Australia’s Sweeping New Digital Laws Bode Poorly for Privacy Rights
The ongoing global battle between privacy rights and government intrusion is getting heated in Australia. A new bill updates the Surveillance Devices Act 2004 and Telecommunications (Interception and Access) Act 1979, allowing law-enforcement agencies or authorities to modify, add, copy, or delete data when investigating serious online crimes.
Governments and legal authorities insist these sweeping powers are necessary to enforce the law, but privacy advocates argue that it only creates new privacy risks while giving criminals new vulnerabilities to exploit.
Ultimately, they argue, the new laws will not necessarily make Australians any safer. They may face the same old risks and they will also face new ones. Let’s take a closer look at this legal change to appreciate how swiftly and abruptly digital privacy protections can be curtailed.
What Changed in the Law?
People worry about data privacy and app permissions that hand over excessive personal information to telecommunication carriers and other companies, but similar risks are expanding.
Previous Australian legislation contained greater privacy protections, even though they permit interception or access to communications and data by law-enforcement agencies in some scenarios.
The new bill gives authorities additional power to access communications. For example it provides assistance orders, which could require select individuals to perform government hacking or face imprisonment for up to ten years.
Here are three key new powers this bill grants the government and law-enforcement agencies:
- “Data disruption warrants” let authorities copy, delete or modify data as they see fit
- “Network activity warrants” allow the collection of intelligence from devices or networks that are used, or likely to be used, by the subject of a warrant
- “Account takeover warrants” let agencies take control of an online account (such as a Facebook or Twitter or another form of social media) to gather information for an investigation
While all the above scenarios do require a warrant, the bill allows for “emergency authorization” procedure permits to exploit this data without warrants.
Privacy advocates like the Human Rights Law Centre say the government has insufficient safeguards for free speech and press freedom. Other groups like Digital Rights Watch called it a “warrantless surveillance regime” and observed that the government ignored recommendations of a bipartisan committee to limit the new powers granted by the new bill.
How this Harms Ordinary Citizens
Ordinary citizens have several things to fear from the new bill. It’s possible for law-enforcement agents or the government to abuse these new powers and spy on innocent citizens.
There’s a long history of those seen as rivals being targeted because they hold views seen as hostile, like activists or journalists. How can people be sure that politicians won’t invoke their new powers improperly?
Citizens depend on a free and unhindered press and activists play a role in shining a light on often ignored issues. Australia’s new bill undermines those who are outspoken and puts them at risk.
Sidestepping Encryption Creates Exploitable Vulnerabilities
Australia’s Identify and Disrupt Bill lets governments and law-enforcement agencies gain access to encrypted data which could be copied, deleted, modified and analyzed even before its relevance is confirmed. Such a dynamic compromises user privacy in a major way.
Strong encryption is almost impossible to break. Hackers look for a weakness in systems to access unencrypted data. Some governments also use these vulnerabilities for hacking in the form of strengthened security and/or privacy measures.
When a hacker finds a security vulnerability and acts on it before software developers and vendors know become aware of the weakness it is called a Zero Day exploit. These breaches may not get patched for months or even years until they are discovered.
Once discovered, hackers can use the backdoor into the system to access confidential information. There is nothing stopping hackers with bad intentions from using the same path that the government used to obtain confidential information.
Ensure your mobile device security software provider takes your privacy and security to the highest level by delivering the platform through a private server — free of vulnerabilities from third parties — so it can’t be penetrated.
A network technology known as “lawful interception" permits electronic surveillance of communications as authorized by judicial or administrative orders, like Australia’s recently amended laws with the passing of the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021.
Service providers would be compelled to hand over copies of citizens’ communication data, decrypted data, or intercepted data without telling the users that it’s being shared. Critics worry about the overreaching these types of laws afford the police by allowing them to issue warrants “to take over a person's online account for the purposes of gathering evidence to further a criminal investigation.” Australia’s new law effectively removes privacy rights without necessarily making citizens any safer.
Legislated Digital Content Changes
Twitter doesn’t let its users edit posts after they’ve been published, but the Australian government will now have the authority to alter digital content that has already been published.
It's not hard to think of ways this new authority can be abused. Allowing the police to modify potential evidence in a criminal proceeding undermines the proceedings themselves, as detecting and preventing inappropriate data disruption will become a key issue. Laws change quickly, even in countries known to be stable and democratic.
Trusting your mobile service to an industry leader in encrypted communications is the best way to protect your privacy and security.