for bringing legal action against pirates. The AFP isn’t interested in civil cases. (This is only partly true. Commercial scale copyright infringement is a criminal offence.)

But here’s why Colvin’s misstep matters.

Mandatory data retention would create massive new databases of internet users’ activity in every internet service provider across the country.

A lot of opponents of data retention have pointed out that this creates a very real risk of unauthorised access. It’s hard to keep data secure.

Yet just as concerning is authorised access. Once these databases have been created they will be one subpoena away from access in any and every private lawsuit.

Many people have some residual faith that police and security services are benevolent. After all, their mission is absolutely essential – to protect us. But do Australians have the same faith in movie studios? Their neighbours? Their employers?

After all, it’s been undeniable that data retention could help copyright infringement cases ever since the Government included “download volumes” in the list of data it wanted ISPs to retain.

But this is just getting started. Think about how useful mandatory data retention might be in other civil cases.

It would be easy to trace where somebody has been based on the source IP addresses of their mobile phone, as the phone moves from cell tower to cell tower, connecting and reconnecting to the network and internet every time.

In other words, under mandatory data retention ISPs will have to keep records of your movements for two years.

Imagine how this sort of information might be used, for instance, in a workplace relations lawsuit.

Likewise, online defamation cases will be strengthened by records that match IP address to account holder. Do you sometimes comment anonymously on blogs and news websites? Under data retention lawyers could track down who you are months after the fact.

We could go on.

Remember the Government wants this data stored solely for the purpose of future law enforcement investigations. It would be deleted otherwise. It has no business purpose.

Yet not everything about the policy the Government announced last week is terrible.

It was long assumed that data retention would be shoehorned into the existing telecommunications access regime – the regime that allows agencies and authorities from ASIO to the RSPCA to access your phone records without needing a warrant.

Instead, the Government has decided to change that regime.

The proposed bill limits warrantless access to the both the existing set of data, and any future data retained under the new policy, to “criminal law enforcement agencies”. Those agencies are the AFP, Customs, state police, and the state anti-corruption commissions. (You can see the list in the explanatory memorandum here, paragraph 197.)

The upshot is that the RSPCA will no longer have warrantless access to phone records. Nor will the Australian Competition and Consumer Commission, the Australian Securities and Investment Commission, or any of the dozens of bodies that have enjoyed such access for years.

They, like movie studios and your neighbours, would have to ask a judge for permission.

I’d guess there was a fair bit of jaw-dropping in bureaucracies across the country when Brandis and Turnbull announced that new rule.

Now, the legislation allows the Government to authorise more agencies at will, so the list could easily expand.

Still it is a striking admission that there has been too much access to too much data by too many bureaucrats for too long.

And that’s why the new limits on agency access to telecommunications data doesn’t compensate for the threat to civil liberties that is mandatory data retention. Fewer agencies, sure, but with access to a much more complete record of our lives.

One of the clichés of the internet era is that “information wants to be free”. But information doesn’t want anything, of course. People want information.

Data retention will create vast archives of data about what we have done and where we have been. People will definitely want that.

No Wonder MPs Are Confused About Security Laws

I have a fair amount of sympathy for Anthony Albanese.

Sure, his intervention in the national security debate came nearly a fortnight late.

When Albanese told Sky News he was concerned about section 35P of the National Security Legislation Amendment Bill (No.1) 2014, it had been 11 days since he and his party voted that restriction on free speech into law.

But this is exactly why the bill was rushed through in the first place. To prevent opposition to the measures from coalescing. To prevent analysts and those affected by the provisions from delving into the detail. To prevent information about the bill’s practical consequences from spreading until it was too late.

In The Drum earlier this month Michael Bradley showed how little senior politicians on both sides understood of the national security legislation they voted for.

But let’s not be too harsh. Academics with expertise in national security legislation have told me that even for people who live and breathe this stuff, the legislation was incredibly opaque and the significance of some of the big concepts within it entirely unclear.

If this sort of law is hard for the experts, imagine how hard it is for the politicians who have to vote on it.

As of Tuesday morning there are 130 separate bills being considered in federal parliament. Just reading them all is an incredible amount of work.

Some bills are brief, just a couple of pages. Others are like a short book. The Building and Construction Industry (Improving Productivity) Bill, which re-establishes the Australian Building and Construction Commissioner, runs to 21,000 words. It isn’t the longest.

The bills under consideration total 594,032 words. At an average reading speed (say 200 words per minute) it would take 49 hours just to read all that legislation.

Add the explanatory memoranda for the bills (the essential first step if we’re interested not just in reading but understanding) and their 1,271,218 words would constitute another 106 hours of reading.

If somebody made that their full time job (8 hours a day, 5 days a week) that’s four weeks – the better part of a month – of dedicated reading.

But reading legislation isn’t enough to understand policy. It isn’t really possible to comprehend, for instance, the latest national security proposals without having read the reports of the Independent National Security Legislation Monitor. The INSLM’s 2014 report, which goes into detail about the legislative framework governing foreign fighters, is another 6 hours or so of reading.

So Australia’s politicians have a mammoth amount of reading and learning if they want to become even minimally informed about what they’re voting about.

No surprise that they are not minimally informed.

In the system of direct democracy in Ancient Athens, citizens would personally vote on each public policy measure themselves.

But direct democracy is incredibly time consuming. Most people have to work for a living. We can’t all sit around all day considering legislation. So instead we elect representatives to act on our behalf. They do it so we don’t have to.

Yet nobody who has been involved in any public policy debate can avoid noticing the incredible ignorance that legislators often have of their own proposals, or of the misinformation they accidentally peddle.

Sure, some misinformation is intentionally peddled. But most of it is accidental, and most of it comes from this extraordinary information overload.

Your average backbencher spends their life dashing from one meeting to the next branch meeting to the next community fete. They don’t have the time to get across all the material. That’s no excuse of course. But that’s just how it is.

As a result, so much of our public policy debate falls back on a feeling about whether one ought to support the purpose of a bill, rather than the specifics of the proposals.

Politics isn’t really about policy, after all – it’s about signalling to voters what your values are.

Do you support greater national security powers, in general? Then vote for the National Security Legislation Amendment Bill (No.1) 2014. The detail is just detail.

But that detail included a new and dangerous restriction on free speech, as Labor slowly realised after they waved the bill through.

One proposal in the United States is the Read the Bills Act, which, among other things, would require legislators to sign an affidavit that they’ve actually read the bills they vote for. (You can read about it, and read the bill itself, here.)

The Read the Bills Act would also require amending legislation to quote the words it intends to replace. The idea is to make legislation not just available, but comprehensible.

This matters because laws are imposed on everybody but only a narrow group of dedicated lawyers and analysts are able to decode them.

Legal complexity and parliament’s heavy workload empowers the bureaucracy and the government at the expense of legislature. This isn’t good for responsible democracy.

Last week the Liberal Democrat Senator David Leyonhjelm released a tongue-in-cheek quiz -How well do you know the Foreign Fighters Bill?

That quiz was addressed to journalists. It could have just as easily been addressed to his fellow politicians.

Surveillance and Privacy

In August 2014, the Australian government announced it intended to require internet service providers to retain “metadata” on every customer for two years for the use of law enforcement.

A first pass at this policy, offered by Prime Minister Tony Abbott and Attorney-General George Brandis, suggested the government wanted ISPs to collect the internet browsing history of all users. A second, evidently revised version of the policy was announced a few days later by the Communications Minister Malcolm Turnbull. The new version was much narrower.

Neither variation of the proposal is an Antipodean invention. In 2006 the European Union’s 2006 Data Retention Directive required EU member states to introduce similar sorts of mandatory data retention laws.

These proposals come on top of the revelations about the United States’ National Security Agency’s vast global surveillance apparatus.

Democratic countries are now faced with fundamental questions. Can the right to privacy survive the expansion of the surveillance state? Or more fundamentally, is privacy a value worth protecting?

There’s a claim you often hear in discussions about privacy: someone who has done nothing wrong has nothing to hide. In other words, privacy is only a concern for those who are avoiding the law.

To the extent it is a serious argument, this claim has some serious practical problems. First, it presumes that we can trust government agents to uphold their duties fairly. That is not a trust which has been especially earned. Second, it ignores the fact that the expanding reach of public law, the over-criminalisation of minor rule-breaking and the expanding scope of the regulatory state has bought more and more activity into the realm of the justice system. Finally, law enforcement agencies and regulators operate as much by discretion as they do by commandment. Not every law or regulation is just, or justly enforced. It is not always obvious when you are doing wrong.

But more significantly, privacy is necessary for more than just the evasion of legitimate or illegitimate government action.

There is no consensus on how privacy ought to be defined, what its central attributes are and how it ought to be balanced with other principles such as the right to freedom of speech. Privacy is a condition; and a highly subjective and context dependent one at that.

But we all require privacy to function and thrive. Let’s start with the mundane. Obviously we desire to keep personal details safe – credit card details, internet passwords – to protect ourselves against identity theft. On top of this, we seek to protect ourselves against the judgment or observation of others. We close the door to the bathroom. We act differently with intimates than we do with colleagues. We often protect our thoughts, the details of our relationships, our preferences, from prevailing social norms. We compartmentalise. How many people would be uncomfortable with a colleague flipping through their mobile phone – with the window into a life that such access would provide?

Public life is one in which we all play roles, heavily mediated by social norms, assessments or assumptions about the values of our peers. Private life is a respite from that mediated world – a place we can drop our masks, abandon the petty deceptions that are necessary for smooth social interaction.

This desire for privacy applies to communications as well. Eroding privacy undermines our liberty to speak our minds. Thus, government surveillance interferes with the free-ness of speech. The feeling – real or imagined – that we are being watched, or that our actions are being recorded, affects the way we express ourselves. One 1975 study examined how the knowledge of surveillance changed stated attitudes on moral and legal questions. The study concluded that “the threat or actuality of government surveillance may psychologically inhibit freedom of speech”.

The legal scholar Louis B Schwartz illustrated how entangled free speech and privacy are by describing the characteristics of communication in private: “Free conversation is often characterized by exaggeration, obscenity, agreeable falsehoods, and the expression of anti-social desires or views not intended to be taken seriously. The unedited quality of conversation is essential if it is to preserve its intimate, personal and informal character.”

The belief that a speaker might have to answer for, or justify, their speech, especially their speech to those with whom they have an intimate or close relationship, is a constraint on that speech. We all understand how easy it is for others to misinterpret our words, and how speech can be willingly misconstrued. As Cardinal Richelieu put it in his famous (and possibly apocryphal) words, “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”

What does this mean for the debate over surveillance? As the recent debate over mandatory data retention has shown, the law governing telecommunications interception is complex, and the technologies it applies to even more so. On top of these technical and legal complexities, the nature of the national security threat is unclear. National security is a highly opaque area of public policy.

That opacity means the surveillance state is hard to control by democratic means. In their book Privacy on the Line, Whitfield Diffie and Susan Eva Landau argued that the “very invisibility on which electronic surveillance depends for its effectiveness makes it evasive of oversight and readily adaptable to malign uses.” The Princeton academic Rahul Sagar has concluded that the challenge of democratic control is so great that we mostly have to rely on whistleblowers to learn what the surveillance state is doing in our name.

In April 2014 the European Court of Justice ruled that Europe’s Data Retention Directive was unconstitutional. In the court’s view, the directive “interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data” and did so in a manner that was disproportionate to its stated objective of fighting serious crime.

Mandatory data retention has been wound back in many of the states that implemented it, in part because of the civil liberties issues raised by the European Court of Justice, and in part because the policy has not been a particularly effective law enforcement tool.

For Australia, that record, and the importance of privacy to individual flourishing, ought to create a presumption against the expansion of the surveillance state.