Let’s engage in some hypotheticals about what might arise from implementation of the proposals for greater surveillance and intelligence-gathering powers currently being considered by the Joint Committee on Intelligence and Security. Let’s speculate about what might happen if the proposals were adopted.

When the National Security (Intelligence and Interception) Amendment Act 2013 passes, Attorney-General Nicola Roxon declares the act “strikes the right balance between the legitimate needs of our law enforcement and intelligence community, and the privacy concerns of Australian citizens.” “Rights are important,” Roxon says, “but security is a prerequisite for those very important rights.”

Shadow Attorney-General George Brandis, who inherits the portfolio just four months later, agrees, after three minor amendments he had developed in the Senate committee inquiry process are accepted by the government.

“Our liberal democratic values will never be served by compromising those values in the face of the terrorism that threatens them,” Brandis argues. “But this act strikes a sensible balance between those values and the needs of the intelligence community in a rapidly changing technological environment.”

Only the Greens vote against the act. “Once again the Greens are giving succour to terrorists,” says one Labor senator during the debate.

In the following five years, however, several flaws in the act become apparent, leading to concerns that “balance” is wholly absent from the new surveillance and intelligence-gathering framework.

  • After a leak to The Australian of Department of Health and Ageing briefing papers contradicts government assurances that it had not been warned of problems with a new vaccine, an AFP investigation leads to the prosecution, conviction and jailing for three years of a 43-year-old Canberra bureaucrat. The AFP had used the journalist’s telecommunications call and location data, retained under data retention laws for 18 months (one of Brandis’ “compromises”) to identify the leaker and where and when he provided documents to the journalist.
  • A 19-year-old Melbourne man is convicted and fined for the new offence of “refusing to assist in decryption” following an incident at a Melbourne protest. After his girlfriend is dragged from the protest by two men, he follows them and uses his phone to film their highly aggressive interrogation of her. On discovering he is recording them, the men approach him and demand his phone. “It’s illegal to reveal the identity of an ASIO agent,” one of the men says. “You can’t film me.” The man refuses and his phone is seized and handed to police. When the man’s lawyer eventually secures the return of the phone, it has been hacked and its contents erased. “We obtained a warrant and we’re permitted to delete data,” his lawyer is told. “Your client will be charged with refusing to assist in decryption.”
  • An Australian ISP loses over 30 gigabytes of data stored under data retention laws in a hacking attack that appears to have originated in China. There is speculation the attack was done using a “back door” in Chinese-manufactured equipment, but more likely poor IT security was to blame. The ISP advises its customers to be vigilant of scams and malware and to tighten their security measures.
  • A mysterious bombing of a Sydney store selling furs causes $6 million worth of damage, but is revealed two years later to be the work of an ASIO agent seeking to establish his bona fides with a group of “animal rights extremists”. The officer was never charged, having obtained an authorisation for the bombing from ASIO’s Director-General.
  • There is outrage when US company Twitter reveals that Australian authorities have demanded access to the accounts of all 8000+ followers of an Australian online activist via a surveillance warrant. The followers include a number of journalists and several politicians, all of whose Twitter accounts, including DMs, would have been been subject to the warrant. Online activists suspect a similar warrant issued to Facebook is being implemented by the social media giant without telling account holders. The Attorney-General criticises Twitter for revealing the warrant and “endangering ongoing operations”.
  • Electronic Frontiers Australia announces it has obtained and analysed malware developed by a private firm for federal government agencies, designed to be planted on computers of individuals and third-party computers targeted in surveillance warrants. The malware allows keystroke logging, remote control of computer cameras and microphones and back-door functionality. However, due to poor design and encryption from the software company (which according to the Austender.gov.au site was paid $100,000), the malware can be exploited by any unauthorised third party, not just the federal agencies using the program, and may even allow third parties access to agencies’ IT infrastructure. The malware also routes information through a server located in the US, to avoid identification of the source of external commands, thereby exposing the data to US Patriot Act control. Several men prosecuted for terrorism claim either government agencies or third parties have used the software to plant incriminating data on their computers.
  • A female activist working in an anti-coal group learns via a series of media articles that the father of her two-year-old daughter was probably an ASIO agent working undercover. The man, a colleague in the group, disappeared shortly after her daughter’s birth; efforts to locate him and obtain child support payments are stonewalled by federal authorities on the basis that it is illegal to reveal the identity of an ASIO officer. “I am not persuaded that it would be appropriate to issue specific guidance about s-xual relationships,” says the Director-General of ASIO in response to media queries. “To ban such actions would provide a ready-made test for the targeted criminal group to find out whether an undercover officer was deployed among them.”
All of these incidents are of course hypothetical. Could never happen? Each of the above events is taken from incidents that have already occurred overseas.
Submissions to the JCIS inquiry close on August 20, after the committee extended its deadline by two weeks in response to numerous stakeholder requests.