While the end of the year the tech sector became the flavour of the month for the new government under Malcolm Turnbull, 2015 was truly the year the Australian government waged war on the internet.
The Turnbull government might be an innovative, agile, 21st-century government, but for all the talk of digital services and a start-up culture, it remains a government heavily in conflict with the internet. In the course of 2015, the Abbott-Turnbull government was responsible for a number of measures that will impact on the way Australians can access and use the internet.
Government agencies from the Australian Federal Police down to local councils and the RSPCA had been accessing our metadata without a warrant for years under the Telecommunications Interception and Access Act. The act relied on the telcos keeping the data agencies wanted, but they weren’t legally obliged to keep that data, until this year.
It had been a long time coming. The Australian Federal Police and other agencies had been wanting telcos to have to keep data since at least 2008, but in 2015, under Attorney-General George Brandis, they finally got their wish. Thanks to support from Labor, the government passed legislation this year that now forces Australian telecommunications companies to retain logs of calls, SMS history, location information, email history and other data for two years.
This came despite the lack of evidence that mandatory data retention for such a long period of time helps fight crime, and despite courts overturning similar schemes overseas.
Telecommunications companies, which have been slugged with the additional cost of having to build systems to get their data in a format the government wants and keep it for two years, were given a measly $131 million for the capital cost of building the systems (nothing for the operational cost), and Crikey revealed earlier this year that the Attorney-General’s Department had opted to keep $3 million of that for itself.
The only approval to get access to metadata is internal agency approval, except in cases where an agency wants to investigate a leak to a journalist and wants to access a journalist’s metadata. In that case, the agency will need a special warrant. The journalist will never know about this, of course, as a public interest advocate appointed by the prime minister will argue on the journo’s behalf in secret against granting the warrant.
Confusion still reigns among telcos as to how they’re going to go about storing whatever data they are required to keep, and most have indicated they will not be fully compliant with the scheme until April 2017.
As has often been pointed out, those wanting to avoid the scheme can easily bypass it using virtual private networks (VPNs).
The Joint Parliamentary Committee on Human Rights has suggested the scheme could be in conflict with protected rights around privacy.
In June, legislation was rushed through Parliament to allow companies like Foxtel and Village Roadshow to go to the court and get an order to force internet service providers to block piracy websites like The Pirate Bay. Parliament had just three months to consider the legislation, and a Senate committee for the legislation held just one hearing during the Easter break — one Labor senator and one Coalition senator attended. The legislation was debated in Parliament for just three days.
The reason the government rushed to pass the legislation without more careful examination remains unclear. To date, despite many threats, no rights holders have filed cases in the Federal Court in the six months since the legislation passed. Foxtel has indicated it plans to file a case next year.
The passage of the legislation, however, does make Australia fully compliant with the IP obligations in the Trans-Pacific Partnership.
Under Turnbull the government is also continuing to pursue a voluntary code between rights holders and ISPs to require ISPs to warn customers alleged to have downloaded pirated TV shows, films or music. Those negotiations remain at a stalemate because rights holders are reluctant to pay for the costs for ISPs to enforce their copyright for them. Fairfax reported that former prime minister Tony Abbott had floated the idea of a $20-$30 fine for people alleged to have pirated, but this never made it out of cabinet discussions.
All your networks are belong to us
In June, Brandis announced the government would introduce new telecommunications sector security reform legislation to allow the secretary of the Attorney-General’s Department to dictate what telcos can and cannot do on their networks. The new laws would require telcos to hand over any information the secretary wants, or face fines.
After an uproar from the industry and accusations that it was another national security overreach from the government, Brandis backed down, deciding to extend consultation on the proposal until next year. He also made changes so that it would be the attorney-general of the day rather than the department secretary that gives orders to the telcos.
The directions the attorney-general can issue are still quite broad, however. For example, according to the exposure draft, if there is concern that there is a risk of unauthorised interference with, or access to, a telecommunications network, the attorney-general may give a telco “a written direction requiring the [telco] to do, or to refrain from doing, a specified act or thing within the period specified in the direction”.
War on encryption
The government attempted to fix legislation passed by the former Labor government that would make it difficult for researchers to collaborate on encryption technology, but academics and researchers remain concerned that the impact of the law will make it a criminal offence for people to collaborate on encryption services across the Australian border.
While other governments have begun considering banning encryption technologies in the ongoing war against Islamic State, for now Turnbull has admitted encryption is an issue for law enforcement investigating terrorist plots, but has not indicated the government will seek to ban it.
No data breach laws
Despite many promises, the government failed to introduce mandatory data breach notification legislation. This would have meant that companies, like the telcos forced to keep all our metadata, would be required to inform the public if they became aware that data had been leaked. At the moment, they are under no obligation to tell the public — group-buying company Catch of the Day waited three years before informing customers that their credit card details had been compromised.
At the last minute before Parliament ended for the year, Brandis released an exposure draft for the mandatory data breach notification legislation.
In 2016, we also can look forward to a parliamentary inquiry into the impact of pornography on Australian children, which will no doubt lead to the return of a debate over mandatory internet filtering not seen since the Coalition was embarrassingly forced to quickly withdraw an opt-out internet filtering policy within four hours when it was released two days out from the 2013 election.