Last week Attorney-General Nicola Roxon argued for one of the most significant attacks on civil liberty in Australian history – internet data retention.
There aren’t many details yet. From what we can tell, the government wants to force all internet service providers to record details about every email their customers send, every website they visit, and every communication they make.
The providers will have to store those records for up to two years, just in case the police or the Commonwealth spy agency ASIO want to look at them later.
This data retention scheme would be an institutionalised, systematic invasion of our privacy – at least as bad as the Hawke government’s proposed Australia Card was in the 1980s. And it is certainly scarier than any of John Howard’s post-September 11 security laws.
Admittedly, data retention is not an original Australian idea. Similar policies have been implemented across Europe. But their record is not flattering. Germany’s parliamentary research unit surveyed European crime statistics between 2005 and 2010 and could not find any evidence to suggest data retention was helping solve crimes. And several European countries have even found data retention unconstitutional. In 2009 the Constitutional Court of Romania found that “continuous limitation of the privacy right … makes the essence of the right disappear”. In other words, data retention is so pervasive that it eliminates privacy. You can understand why Romanians would be sensitive. They suffered under communist police state surveillance for nearly half a century.
The idea behind data retention is to try to replicate for the internet what police have enjoyed with telephone calls for decades – access to records of who we called and when. Yet there’s a big difference between phones and the internet. Telephone companies keep those records in order to bill us. So phone records already exist. Internet data retention would require companies to create a giant new database of what their customers were doing online.
This database would be many times larger and much more revealing. Most Australians make a couple of calls a day. But we send and receive dozens of emails. We visit hundreds of websites. In 2012 we do everything from banking, to researching health concerns online. The internet is nothing like a telephone.
On top of this, the government wants internet providers to take responsibility for keeping these vast new information archives secure. But there are hundreds of internet companies in Australia. Many of them are tiny. Few of them are security specialists.
The Attorney-General argued on Tuesday last week that the police needed all this new surveillance to tackle identity theft. This is clever: we need to destroy privacy in order to save it. But it is nonsense.
These new databases would be attractive targets for those very identity thieves. Criminals could just crack the security of a small internet provider. We’ve seen in the past few years how insecure corporate data can be. Even big firms struggle with security.
Making their case, Roxon and her A-G’s Department say they need to “modernise” their powers to deal with cybercrime. Yet the urgent need to modernise this law would be more convincing if it wasn’t for the fact that the 1979 Telecommunications Interception Act has been “modernised” 64 separate times since then. It has been changed on average twice a year for three decades. Indeed, the last modernisation was as recently as August.
Roxon is talking about more surveillance powers literally a fortnight after she has been granted new ones. Our Attorney-General must know this. So when will enough be enough?
Anyway, the August reform gave law enforcement agencies exactly what Roxon claims they need: the flexibility to investigate crime online. Now if police identify a suspect, they can order internet companies to log the data of specific individuals. Such targeted data preservation is reasonable. It’s like traditional phone tapping. Police get investigative powers, but don’t treat every Australian as a criminal.
Internet data retention isn’t the only new weapon the government wants. A parliamentary committee is currently considering a government discussion paper with dozens of complex proposals to extend security power over the internet. The discussion paper makes some stunning claims. Apparently, some limits on ASIO and the police merely “reflect historical concerns about corruption and the misuse of covert powers”.
Are those concerns really out of date? Politicians like to talk about balancing the need for security and the need for liberty, as if they are shouldering a heavy philosophical burden. Yet it seems new laws only ever satisfy the former. Liberty loses, inevitably, every time.