Australia’s proposed encryption legislation disastrous for right to privacy and global communications security

September 28, 2018

 

Leading human rights law experts have warned the Minister for Home Affairs that the Government’s Bill to provide law enforcement and security agencies with new powers to access every Australian’s communications data has significant privacy implications.

The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (The Bill) seeks to respond to the challenges posed by encryption. If passed, it appears to allow covert installation by government of programmes that are effectively malware into Australians’ computers and phones and would penalise people who refuse to give the government their passwords. It also allows the government to require the creation of vulnerabilities which are effectively backdoors into secure applications – potentially opening those applications up to abuse by criminals and rendering technology for Australians less secure than technology for the rest of the world.

Australian Lawyers for Human Rights (ALHR) says the Australian government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, mandate implementation of vulnerabilities or backdoors into products, or have access to the keys to private data.

ALHR President Kerry Weste says, “The measures are a disproportionate response to the security concerns which are its rationale, involving unjustified encroachments upon Australians’ individual privacy and potentially disastrous world-wide consequences for communications security.”

“The Bill goes against world best practice in digital privacy. It is impractical and could have serious cybersecurity and economic effects.  It gives government inappropriate powers without adequate checks and balances, and creates system weaknesses that may ultimately breach Australia’s own national security. All of our banking and most commercial internet transactions rely upon encryption for security.  It is almost inconceivable that our government should seek to introduce vulnerabilities into encrypted systems that could have disastrous effects world- wide.”

“The Bill also interferes in a particularly serious manner with the fundamental rights to respect for a private life and to the protection of personal data.”

“Australians should be able to have privacy, security and integrity for our communications and our communications systems. No legislation, executive order, or private agreement between systems providers and the government should undermine digital privacy rights in a manner that is not appropriate or proportionate to the harm sought to be addressed and without adequate transparency and oversight.”

“ALHR is concerned that the Bill does not represent an appropriate and proportionate response to the harms identified by the government. We fear it is not consistent with the aims of the Telecommunications Act and the Telecommunications (Interception and Access) Act 1979 (TIA Act) which are to protect the privacy of telecommunications, and to provide a framework for law enforcement and security bodies to apply for warrants to intercept communications when investigating serious crimes or national security threats.”

“Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Covenant on Civil and Political Rights (ICCPR) and in many other international and regional treaties to which Australia is a contracting party.”

“There is no getting away from the reality that the right to privacy has become one of the most important human rights issues of our generation. Privacy is integral to multiple other human rights such as freedom of association and freedom of speech. However, this Bill breaches Australians’ privacy rights and rights to freedom of expression and communication, contrary to the Government’s obligations under the ICCPR. Arguably the Bill also limits the presumption of innocence by allowing covert access to personal communications and criminalising the refusal to share one’s passwords,” says Weste.

“Unfortunately privacy is not a human right sufficiently protected in Australian law. Nearly every country in the world recognises a right of privacy explicitly in their Constitution. But not Australia. While Australia has the Commonwealth Privacy Act 1988 which contain the Australian Privacy Principles, that legislation does not cover all the aspects of privacy mentioned above, and falls far short of providing the protection for Australians’ rights needed in relation to the proposed Bill.”

“Further, Australia finds itself the only Western democracy bereft of any kind of Federal Charter of Human Rights.”

Ms Weste says, “ALHR is particularly concerned that the Bill will seriously and unreasonably impinge upon the rights of law-abiding Australians because of the indiscriminate invasion of privacy which could be involved.”

“ALHR opposes the provisions of the Bill which are inconsistent with the principles that form the bedrock of Australia’s criminal justice system as well as international human rights standards.”