The Australian computer government introduced a number of changes to Australia’s security laws during its last sitting. This now being consider by Parliament. The National Security Legislation Amendment Bill 2014 Cth is controversial because it contains stronger anti-whistle blower. Clauses and a special Intelligence Operations regime which would give ASIO officers immunity from criminal and civil liability.
Proposals to increase ASIO’s power to collect intelligence on computers and networks have received less attention. These measures, like the government’s proposal to retain metadata. Suggest that intelligence agencies will have a greater ability to invade Australians privacy.
Open The Door To Computer Access
The current section 25A of Australia Security Intelligence Organisation Act 1978 Cth. ASIO Act, allows the attorney general to issue a warrant for computer access. Upon request by the director-general security the head of ASIO. If the attorney-general has reasonable grounds to believe. That access to a particular computer’s data would significantly assist in the collection of security intelligence, the warrant could be issue.
ASIO officers can then engage in activities to get that data. This includes entering private areas and hiding their actions. The Act defines computer as a computer or computer system, or part thereof. ASIO can only have access to one computer with a computer access warrant.
Definition Of Computer
The government proposes to change the definition of computer in statute so that one access. Warrant can be use to access multiple computers or networks. Computer would be define by the ASIO Act as:
- One or more computers
- More computer systems
- One or more computer networks
- Any combination of the above.
This means that whenever the word computer is use in the ASIO Act. It should understood to refer to any number or combination of computers (plural). The legislation doesn’t attempt to define computer networks. A singular noun could refer to an unlimited number of electronic or telecommunications systems. Which is a remarkable feat of legislative drafting.
The warrant must identify a specific computer, a computer that is located at particular. Premises or a computer likely to used or associate with a particular person. These should read in plural. ASIO could specify, for instance, multiple computer. Networks at a university or other networks to which a person can have access.
Access to data via computers owned by third parties (such as family members. Friends, and co-workers would allow under the Bill. It would be permit if it is reasonable in all circumstances to do so. If warrant is execute, ASIO officers will be authorize to cause interference. With computer or network systems if this is necessary. However, it must not cause any loss or damage.
Everybody’s Privacy Is At Risk
While the government’s metadata proposals are more prominent, these other changes will significantly increase ASIO’s power to invade privacy of Australian citizens.
Access to multiple computer networks can, at its broadest, imply access to all computers that are connect to the internet. Because the internet a network made up of computers networks, there is no reason to believe that it would not cover by the legislation. As require by legislation, the internet likely to be use by the person of security interests.
Although this is unlikely to be the intended meaning, it does show how much thought the government has given to limiting warrant provisions.
ASIO could access any computer at a university or workplace where a person of interest is studying. This scenario would be more realistic. Even if the government adheres to this narrower interpretation, it will still expose many innocent people to potential severe invasions of privacy.
To limit the potential impact of these provisions, it would helpful to define computer network to include only computers that are locate at a specific premises or that are associate with a particular individual. Although this language is already in the Bill it does not limit the power to that degree.
Another way to make sure ASIO has access to only the computer or network that is necessary for collecting relevant intelligence would be to state this. Another way to make sure ASIO has access to multiple computers is to state that it can only do so after exhausting all other means of obtaining intelligence.
All of these options are viable to limit the impact of warrant provisions. These would still give ASIO access to data stored on multiple computers. However, the government has not made any effort to include these limiting factors into the legislation.
It Important To Clearly State
These provisions do not have any limits. This is not due to the government trying to expand ASIO’s power. It is a difficult task for the government to create legal language that accurately describes and accounts in new and emerging technologies.
This is how the government approached the challenge: they didn’t provide clear definitions for key terms in Bill. This is one view. This gives intelligence agencies enough power to collect intelligence, without being constrained by statutory definitions which are likely to be overridden by new advances in computer technology.
However, the government grants vague powers to intelligence agencies while the privacy of all Australian citizens are at risk. It is important that the law be clearly stated in advance. Overreaching and vagaries are not good ways to address difficulties in legislative drafting.
As Parliament examines the amendments it should ensure that the powers of computer access warrant are clearly defined. Privacy invasions should be kept to a minimum. The country learned something from the period of lawmaking following September 11, 2001: laws that were rushed to make sense in the face of security threats are often poorly written and too broad.
The amendments should be discussed in Parliament, but not overshadowed or dominated by the next round of national security reforms. Both the security threat posed in return foreign fighters and privacy threats posed from data retention are important issues. However, ASIO’s current access powers pose a serious threat to privacy at universities and workplaces.