Thursday, 25 September 2014
National Security Legislation Amendment Bill (No. 1) 2014; In Committee
For those following at home, this debate has reached the stage where we are discussing the fact that the government appears to have allowed—and I will not call it a 'loophole' because that implies that it would have been accidental—the ability for a single ASIO warrant to encompass an unlimited number of devices, whether that be a single device, a handset, a room full of them, an entire university campus or an entire city. Obviously, the internet is a network of networks and it appears as though the government has deliberately allowed the drafting in this way, in such an open-ended way, as to allow ASIO to effectively intrude on an unlimited number of devices off the back of one single warrant. I am not clear at all about the reporting obligations as to whether the IGIS, or the Attorney for that matter, would be obliged to report how many devices were covered in a single warrant. My understanding, and I am sure Senator Brandis will freely correct me if I am wrong, I am sure, is that there is no such reporting obligation to the public or to the parliament.
What the Australian Greens amendment seeks to do is to set—and I acknowledge it is arbitrary—a cap. The arbitrary cap that we have proposed would be 20 devices. I think Senator Xenophon has stated quite clearly he thinks that is a bit low. I am very, very open to discussion on how many we think it should be. But I am very firmly of the view that it should not be possible to access an arbitrary number of devices up to and including every device connected to every other device. I think it is extraordinary that the government would even propose that that occur.
This is not something that Australian Greens are alone in having concerns over. If you go back to the parliamentary joint committee—this bill did not go to a Senate committee; it went to the Parliamentary Joint Committee on Intelligence and Security—it proposed, not all but some of, these measures in the first place. The submitters to that very brief inquiry put numerous concerns on the table as to these provisions. There are a number of them, but I will begin with the Law Council, who I do not think anybody in here would characterise as having radical views on these matters. Because the amendments ignore key recommendations in the PJICS report, the Law Council highlighted concerns with this schedule, which enables ASIO to obtain intelligence from a number of computers, including a network, under a single computer access warrant. On page 16 of their submission, the Law council says the following:
…the Law Council is concerned that there is currently no definition of a ‘computer network’. In this respect, the Law Council notes that its own staff use computers on occasion through a remote access network which can be accessed from their homes. Using this example, it is unclear whether the information on staff’s home computers would be covered as part of the warrant in respect of a ‘computer network’.
The Law Council has raised a fairly specific question that has not been addressed in the government amendments that have been circulated. Maybe at this point I would ask Senator Brandis to identify for us, in that instance that the Law Council puts to us, where a warrant has been issued which covers a computer network of people who are in a particular workplace, does the warrant therefore include home computers of that same person? Would the definition of 'computer network' include devices at home or on other premises entirely?