Think that if you have nothing to hide you have nothing to fear? Maybe you should just hand over your email password, writes Amy Gray.
As you read this on your phone or computer, your ISP is doing more than just giving you access to the site.
It’s logged that you’ve visited Crikey’s IP address and how long you spent here, along with some other information like your phone number and location if you’re reading on mobile.
And then it will keep that information for two years in case an Australian government agency wants to view it for any reason, due to the mandatory metadata retention becoming legislative law earlier this year.
Your movement anywhere can now be shared with more than an ISP or telephone provider. It might be the police, ASIO or any number of Australian government agencies currently scrambling to access the data that now doesn’t require a warrant. Thanks to the Five Eyes intelligence sharing alliance, this information can be shared with the US, UK, Canada and New Zealand.
Perhaps you’re comfortable with this, perhaps you’re about to reason that if we aren’t doing anything wrong then we have nothing to hide.
Digital Rights Watch decided to test that common rebuttal on Professor Gillian Triggs, former president of the Human Rights Commission and someone who will never be on Senator George Brandis’ Christmas card list.
Monday night in a packed theatre for Melbourne Writers’ Festival, all of Triggs’ personal data was displayed on a giant screen behind her, former senator Scott Ludlam and broadcaster Vanessa Toholka.
Triggs sat and politely smiled as her email details were displayed. From subject line alone, we learnt that she’s looking for a good deal on stationery, where she will deliver speeches, the groups of which she’s a part. Her phone details showed she was in Melbourne, and we could tell who was calling her and, based on their number, surmise what their phone calls were about.
Admittedly, Triggs is a well-known public figure, which means this information could be easily deduced. But does that mean it should be and what is the impact when it is someone who isn’t a public figure, like you (remember, ISP is still running the clock on how long you’re taking to read this article)?
It became slightly more uncomfortable when the crowd laughed at the revelation Triggs had applied for a Seniors Card. It’s symbolic of what happens when the banal details of our day can be released: everyday and perfectly legal activities look very different when viewed by others.
Ludlam took that further, quoting Glenn Greenwald’s response to the common “if you’re not doing anything wrong, you’ve nothing to fear” argument. In those moments he simply asks the person to hand over their email password. Feeling uncomfortable with that? Why? You’ve done nothing wrong, surely?
In fact, for anyone who’s ever handed their phone to show a friend a photo and hoped to the heavens above they don’t start scrolling through their camera roll, the distinction is clear: people have a right to choose what information they share without someone taking advantage. And what if that person comes across a legal but embarrassing photo? Do you think they’re capable of not blabbing what they saw everywhere?
No matter how decent (well …) the government may appear, sometimes it is not that capable. Like its inability to conduct a census, protect the names and home country details of 10,000 people seeking asylum in Australia, placing them in danger, or accidentally releasing your Medicare data and your Centrelink data (not just once, twice!) … Let’s get straight to the point: the Australian government wants all of your data but has a very public record of not keeping it private.
Part of this is because it is the government who are defining rules and keeping it “in house” or at the “discretion of ministers”, decried by Triggs as something that would never happen in Europe where the court system keeps things honest or in the US, which has a Bill of Rights.
So, with the government operating beyond the law and stockpiling your data in the cyber equivalent of a sieve and an opposition that hasn’t yet learned that word’s definition: who is going to help you regain your privacy?
Scott Ludlam made it clear: “We need a revolution”.
Part of that is making the cost of accessing your data higher and harder by using encryption wherever possible either through the use of a VPN (Virtual Private Network) or encrypted messaging apps like Signal.
But the other part is standing up and making a ruckus. Put pressure on politicians — the ministers and your local representatives — and let them know to get their hands off your phone and laptop. Learning about your digital rights isn’t complicated, and learning how to protect them and push for change is even easier.
*Amy Gray is a Melbourne-based writer and member of Digital Rights Watch.
Jul 17, 2017
It's unclear how Malcolm Turnbull proposes to fight encryption but one technique already in use illustrates the dangers of relying on "backdoors" of any type.
With Malcolm Turnbull declaring on Friday that the laws of Australia will override the laws of mathematics, you’d think we’d be closer to understanding exactly what the government wants to do to undermine encryption. But despite media conferences and interviews, it’s still entirely unclear exactly what the government proposes to compel IT companies to do — although the Luddite-for-the-ages George Brandis insisted on Friday that it would all be straightforward because the UK’s electronic spy agency GCHQ had assured him it would be.
So what form will this war on maths take? What we know is that agencies like GCHQ, the NSA and the CIA haven’t — despite Brandis’ blithe dismissals — managed to penetrate widely used encryption methods used online by companies like Apple and Google. Instead, what they aim to do is access the devices using that encryption to obtain information before it is encrypted, and relay it to agencies. That was a key lesson from the trove of CIA hacking tools that turned up on Wikileaks last year.
And in 2014, the government handed security agencies exactly the power to do that — or, rather, validated something that agencies were almost certainly doing already. Courtesy of the government’s national security legislation changes that year, security agencies were given the power to interfere with computers under warrant, including planting software on them.
Except, this isn’t any safer or smarter than what the government constantly rules out — having backdoors into encrypted communications systems. As the CIA tools showed, the malware that agencies place on mobile devices or computers relies in security flaws in operating systems — flaws that Google, Apple and other manufacturers should be warned about so they can patch, but which agencies prefer to exploit instead. This is exactly what led to the recent spate of ransomware attacks, all derived from an NSA tool that exploited a flaw in older Microsoft operating systems. There’s no magic rule that prevents hackers, criminals, terrorists or our enemies in China and Russia from exploiting the same flaws.
Nor is there any guarantee that these tools — which are often purchased by security agencies from hackers, rather than internally developed — work as intended. There’s the notorious example of the “Bundestrojaner”, malware used by the German police to provide a backdoor into targeted computers, revealed in 2011 by the German hacker group Chaos Computer Club. That malware permitted the logging of keystrokes on the target computer, remote control of its cameras and microphone, broader control of the functionality of the device and the capacity to relay information back to German police. It could be used by anyone who found it, not just the agencies who put it there, and allowed the planting of information on the target device (thus enabling the planting of evidence), and its use to attack other computers; its unencrypted connections to police computers potentially also allowed third party access to agencies’ IT infrastructure.
The government may be keen to request — and if unsuccessful, compel — IT companies to assist in planting malware on devices, which would not involve weakening encryption, but accessing data pre-encryption. But as the Bundestrojaner illustrates, a backdoor is a backdoor, regardless of whether it’s pre- or post-encryption.
But we don’t know. The government continues to jabber incoherently on the issue. As with the imposition of mass surveillance in 2014, the government insists it wants to do nothing new, merely keep laws up to date with technology. As in 2014, it can’t actually explain what it wants to do. As in 2014, it’s embarrassing itself trying to explain its agenda. This time, the humiliation is global: Malcolm Turnbull’s insistence the laws of maths are subordinate to whatever he wants is drawing mockery around the world.
Like the War on Drugs and the War on Terror, Turnbull’s War on Maths will probably still be going decades hence, and going about as well as those conflicts have fared so far.
In April 1965, a young Oregon student was rushing to attend an anti-war rally. Diane Newell Meyer, then 22, had prepared no placard, so she quickly grabbed an envelope and pinned it to her chest having just scrawled upon it the words, “Make Love, Not War”. The slogan drew attention, as things affixed to young bosoms are wont to, and was reproduced throughout the era of Vietnam War protest on millions of buttons and protest signs, and at least one dreary John Lennon song.
I’m not at all sure this would have sat well with me. The idea of love as an antidote to war is not a sound one. Patriotism, the ardent love of nationhood, is, in fact, effective fuel for combatants and a great pretext for leaders who still speak today about their “empathy” in the prelude to acts of war. Buddhism, the religion of loving compassion, can exempt its most holy practitioners from ethical norms, permitting and promoting extreme violence in the name of love. At our own trivial level, many might attest that those with whom we “make love” are also those with whom we argue most aggressively about whose turn it is to take out the garbage.
Love and war as opposites? I don’t think so, and neither did John Lyly, who saw in 1579 that they could be meaningfully compared. “The rules of fair play do not apply in love and war,” he wrote, and was misquoted throughout the centuries.
When I gained my first job in the then-emerging internet sector in 1999, another similarity between love and war was evident. By then, it had become very clear that digital innovation had been advanced and funded at speed by both love and war. War is what the world’s most powerful state spends most of its money on. “Love” was then the only digital product consumers spent their money on — do have a look at this primitive “sex robot” from the era, compatible with Windows 95! There would be no internet as we know it without the US military. There would be no system of secure online payments without the famous loving penis of the drummer Tommy Lee.
Of course, we could just accept these gifts of great innovation and say that their bearers — love (or, sex, really) and war — are now out of the picture. It’s not true. Does this even matter? As a (very selective) libertarian, I have no problem whatsoever with the ongoing market power of porn. But, as a (very selective) libertarian, I have great problems with the use of the War Powers Resolution to justify warrantless searches by the NSA of private data.
The rules of fair play will not apply at the NSA, nor should we expect that they will when it comes to sex robots. If you think that the deep state will not monitor your deep penetration of Giggles the FemDroid, well, you haven’t been paying attention.
Martin Luther King Jr. Ralph Nader. Alan Turing. The somewhat less heroic Donald Trump. These are just some of the persons who have been under sex scrutiny by the state. “Love” and war are not only close cousins for those more poetic reasons described in the 16th century. To reveal, or to threaten to reveal, the, ahem, loving peccadilloes of a person for the sake of “national security” is not exactly new. Your sex can be turned to war by the state.
Yesterday, sex robots were again in the news — and, why not, they’re fascinating. Don’t get too excited: Giggles is still years from our embrace. What we can access right now, however, are the conclusions of philosophers who, having lost funding to investigate trifles like the meaning of life, are chattering like Ray Kurzweil on Ritalin about the “ethics” of sex robots.
Goodness, the report is dreary. Like almost anything publicly said about AI and robotics, the answer to the question of sex robots is “it could be good and bad”.
This is the good. There is a strong emphasis in the widely publicised report on how Giggles might help the sexual deviant or the social recluse, and this is a precise and propagandist reflection of how any cyborg-y thing is discussed. When Elon Musk declared his intention to whack neural implants in our heads this year, he led with the announcement that it could help patients of Parkinson’s disease. This is Singularity 101: always talk about how your proposed device will help the disabled! Let’s leave aside that few in government and fewer still in business give a shit about people with a disability. This machine will change all that!
This is the bad. Apparently, Giggles might make some men objectify women. Well, I’d say that horse has bolted.
Whether you like ‘em or not, masturbatory devices have been available for sale or clinical use since the Victorian era. They’re here to stay. While, certainly, the psychological consequences of more human-like wanking tools does deserve discussion, the more urgent matter for mine is: who can see what I am doing to Giggles?
If security agencies can peer inside our refrigerators and remotely operate our TVs as listening devices, then they will certainly take care to learn what part of Giggles I have put into my holes, and how often. It seems curious to me that the Asimovian agencies who talk about our connected future with such hope, or with such timid concern that my gender might be objectified (again, done and dusted, guys) never seem to ask: who will be watching?
We are all aware of the possibility that we are being watched. It is no longer paranoid to think you’re being monitored, but rational. I do not expect a bunch of populist philosophers to ask about the political and military consequences of such surveillance. But, you’d think, wouldn’t you, that they might want to have a chat about how that plays out in the individual psyche?
This new robot love. It will be weaponised. This love will become, as it so often has, a tool of war.
From the Crikey grapevine, the latest tips and rumours …
Bolt trips up when lecturing everyone else. Well, this is awkward. Yesterday, Australia’s most-read columnist Andrew Bolt railed against the reporting of historical sex abuse charges against Cardinal George Pell, writing “media commentary suggests there’s little chance Cardinal George Pell can get a fair trial”. Bolt quoted a report in The Age and even wrote “shops still carry a savagely biased book by ABC journalist Louise Milligan”. Where he really tripped up, though, was attributing quotes from abuse survivor Andrew Collins to Victoria Police Detective Sergeant Kevin Carson, who hasn’t commented on the case. The Herald Sun carried an apology and correction on page 2 today.
So in a story on the effects of media reporting on a trial, Bolt made a stuff-up that could be read by potential jurors. Good one.
Don’t mention the NSA, they can hear you. At what point, we wonder, will the media wake up to the reality of cybersecurity? Today for Fairfax, the normally excellent Peter Hartcher gives us more than 900 words on the terrors of cyberspace, using that old standby long used by governments of the ungoverned internet in need of cleaning up and civilising (by governments, of course). Other go-to tropes of the “internet needs cleaning up” line also appeared: Russia, China, hackers, organised crime, the West as victim of malicious online actors. Most amazingly, Hartcher went the entire length of the article without mentioning that the latest wave of ransomware attacks (which, incidentally, have hit Russian firms as well as Western firms) originated with the National Security Agency and its tactic of finding vulnerabilities in commonly used software and exploiting them rather than telling the manufacturers about them. So, for the benefit of Hartcher and any other journalists wanting to peddle this stuff, here are some well-established facts:
- as part of the Five Eyes, Australia is a member of the world’s biggest cyber espionage ring;
- that ring primarily engages in commercial and economic espionage, not counter-terrorism;
- it funds a massive market in software vulnerabilities that pays criminals millions for software flaws and the exploits that use them; and
- it can’t secure its backdoors and exploits effectively, meaning criminals and rival states get hold of them.
On cybersecurity, we’re part — probably the biggest part — of the problem, not the solution.
Never mind the bollards. In typical Melbourne fashion, the city has reacted to the installation of temporary bollards in the CBD by decorating the stark concrete blocks. They were installed as an anti-terror initiative by the City of Melbourne, and lord mayor Robert Doyle has assured locals they would only be a temporary measure until a more permanent (and more aesthetically pleasing) solution could be found. In the days since, bollards have become “bollart” with brightly coloured material covers, paint and glitter all being used to spruce up the blocks. Doyle is in favour, telling The Age he’s a “fan of anything that brightens up the city”.
This could be a problem for the council, though, with a caller to 3AW this morning saying the bollards weren’t bought but hired. Will the council be able to return the bollards that have been painted? A council spokesperson told us:
“We would not encourage people to paint the bollards, as they are not owned by the City of Melbourne. However, if any of the bollards are painted, we will be able to remove the paint without incurring significant costs.”
Should we stick to our knitting?
Time to update LinkedIn. The name “Finkel” has entered the Australian political lexicon in the same way that “Gonski” has — we almost forget there is an actual person attached to it instead of a policy. Well, one man hasn’t forgotten. Yesterday, in a speech to the Mathematics Education Research Group of Australasia, Alan Finkel joked about his role in writing the report on Australia’s energy security, saying: “I’m marking a milestone of my own tonight: my first formal event since taking off my hat as Australia’s Chief Electrician, and resuming my hat as Australia’s Chief Scientist.”
It got Ms Tips thinking — perhaps Australia does need chief tradies. Australia’s Chief Plumber could be called in to fix the leaks from our major political parties.
Thanks Perry much. Following our story yesterday on the appointments to the Administrative Appeals Tribunal with Liberal Party affiliations, a tipster got in contact to point out the further Liberal connections of former John Howard staffer Perrohean (or Perry) Sperling, telling us that in addition to her work with Howard, she was also a senior policy adviser to former Victorian Liberal premier Ted Baillieu. We found that she had indeed been recruited by Baillieu in 2011 as a “key adviser” at the same time future Liberal Party federal director Tony Nutt became director of the then-premier’s private office. We’re continuing to fossick through the list of appointments and reappointments, but let us know if you know more.
Don’t look now. Well, if there is anything you can say for the Australian Christian Lobby, they don’t waste any time. A flyer featuring comments made by Defence Industry Minister Christopher Pyne last weekend — in which he stated that marriage equality was just around the corner in Australia — has been sent to residents in his South Australian electorate of Sturt. As tweeted yesterday, the flyer seems to try to make the rainbow flag look particularly menacing. “Sooner than everyone thinks” it reads, with cutouts from papers reporting the mini-furore started when Pyne dared to say something remotely positive about the LGTBI community. The flyers are authorised by Lyle Shelton at the ACL.
From the Crikey grapevine, the latest tips and rumours …
It’s all listening devices across the ditch. While the government of Kiwi PM Bill English is being rocked by his terrible mishandling of an MP who bugged one of his own staffers, some more evidence has emerged of the priorities of the Five Eyes intelligence agencies. As we know, the electronic intelligence gathering agencies of the US, UK, Canada, Australia and New Zealand are only used to fight terrorism and counter the actions of enemies like Russia and China in the name of national security. Well … not so much. In fact, the primary goal of the Five Eyes surveillance systems is commercial espionage, and one of many examples that confirmed this was the case of New Zealand back in 2015, when some Edward Snowden documents revealed NZ’s electronic intelligence-gathering agency, GCSB, had been spying on the World Trade Organisation. A den of Russian spies? A haven for terrorists? Not quite. NZ’s then-trade minister Tim Groser had decided to run for the job of head of the WTO and the Kiwis used Five Eyes intelligence-gathering systems to spy on the other contenders. Groser was unsuccessful, but the revelations prompted an investigation by NZ’s Inspector General of Intelligence and Security.
Now, that investigation has unearthed something very interesting: while the idea of spying on the terrorists lurking among the world’s trade ministers was devised by the head of GCSB Ian Fletcher, who actually approved the operation? Well … Groser himself. Yes — it’s DIY surveillance in Wellington. Better yet, Fletcher didn’t keep any records of the process, and other GCSB managers developed memory problems when she asked them to provide details of how the decision was made. You’d think spies would have pretty good memories, but evidently not. Apparently this way of approving an intelligence operation was “unusual” and “outside the normal method for approving intelligence targets”. You’d hope so.
The Mocker dogged by rumours Ms Tips has previously written about the Mocker, The Australian’s masked larrikin who fearlessly punctures the elitist bubble of “sanctimonious attention seekers”. Who is the Mocker? Well, we’ve not been sniffing around on this one much, but one tipster had a theory and dug up something interesting. Our tipster ran a textual comparison between the work of The Mocker and that of The Australian‘s associate editor Chris Kenny. Our tipster ran three Mocker columns and three Kenny columns through the online research consortium’s language-matching application (which “determines the degree to which any two samples of language are similar in their language styles”, according to the website) and found it had a 97% match. And the Mocker’s Twitter account has retweeted Kenny four times since its inception in April — more than any other person.
A glance at the Mocker’s Twitter feed shows a shared distaste for outgoing Human Rights commission president Gillian Triggs and radical Islam. But perhaps they howl with one voice at The Australian. We tried it ourselves with poison penned columnist Janet Albrechtsen and found a 94% match — perhaps our tipster is barking up the wrong tree?
Don’t mention the charges. Rio Tinto issued this statement around Sydney time on Tuesday, announcing the resignation of senior independent director John Varley. He has resigned as a non-executive director and will step down from the board immediately. Varley joined the Rio Tinto board in September 2011 and was also the chair of the remuneration committee. Rio Tinto chairman Jan du Plessis used the announcement to express gratitude for “John’s outstanding contribution over the five or so years he has been on the board. The board holds him in the highest regard and will miss his valuable insight. Personally, I am not only losing a senior independent director, but a close colleague, whose wisdom and support I am going to miss tremendously. On behalf of the board I wish John the very best for the future.”
Which seems like an odd thing to say, given that about six hours earlier it was announced in London that Varley (who stood down as chief executive in 2011) and others had been charged by Britain’s Serious Fraud Office. He faces up to 22 years in prison, having been charged (along with Barclays itself and other senior executives) with conspiracy to defraud and false representation, over its arrangements with Qatari investors during the global financial crisis. These are the first criminal charges in the UK to be filed against a bank and its former executives or directors emanating from activities in the GFC, but they are big ones. All the very best indeed.
ABCC ya later. You know how it is — you’re deep into a long argument before realising with a jolt of cold sweat that perhaps, just perhaps, you aren’t completely in the right. This appears to be the position the Australian Building and Construction Commission found itself in this week. One of the many, many, many ongoing disagreements the commission has had with the construction industry union is the factual content of some of the fact sheets on the ABCC website. The CFMEU claimed the ABCC was misrepresenting unions’ right to enter a workplace, and it threatened legal action. The CFMEU initiated legal action against the Fair Work Building Commission (the ABCC’s precursor) for the same reason back in August last year, and the commission backed down. In Monday’s Australian, an ABCC spokesman was quoted as saying “the ABCC stands by its education materials”. But this posture did not last — the next day, as industrial relations news website Workplace Express reports, the ABCC quietly amended its fact sheet. We wonder why.
Greens act on sexual assault allegations. Following the explosive allegations from Sydney journalist Lauren Ingram that she was raped by a NSW Greens member, the NSW Greens swiftly issued a statement, saying that four days after receiving the accusation “the member was formally and indefinitely suspended on 20 February 2017 and all member rights were removed”. But the incident seems to have rattled the Greens leadership. We hear that Greens leader Richard Di Natale told the party room this week that all state branches have been asked to review their sexual assault policies.
Jun 6, 2017
Islamist terrorists are almost inevitably known to security agencies before they act, but politicians insist ever more mass surveillance is the answer.
Details emerging in the aftermath of the London Bridge attack are getting worse and worse for UK Prime Minister Theresa May, who was home secretary for six years before she became leader in the wake of the Brexit debacle last year.
May’s cuts of up to 17,000 police across Britain during her time at Home Office began drawing attention in the wake of the Manchester bombing, with evidence emerging of police warnings about the impact of cuts on their ability to fight terrorism. Now the issue is out in the open just days from the general election, with more claims about the impact of the cuts from police and a former David Cameron adviser calling for May to resign (albeit, Steve Hilton, the inspiration for Stewart Pearson in The Thick Of It).
Now, with seeming inevitability, it has emerged that at least one of the perpetrators of the attack, like the Manchester bomber and the perpetrator of the previous London Bridge attack, was known to intelligence agencies.
In fact, it’s hard to recall a terrorist incident anywhere in the West that hasn’t been carried out by perpetrators unknown to authorities. As the immediate shock of the attack gives way to detailed information, we always seem to learn that security agencies knew of the perpetrators or had been warned, often repeatedly, about them. That includes Man Haron Monis here; even the perpetrator of the overnight killing in Melbourne — now identified as a terrorist incident — had a long record of violent crime and previous links to terror plots.
Time and again, too, people in the community, and particularly in Muslim communities, have reported future perpetrators to police without action being taken. Bigots and the right rail at Muslims about terrorism, apparently oblivious to the fact that Muslim communities are doing their bit to alert agencies to threats, without action being taken.
The problem, of course, is maths. The level of resourcing required to keep people under targeted surveillance is extraordinarily high, and security and intelligence agencies only have so much money and people they can deploy. And stopping complex plots requiring communication and co-ordination is far easier than stopping a low-tech plot involving a van and some knives.
Which is why the constant calls for yet more surveillance — now from Malcolm Turnbull, who wants authorities to be able to access any encrypted communication — make so little sense. Security agencies already have insufficient resources to effectively monitor actual perpetrators, but governments want to dramatically expand the potential targets for monitoring by expanding surveillance. It’s the security equivalent of looking for a needle in a haystack by dumping several more haystacks on top. The likely result is hard-pressed security agencies have even less chance of spotting potential terrorists, making us less safe.
But this is the way the War on Terror has proceeded for 16 years. Trillions of dollars have been spent. Hundreds of thousands of people have been killed. Some of our most fundamental freedoms have been abolished (in the name of fighting people who “hate our freedoms”). We have become a surveillance society. And yet, judging by the conduct of governments and the media, we’re no safer than we were in 2001. There are few mass casualty terror plots; instead they’ve been replaced with low-tech, DIY terror attacks, often by the mentally ill, or drug addicts, long-term criminals or domestic violence perpetrators.
The casualty numbers might be far lower, but for the media and authorities they’re treated as the same horrific, “existential” (to borrow George Brandis’ absurd term) threat as large-scale attacks, and draw the same response — ever more draconian anti-terror laws, ever more mass surveillance, ever more Islamophobic rhetoric (which, according to Tony Abbott, has never killed anyone, a disgusting insult to the two Portland men murdered by a Trump supporter spouting Islamophobic abuse just last week).
After a decade and a half of failure, you might expect policymakers to ask themselves what they’re doing wrong. But the War on Drugs has been proceeding for decades and authorities haven’t paused to reflect on why there’s been no success there, either. On that basis, the War on Terror looks like it will still be going for decades, with ever more money spent, ever more freedoms abrogated, and ever more casualties.
Jun 5, 2017
Predictable calls for access to encrypted communications make us less safe, and are a cover for the security failures of authorities.
How would you like governments, their public servants and their hired contractors, to be able to break into any encryption you use online — your private messages, your internet banking, the internet-enabled toys your kids use, your car, your fridge, the lot — because “things need to change” in the fight against terrorism?
Some of you would be uncomfortable with that; others might accept it as a price worth paying to stop the kind of attacks we’ve seen repeatedly in recent months in the UK and on the weekend.
But how would you like it if terrorists themselves could break into encryption? Or organised crime? State-sponsored hackers from Russia, China or North Korea? Pedophiles? Because that will be the result if UK Prime Minister Theresa May gets her wish to “regulate the internet” and try to prevent the use of encrypted communications.
That’s not information activist fearmongering or libertarian privacy advocate talk, that’s simple mathematics.
Politicians like May, and many others, harbour a fantasy that there is some magic by which governments could be given secure access to encrypted communications by the manufacturers of encrypted applications and platforms. It’s the IT equivalent of insisting there’s no climate change or the world is flat — only they get away with it because most people don’t understand the basics of encryption. So here we are. As Labor’s Anthony Byrne predicted last month, the issue of backdoors is now back on the agenda.
That anyone could seriously suggest governments could be trusted to keep access to encrypted communications secure is laughable in the wake of not one but two massive releases of National Security Agency and CIA hacking tools in recent months. Hacking tools are backdoors of exactly the kind the likes of Theresa May want — only the latter would be developed by the software developers themselves, at virtual gunpoint, rather than by intelligence agencies or the people they buy them off. And they’ll be stolen, just as the NSA and CIA ones were, and as others have been. If we’re lucky, the thieves will release them publicly, to embarrass agencies. If we’re not so lucky, they’ll be sold to the people who are willing to pay good money for access to the world’s encryption systems. People who want to steal from banks. Pedophile rings. Other governments. Terrorists.
But it’s not merely that all of us will inevitably, mathematically, be less safe as a result, it’s that — like so many other surveillance measures — it will have minimal effect on terrorism. Terrorist groups will simply develop more of their own bespoke encryption apps — Al Qaeda has been doing that for years although, as expert Bruce Schneier points out, “homebrew” encryption doesn’t tend to be as good as publicly tested tools.
In any event, the actual process of achieving May’s fantasy is so profoundly laborious and damaging that it’s unlikely to ever proceed — exactly why threats to do so by her predecessor David Cameron didn’t.
There’s also the problem that, while the identities and histories of the perpetrators of the latest London attack aren’t yet publicly known, there’s a disturbing pattern of jihadist terrorists being shown to have already been on the radar of security agencies and even, in the case of Manchester bomber, the subject of specific warnings to agencies about the threat they pose, without action being taken. How will giving agencies access to encrypted communications improve security when they don’t act on specific warnings?
And let’s not forget the UK is already a surveillance state, thanks to Theresa May, who was Home Secretary for six years until July last year — she introduced not merely data retention but the retention of every citizen’s internet browsing history. The draconian surveillance powers imposed by May have failed to halt the current wave of attacks — possibly because May cut 20,000 police officers while in office, leading, police say, to an increased risk of terrorism.
In that context, May’s demand to “regulate the internet” looks a lot more like an attempt to cover her own grievous failings as Home Secretary rather than a sensible policy.
May 24, 2017
Customs might have accessed calls and texts illegally, the Commonwealth Ombudsman has found.
The Department of Immigration and Border Protection may have been illegally spying on our calls and text messages, with the Commonwealth Ombudsman finding the department misused its vast and invasive spy powers.
The Commonwealth Ombudsman’s annual report — assessing how government agencies access both stored communications (i.e. text messages and other content that telecommunications companies retain) and metadata — was scathing of Customs’ handling of its powers to obtain the content of communications.
The Ombudsman went to Customs in February last year to review how the agency was complying with its requirements to obtain warrants before accessing communications, how it kept records for those warrants, and what records there were of how the communications were handled, and found it all lacking.
“No stored communications product was made available for our inspection. Therefore, we cannot provide assurance that Customs was only dealing with lawfully accessed information,” the Ombudsman said.
In five cases where data was obtained under a warrant, there was no record of whether the data obtained was for the time period allowed by the warrant. There was also no record of who in the agency received the stored communications, and whether it was properly handled and then destroyed when no longer required.
Three of the preservation notices — notices sent to telcos telling them to keep all the call and text content from someone suspected of wrongdoing — were missing when the Ombudsman went looking for them, one notice had been mislabelled, and another three preservation notices were found but not on the list provided by Customs, as well as another two warrants. Most damningly, the Ombudsman found that Customs might have illegally accessed stored communications because it had obtained the communications but no warrant for those communications could be found.
Customs blamed a bad record-keeping system and said that the inspection of notices was for a time between July 2014 and June 2015 when Customs was merging with Immigration and Border Protection.
It is the second instance in recent weeks where a government agency entrusted with powers to invade the privacy of every Australian has been caught flouting the law. The Australian Federal Police is expected to face questions in Senate estimates this week over an incident where an officer accessed the metadata of a journalist in chasing down a leak from the AFP without first obtaining a journalist warrant as required under the new data retention regime.
What have done today that you wouldn’t want your boss to see? Have you taken a private call, sent a Facebook message or checked your private email on your lunch break? And if your boss recorded you doing it without you knowing, what would your rights be?
The legislation covering surveillance and privacy in the workplace is a patchwork from state to state, with the federal Privacy Act offering a general prohibition on the recording (audio or optical) of “private acts”, and state-based legislation regarding surveillance (if there is any) filling in the gaps. Only New South Wales, Victoria and the ACT have specific laws regarding workplace surveillance, and even those are limited. The Fair Work Ombudsman, in the absence of any real enforceable laws, provides a “best practice guide.” In most cases, for example, an employer installing hidden cameras in the work place is not illegal — although employees generally have to be told it’s happening.
The Surveillance Devices Act 1999 (Vic) specifies that it is an offence to use an “optical or listening device to carry out surveillance of the conversations or activities of workers in private areas like workplace toilets, change rooms or lactation rooms” — anywhere else in the workplace is covered by general restrictions on surveillance.
The Workplace Privacy Act 2011 (ACT) and Workplace Surveillance Act 2005 (NSW) have similar restrictions — they both apply to optical, tracking and data surveillance devices (the legislation doesn’t mention listening devices). They both requires an employer to notify employees if one of these types of surveillance devices is in use (the ACT act also requires consultation with employees if surveillance is to be introduced in the workplace). Covert surveillance (surveillance that employees are not told about) is allowed if the employer has received an authority from a court — which will only be granted to determine if an employee is breaking the law, and is subject to various safeguards. For example, there is a 30-day time limit on the surveillance, and surveillance records must be destroyed within three months unless they are required for investigative or “evidentiary purposes”. The surveillance of employees in places such as toilets, change rooms, nursing rooms, first-aid rooms and prayer rooms, (as well as surveillance of employees outside the workplace) is also prohibited.
The legislation that does deal with workplaces is almost entirely woefully outdated. Only the NSW Act covers employee email and internet access while at work – neither Victoria nor ACT legislation mentions it.
The Australian Law Reform Commission, in its 2014 report on threats to privacy in the digital age, has a small section dedicated to recommending uniform workplace surveillance law, concluding:
“The inconsistencies between these workplace surveillance laws are relatively minor—for example, slightly different definitions apply, and the types of rooms that may not be put under surveillance differ slightly between each law. A more significant need for reform arises because specific workplace surveillance laws exist only in these jurisdictions. The ALRC therefore proposes that there be uniform workplace surveillance laws across Australia.”
No action on uniform workplace surveillance has been taken, or even seriously discussed at a federal level as yet. In the workplace, as with Andie Fox, metadata retention, and other areas, our right privacy is far from a government priority.
Mar 17, 2017
A number of fake Facebook profiles allegedly associated with Victoria Police social media monitoring have been deleted after questions from Crikey.
A number of suspected fake Facebook profiles alleged to have been associated with Victoria Police that were used to target activists planning protests have been mysteriously deleted with no explanation from the agency.
Activist Kieran Bennett this week revealed that after one homelessness activist group posted on Facebook about plans to hold a forum on Melbourne’s rough sleeping ban, the group received a message from a profile alleging to be associated with the Victoria Police stating:
“This is Victoria Police. We’ve been informed of your protest action and want to let you know we’ll be monitoring this event with interest.”
After investigating the account, Bennett discovered that more than 80 accounts had been set up, connected to each other with few friends and little content, and often no picture. Many of them have police-sounding names like SenCon Henderson, or Insp Simpson, but looking at the profiles reveals that there is little to them other than the name, and sometimes a police-themed profile picture.
Bennett found one actual real account connected to all the fakes, that of Mark Bayly, the communications manager with Victoria Police. Crikey has also seen a profile for “Victoria Bayly” who is also friends with some of the fake accounts. Bennett says many of the accounts have similar or almost identical names to serving officers, and through these fake accounts it would be quite easy to track down the social media presence for many current serving officers in Victoria Police.
Crikey put questions to Victoria Police on these fake profiles, and why Victoria Police had opted for this approach for social media surveillance. In response, Victoria Police issued a short statement saying it was reviewing its current practices and would not comment on the specific questions.
“Victoria Police is currently reviewing its processes and governance arrangements relating to use of social media for investigative and operational reasons. Part of this will focus on ensuring that all communications are both appropriate and secure.“Victoria Police uses a wide range of means for collecting intelligence to assist with investigations. Intelligence is a critical component in our ability to keep Victorians safe. As is common practice for law enforcement agencies, we do not believe it to be in the public interest to discuss those methodologies publicly.“We would like to conclude the review before commenting further.”