Thursday, 26 March 2015
Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015; Third Reading
That this bill be now read a third time.
I want to thank the Senate for the debate that we have had through a long committee stage. Nobody could say that this has been a rushed process, it being the culmination of something that began in May 2013, when former Attorney-General Roxon referred this issue to the Parliamentary Joint Committee on Intelligence and Security. I think it is very important, particularly where national security legislation is involved, that the issues be fully ventilated, and I do not think it could be said that they have not been. I want to thank the three principal crossbench participants in this debate, Senator Leyonhjelm, Senator Xenophon and Senator Ludlam, for their contributions. Obviously the government has not agreed with those contributions, but nevertheless observations that have come from the crossbench in the course of this debate will inform the government's thinking about this legislation when it comes to be reviewed, and I think we have had, for what has been a difficult issue, a very civil and intelligent debate, if I may say so.
I want to thank a couple of people. I want to thank Anna Harmer, from the Attorney-General's Department, and Simon Lee and their team for their hard work. I want to thank the hardworking officers of ASIO, whom it would be a crime for me to name, for their contribution, but I can name the former Director-General of Security, David Irvine, who, more than anyone else, was the parent of these reforms, and the current director-general, Duncan Lewis.
I want to thank my colleagues, particularly my colleague Malcolm Turnbull, who introduced this legislation and handled it in the lower house; Mr Anthony Byrne, the former Chair of the Parliamentary Joint Committee on Intelligence and Security, who conducted the committee through the hearings during the last parliament with notable skill and nonpartisanship; and Mr Dan Tehan, the member for Wannon, who displayed a similar spirit during the inquiry into the bill in this parliament. May I thank the opposition, in particular the shadow Attorney-General, Mr Dreyfus, for its support of this important measure. Lastly, may I thank my staff, in particular Justin Bassi, my adviser, and Emma Swinbourne, from my office, for the very hard work that they have put into this legislation.
This legislation does contain protections that were not there before. It does preserve a capability for the police and national security and commercial regulatory agencies which was on the verge of being lost. It does contain safeguards that were not there before. It is, in the government's view—shared, I am pleased to say, by the opposition—a measured and proportionate response. Its operation will be conducted over a long implementation period, as the bill provides. It will be the subject of the statutory review, and certain aspects of it will be the subject of sooner review.
In dealing with national security issues, we do have to bring the public with us. We do have to get the balance right between protection and liberty. The bipartisan spirit with which this bill has been dealt with in this parliament and the constructiveness of the engagement of those who did not feel able to support the bill but nevertheless engaged in the debate in the manner in which they have done I think are a credit to all who have participated in the debate and a credit to this parliament.
I will be brief because this debate has been running for some time. We are here tonight because the Abbott government has chosen to ignore the very clear warnings sent by tens of thousands of people and pressed ahead with a bill that entrenches a form of passive surveillance over 23 million Australians.
Senator Jacinta Collins interjecting—
I will get to that—believe me, I will. It has been a long time coming. Mandatory data retention first came to light—at least to my knowledge—in 2010, when it became evident that the Attorney-General's Department had forced telecommunications companies into secret meetings to establish how a two-year mandatory data retention scheme could work. That was when the ALP's Robert McClelland was Attorney-General. With the support of the then chair of the environment and communications committee, Senator Mary Jo Fisher—who I think many people in here still remember quite fondly—we conducted an inquiry into what the Attorney-General's Department was up to, which generated a significant degree of opposition. And then the proposal went underground for a time.
In 2012, with the ALP's Ms Nicola Roxon as Attorney-General, mandatory data retention was referred as a single throwaway paragraph to the Parliamentary Joint Committee on Intelligence and Security. Under a hail of condemnation, that committee was unable to come to a consensus recommendation on mandatory data retention. The proposal dropped under the radar again until it was put firmly back there last August by Senator George Brandis. I have sketched this recent history because this bill contains the DNA of both of the major parties. I am getting a little tired of people reinventing history, as began to happen after the unwelcome passage of the ASIO reforms last year. In her opening contribution, the Labor Party's Senator Collins put it better than I could. She said:
The Australian people must be satisfied that in seeking to defend ourselves from crime and terrorism we do not trample upon the very rights and freedoms that characterise Australia as a free and open democracy. The Abbott government has failed this test.
I strongly agree with this statement by Senator Collins. The Abbott government has failed this test, and the majority of the Australian people are not satisfied with this government's lunge for power.
The only people who did end up satisfied were in the Australian Labor Party. The ALP has caved in to Tony Abbott's self-interested fear campaign and supported the bill. Together, with some of the more critically minded crossbench senators, we had the numbers to defeat this bill, but you failed to turn up. You will be judged for that, and we will ensure that people never forget who made this possible. In 2016, you will answer for it. Surveillance in a democracy should be targeted, proportionate and levelled at serious criminals, organised crime and national security threats. This bill entrenches the opposite. The government will not disclose the costs of the scheme, is silent on the risks of unauthorised disclosure and has at no stage been able to point to evidence that collecting the private records of 23 million nonsuspects will keep people safe or reduce the crime rate.
We will be encouraging people to follow the advice of Mr Malcolm Turnbull, who introduced the bill and, in recent days, has been outlining techniques for avoiding the surveillance scheme that he has just forced on the rest of us. Mr Turnbull told Sky's David Speers yesterday:
…of course you now have the ability by using over-the-top applications. It might just be something straightforward like Whatsapp. It might be a more encrypted over-the-top application to avoid leaving a trail.
He goes on to say:
If you have a device, you know, a phone or a smartphone, and if I call you through the mobile phone network there will be a record. Say my phone’s with Telstra, there’ll be a record with Telstra that I’ve called your number. If on the other hand—
our helpful communications minister informs us—
I communicate with you via Skype for a voice call or Viber, send you a message on WhatsApp or Wickr or Threema or Signal or Telegrammer—there’s a gazillion of them—or, indeed, if you make a FaceTime call, then all that the telco can see, insofar as it can see anything, is that my device has had a connection with the Skype server or the WhatsApp server; it doesn’t see anything happening with you.
Amazing! Tips on how to avoid mandatory data retention by the guy who introduced the bill.
There is a lot of bad information, however, circulating about the use of cryptography and anonymisation tools in protecting privacy and identity online. In particular, there is real confusion about whether merely circumventing the government's expensive new data retention regime guarantees any kind of absolute privacy or anonymity. I admit that I am guilty of some pretty loose language on this issue myself. So I want to be completely clear: if you do not want your email records captured by data retention, all you need to do is use a platform that that is hosted overseas like Gmail or Facebook. If you do not want metadata from your chat sessions hanging around forever, use one of the services that Mr Turnbull recommends. If configured properly, these services erase their tracks as fast as they are created. So as far as email records are concerned, defeating this $400 million data retention scheme really is that simple.
But there are two hugely important caveats. Firstly, it is well documented that signals intelligence agencies like the NSA and its Five Eyes partners, of which Australia is one, are engaged in massive full-take surveillance of nearly all data traffic globally and that these entities are alleged to have unprecedented visibility of the networks of these very same international providers—some of them mentioned by Mr Turnbull. The second caveat is that using Facebook chat or Twitter direct messages in no way actually guarantees anonymity of privacy. There are whole bodies of practice and technique out there on how to do this well. But the fact is: doing crypto well is actually pretty hard.
We have recently taken the lead of data journalist and transparency activist Asher Wolf, who founded the global CryptoParty movement, and we have held a few events of our own to up-skill on basic crypto skills. The fact is: if you are a whistleblower who fears what will happen if your identity is disclosed, assume that there is no politician in this building—and I include myself—with the technical skills to help you properly protect your identity. You will need to look after yourself. I came across an article yesterday by a certain Dan Nolan who debunked some of the confusion surrounding the distinction between defeating data retention, which in some regards is fairly easy, and defeating some of the more elaborate systems deployed against journalists, whistleblowers, activists and campaigners. The article is titled 'Leaking Securely', and it reads in part:
How To Leak
1. This might seem obvious, but think about it, don’t leak information only you have access to. If you’re the only one that has the information then it’s pretty bloody easy to figure out who leaked the info. Find or create a situation in which you can have plausible deniability that someone else accessed the data
2. Don’t leak data from your home computer, from your personal devices or anywhere at home or at work. You will get caught, and if there are legal ramifications of the leak they will rain down on you like fire.
3. Don’t leak data from personal accounts or accounts linked to family or friends or that can in any way be traced back to you. Create a hushmail or a gmail account, don’t put in your phone number and create this account on a computer you do not normally use, say an internet cafe.
4. Don’t provide any personal information in the stuff you leak. Redact as you need to.
5. Don’t store copies of leaked information on personal devices or home devices.
6. If you use a USB device or something similar to access or copy data, be aware of corporate policies or monitoring. If you’re copying from your office computer, logged in under your account to a device, corporate IT systems can easily track you down and figure out who copied what and when.
7. Destroy any items or devices you use to transit the information to be leaked to a third party area. Dispose of them, again, somewhere you wouldn’t normally dispose of items so someone going through your rubbish can’t find them.
8. Only leak to places that have SecureDrop, like the Guardian.
He carries on, but I am not sure that I want to read the rest of it into Hansard. The point being, I guess, the old saying 'three may keep a secret as long as two are dead' applies very much to whistleblowing. Now some, like Mr Edward Snowden, whom the Attorney-General has said on any number of occasions he believes to be a traitor—who I believe to be one of the most important whistleblowers in modern history—or publishers like Julian Assange, who has just spent more than 1,000 days in the Ecuadorian Embassy in London, actually do go public and do lend their name to these acts of quite radical transparency. But, for others, if your welfare or your job depends on anonymity or privacy, do your research and make sure you are using these tools properly. And, by the way, we are looking to auspice such a session for the Canberra Press Gallery, because, with the installation of this regime, things just got even more serious.
Before we commit this thing to a vote, I want to thank all of those who built a spirited community campaign against this measure—publishers, journalists, the Law Council of Australia, the technology sector, digital rights organisations like EFA and advocates from right across the political spectrum joined tens of thousands of concerned Australians to voice their anger—and the major parties shut them out. Some of these people do this advocacy for a living and I thank them for their expertise and their determination. But above all, I want to thank and acknowledge those who bothered to come to events, made calls, wrote emails, signed petitions and organised to try to bring about a different outcome tonight. I would also like to thank my staff, particularly Felicity Ruby who, with me, fought round 1 and round 2 data retention, and Renai LeMay for throwing his heart and soul into round 3. I also acknowledge the significant dissent within the Liberal-National-Labor parties, but the inflexible party discipline that prevails in Australia means that not a single member crossed the floor either to oppose the bill or to support the dozens of amendments proposed by the crossbench. I thank those members of the crossbench in the House and in the Senate, who, together with the Australian Greens, performed the job of opposition that the Labor Party abandoned. We will remember this come 2016, and we will not let others forget.
Our work now turns to documenting this regime and working for its repeal. But to all those listing to this debate, and I know that there are many of you out there, I apologise to you. To all of those who will face the consequences of what is done tonight, I am deeply sorry that we were not able to prevent this from passing into law.
I had not intended to make a third reading contribution, but I think there were a few points raised by Senator Ludlam that do need some response.
Firstly, I thank him for his concession that he has used loose language and his reference to 'bad' information. I personally have found, through the many people I have communicated with about the facts and the details of this matter, many have come back to me and said, 'Thank you very much for a detailed and considered response. We now understand the circumstances,' rather than some of the 'bad' information—to use Senator Ludlam's words—that has been circulating in this debate.
Let me make a few critical points here, points that Senator Ludlam has indeed glossed over. Mandatory data retention is not mass surveillance. Let me repeat that:—
Let me repeat that: mandatory data retention is not mass surveillance. And indeed I will pick up on Senator Brandis's interjection there and refer to his earlier comments. That is what Professor Jillian Triggs said in her contribution to this debate.
Information that is recorded is not necessarily accessed. We have built a strong system with checks and balances to ensure we have that balance right. I also will not be verballed. Senator Brandis likes to do that to me, but now it seems Senator Ludlam does as well. I do not appreciate being verballed by Senator Ludlam. I will make it very clear: the Labor Party has not caved in in this matter.
Honourable senators interjecting—
But, Senator Ludlam, I want to be very clear on the record because you were referring to my contribution when you moved very swiftly to that next point. So let us make it very clear: the Labor Party has not caved in on this matter. And, yes, indeed, we do accept that we will be judged as will you and as will all of us in the political arena. We accept that, and we take responsibility for that. We are the alternative government, and we need to be responsible about issues related to national security. We do not accept the bad information and the suggestions that 'there have only been three cases that might relate to national security'. It does you no service to continue to peddle some of that bad information.
What also does you no service is to move amendments such as you did today in relation to the ACCC and to ASIC. It is quite contrary, as Senator Brandis pointed out in the debate, to the usual positions the Greens would take about such crime. I was astounded. I understood why Senator Leyonhjelm did that from his perspective, but for that to come from the Greens was quite astounding.
Let me go back to that point about how Labor purportedly caved in. I know that Senator Ludlam would like to participate in the Parliamentary Joint Committee on Intelligence and Security. I am not sure about the job application he just did in his third reading speech—I suspect Senator Xenophon's might have been closer to the mark. As Senator Brandis and others indicated, copious work went into this process. In terms of caving in, I would have to say the 74 amendments that were accepted by the government in the debate in the House of Representatives represent the critical concessions that have been made in this debate to build a system that does have integrity and does have balance. I am confident that we have reached that balance. That balance involves not only the protection of privacy but also the protection of our national security.
It would be ungracious of me not to acknowledge the fulsome nature of this debate, the generally civil nature of this debate. We even managed to throw in cultural references to the Mikado, Britney Spears, Taylor Swift, the Dead Kennedys and the Sex Pistols. We weaved it all in there. It was a debate that was not gagged and not truncated, and I think that that says something about the institution of this place and the manner in which we conduct debate on some very important issues. I also want to acknowledge the role of the opposition, in particular Senator Collins, in respect of this, and I want to thank my colleagues Senator Leyonhjelm and Senator Ludlam. In terms of our respective political beliefs, we are a pretty disparate and motley bunch, but we were bound together by a genuine concern about what impact this will have on our democracy and on free speech.
I just want to make this observation: we live in difficult and dangerous times. There is a need to combat terrorism. Of course there is a need to do all we can to combat paedophilia and to stamp that out to bring those predators to justice. But my concern is that, with our intelligence agencies having more and more power—as this bill does give another increase in the power of our intelligence agencies—we do not have the same level of scrutiny as some of our closest allies such as the United States. We do not have the level of parliamentary oversight that the German parliament has, in respect of our intelligence services. I think it is important that we do so, and that is something that we cannot ignore.
I also do not understand, and I hope that Roger Gyles, in his assessment as Independent National Security Legislation Monitor, will consider the issue of allowing the public interest advocate to consult with journalists and media organisations before their metadata is accessed, as is the general practice in the United States, following rulings by Eric Holder, their Attorney General. So, finally, my great fear, which is based on an emotion, but is based on the very text of this bill, is that this legislation will, like a python, further put the squeeze on investigative journalism and whistleblowers in this country. This, in turn, will have a suffocating effect on press freedom, and that is bad for our democracy.
I am not in the habit of making third reading speeches. I agree with other speakers, including the Attorney-General, that this was not a rushed exercise, unlike the previous National Security Legislation Amendment Bill, and I am very pleased that was not the case. However, I do wish to draw attention to one amendment of mine that I know was taken seriously on all sides of the chamber and, in some form, was also considered in detail by the Parliamentary Joint Committee on Intelligence and Security. During the Senate Committee of the Whole consideration, Senator Brandis reassured everyone in this place that mandatory data retention would not be used to pursue trivial crimes. He pointed out that proposed section 180F will require authorised officers to:
… be satisfied on reasonable grounds that any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable and proportionate.
Amendments to proposed section 180F(a) also required authorised officers to consider both the seriousness of the offence and the seriousness of the penalty involved before making any authorisation. In the view of both government and opposition, these safeguards are clearly considered adequate, and I thank the Attorney-General for setting out why he thinks they comport with the recent European Court of Justice ruling overturning the European Union data retention directive. For the reasons he gave, my amendment to ensure retained data was only used for the enforcement of serious contraventions was rejected. I mean not disrespect to the Attorney-General when I say that I do not believe him. I am not comforted by his reassurances, because I already have abundant evidence for the invasive use of retained data to pursue trivialities. In the existing law, section 180F already requires authorised officers to:
… have regard to whether any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable …
In other words, despite the presence of a decently drafted, clear requirement not to invade people's privacy without justification, hundreds of thousands of authorisations have been made, often in connection with requests that are absurd. In the year to June 2013, for example, there were almost 320,000 authorisations to access telephone records. Yes, it is good that the number of agencies that can stick their fingers into this particular data honey pot has been reduced. However, the list can be added to with remarkably little parliamentary oversight, and ASIC and ACCC have also been included.
The Attorney-General seems content to accept undertakings from security and law enforcement agencies that retained data will not be misused. Indeed, it would appear that the police and security agencies are never self-interested. Lawyers, by contrast, as we heard at length yesterday, should be ignored because they are self-interested. I suspect the truth probably lies somewhere in the middle. Everyone is capable of acting in pure self-interest at least some of the time. Unfortunately, this bill gives the truth tick only to the police and brushes the Law Society's concerns to one side. As a classical liberal, I know which body of people is most likely to abuse our rights and undermine our freedom. Lawyers may have money, but police have guns. Individual policemen may be fine human beings, but there is no escaping the institutional reality that they are part of the executive and the executive ought to be restrained. I do not look forward to saying, 'I told you so,' when this law is used—just as the Regulation of Investigatory Powers Act in the United Kingdom was used—to pursue illegal dumping, dog fouling, unpaid rates, minor welfare fraud and petrol stations comparing fuel prices.
Mark my words, however, that is what will happen. It may take a while. It took some time for police forces and local authorities across England and Wales to realise just what they could do with the data at their disposal. But once they got started, misuse became pervasive. I condemn this bill.