Australia prepares for new online privacy fight

The Australian government is proposing a new set of sweeping online surveillance powers as a part of a National Security Inquiry. If implemented, the new powers would see Australian ssuffer some of the most extreme online surveillance policies yet implemented in western democracies.

In a 60-page discussion paper, Attorney General Nicola Roxon suggests a range of new powers that Australian law enforcement agencies want to get their hands on. As the Electronic Frontier Foundation points out, these proposals are pretty much a wish list. But, if approved, The Sydney Herald says the new laws would be the “most significant expansion of the Australian intelligence community powers… since reforms following the terrorists attacks of 2001”.

Data retention

So what are the proposals? First and foremost Roxon wants to make it mandatory for Australian ISPs to retain customer data for two years. That means information, such as who you’ve emailed and web history logs, will be stored for two years after cancellation of your service. Data retention has been a hot topic for many countries in Europe due to the EU Data Retention Directive, which requires ISPs to store data from between 6 and 12 months. A number of EU countries, such as Germany, have still not implemented the law because of privacy fears.

Roxon also wants “urgent reform” to allow security agencies in Australia to intercept new communication platforms, such as social networks and VoIP providers like Skype. The Attorney General also wants to criminalise any Australian who fails to assist law enforcement with decrypting information. So if you don’t give-up your passwords you could be thrown in jail. As many commentators have pointed out, such laws concerning decryption rely on the police knowing whether or not information has been encrypted in the first place, which could prove problematic.

Guilty by association

Perhaps the most alarming proposal is that Australians are not required to be under suspicion of a crime to be spied on. The proposals say that law enforcement can tamper with any computer it wants, and spy on any citizen, in order to access a computer that may have been involved in illegal activity. So if you happened to have received an email from, or been Facebook friends with, someone under suspicion, then you’re fair game.

“These proposals are one of the biggest threats to the privacy of all Australians for many years,” said Nigel Waters, of the Australian Privacy Foundation and Privacy International. “Governments seem to have an insatiable appetite for more and more information about us all that is none of their business, and when history shows that they can’t make effective use of the intelligence they already collect.”

Worrying trend

Of course, as we said, these are just proposals that government is currently considering. But they fit very nicely with the current trend of internet surveillance bills being proposed an implemented in western democracies. Roxon’s suggestions mirror what’s happening in the UK with the Communications Data Bill, which drastically increases law enforcements ability to spy on citizens. Canada too has to contend with the C-30 surveillance bill, which although diluted from its original state, has been passed into law. The US is also trying to force through the Communications Assistance for Law Enforcement Act that makes it mandatory for social networks and VoIP services to make their platforms more friendly to wire-tapping.

So, it looks like Australian privacy advocates and concerned citizens have a fight on their hands. The country’s Green political party has already condemned the proposals and, in a compelling demonstration of why data retention is a bad idea, hacktavist group Anonymous stole 40GB of customer data from Australian ISP AAPT. If you want to get involved in fighting these proposals a good place to start is the Protect Us But Respect Us campaign on GetUp.

Comments icon
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to
Tags: Privacy

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.

You can't always get what you want: the eternal conflict between lawful access and privacy

Posted on April 19, 2018 by mirimir

In late March, the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act) took effect. And predictably, the US Supreme Court just dismissed United States v. Microsoft Corp. In that case, Microsoft was fighting a subpoena for data stored in an Irish data center.

Protect yourself today and get peace of mind

Shut out hackers, identity thieves and the global government surveillance apparatus — every time you go online.