One of the subtler but more important moments in the recent history of national security laws is being played out within the inquiry into the first set of national security law reforms, currently being considered by the Joint Committee on Intelligence and Security. It’s to do with the logic behind the constant extension of national security powers in favour of agencies like the Australian Security Intelligence Organisation and the Federal Police at the expense of individual rights.

Since the Howard government used the War on Terror to dramatically expand both anti-terrorism laws and the funding of security agencies, the powers of security agencies have constantly increased, with near-annual amendments to legislation like the ASIO Act or the Telecommunications (Interception and Access) Act to grant them further powers.

That tradition continued under Labor, but then-attorney-general Nicola Roxon also deviated from the template by asking for a public inquiry by JCIS into an array of new powers or reforms to existing ones, albeit in often vague form rather than as draft legislation. Coalition Attorney-General George Brandis, who served on JCIS in opposition, has commendably followed Roxon’s example in seeking a JCIS examination of draft legislation implementing some of the Roxon proposals.

As part of the current hearings into the first of Brandis’ bills, committee deputy chair Anthony Byrne has floated a couple of ideas that would have the potential to address significant concerns about the remorseless march of security agency powers. One that we discussed last week relates to the idea of external oversight and approval of special intelligence operations, which creates an extendable mechanism for more oversight of agency powers. In essence, it proposes that if agencies want more powers, they need to submit to significantly greater oversight than they currently have, even if the oversight mechanism isn’t via public or parliamentary accountability.

“Codification addresses the concerns of some online rights activists — who maintain that both telcos/ISPs and agencies are already engaged in mass surveillance or data gathering on individuals — by making such activities illegal.”

The other idea has potential to short-circuit the process of endless extension of agency powers. As part of the current bill, the government has proposed that ASIO be allowed to use third-party computers to access those of target computers under a warrant, and to be able to “add, copy, delete or alter data” on those computers in doing so. There’s no limitation on how “third-party” computers can be used in this way — it could involve interfering with an entire company’s network, for example, or that of a university.

In discussion with Professor George Williams at the JCIS hearing on August 18, Byrne suggested that the proposal be restricted so “that there has to be an established link between any computer that could be linked to the target person or entity that might cause concern to the agencies? …That would then start limiting the number of computers that could potentially be accessed in a network.”

The idea sounds innocuous enough, but like the external oversight idea regarding SIOs, it contains a germ that could spread to other forthcoming proposals and significantly alter the way our anti-terrorism laws operate. Byrne’s proposal would in effect ban conduct beyond the strict remit of the legislation — networks or individual third-party computers without a link to a target computer would be explicitly off-limits to intelligence agencies. A data retention scheme drafted along similar lines would restrict telcos and ISPs from retaining any personal data beyond that specified under the scheme, and restrict agencies from obtaining it without a warrant. To the extent that telcos or ISPs currently collect personal data on their customers, and to the extent that intelligence agencies currently access such data without a warrant, that behaviour would become illegal.

This would thus codify, as much as extend, agency powers. Codification addresses the concerns of some online rights activists — who maintain that both telcos/ISPs and agencies are already engaged in mass surveillance or data gathering on individuals — by making such activities illegal. It also turns the constant extension of agency powers from an open-ended process into a cul-de-sac, because codification would prohibit anything beyond the specific behaviour authorised by legislation.

Security agencies and their apologists argue that agencies don’t go beyond what is currently permitted under law, and there is certainly evidence that Australia’s security agencies are significantly more focused on remaining within the strict letter of the law than their counterparts in the US and the UK. But the people leading agencies change, and workplace cultures change. Codification of agency powers guards against the potential for future abuse — and takes agencies at their word that they currently stay strictly within the confines of the law. If that’s true, they’ll have no concerns about the kinds of changes Byrne proposed.