Category: Privacy (page 1 of 2)

AFP Denies Access to Social Media Surveillance Documents


A little while ago (5 months ago) I made a request under the Freedom of Information Act for the following documents.

(a) Documents, reports, memoranda or policy statements not already made publicly available, regarding the use of social media or social networking sites in formal police inquiries, surveillance and investigation.

(b) Documents not already made publicly available detailing any formal or informal co-operative arrangements between law enforcement agencies and any such social networking sites, detailing prices and/or procedures for such agencies seeking access to information or details regarding subscribers to those services.

It is without a doubt that there is a public interest and democratic imperative that such information be released. Internet users have a right to understand and be made aware of what information is being collected, under what circumstances and under what arrangements that information is being collected or relayed, and who has access to that information.

There were some 23 documents found to have existed within the AFP, that detailed the arrangements between the organisation and other social media orgs, namely Google/Youtube, Skype, Yahoo, Facebook, MySpace and Twitter.

Access to these files and documents was denied completely — it would damage the international relations of the Commonwealth, in that the documents have been provided to the AFP by foreign governments, and in addition any release would prejudice the investigative, preventative and detective operations of the AFP.

It’s obviously not the case that revealing the broad overarching relationships and arrangements between the AFP and social media orgs would impact to the great detriment the AFP are espousing in their correspondence, the US Courts have compelled the release of similar documents sought in FOIA requests by the EFF.

There are extremely novel ways in which policing organisations are assessing the large amounts of data they are retrieving from social media organisations, for instance through the mapping of associations which have huge implications for the privacy of citizens and users, and we should be able to understand how enforcement organisations are using that data, and for how long it is stored.

So off I go to the OAIC…again.

Like Pulling Teeth


Recently, I made a request for access to the Attorney-Generals Department for draft legislation which was refused because it would not be in the public interest to release such information. It was covered fairly comprehensively by Delimiter & The Sydney Morning Herald, the refusal to release advice, preparatory materials and other information was roundly condemned. Similar efforts to make material available by the Australian Greens, strengthened by their access to parliamentary processes were shut down as the major parties colluded to shut down access.

Now begins the long process of asking for a review via the Office of the Australian Information Commissioner(OAIC), and fighting for the documentation to be released [PR]. The text of the appeal is below. I’m informed by the OAIC that there is a huge backlog of appeals for review, meaning it could be months before the process even begins and a case officer is assigned.

This is a situation the Attorney General’s Department is fully aware of. Any request for internal review, would surely fail, simply because of the organisational confirmation bias and they know there is significant lag at the OAIC. The AGD are fully aware of the political sensitivity of the issue and the legislative changes they’ve sought, but are gaming the freedom of information process to strategically delay or preclude public scrutiny and debate. The process of actually bringing government bureaucracies into the 21st century, and acting in accordance with platitudes of ‘Open Government’ really is like pulling teeth.


Lack of Transparency & Inclusion Raises Questions About Integrity of Democratic Process


On the August 24, The Australian revealed that the Attorney General’s Department was convening meetings with stakeholders — except that it had excluded one very important group. You.

The copyright lobby and its many faces and fronts are being given an audience with the Attorney General’s Department and platform on which to pressure ISPs into an industry code for ‘dealing’ with file sharers. Of course, we know what that means – the termination of access on their accusation.

What is very worrying, is that this is being conducted behind closed doors and that the government seems very willing to place the legislative gun to the head of service providers. If there is one thing that the government is transparent about, it is that it will pull that trigger, in attempting to enforce an antiquated monopoly mechanism, with no regard to clear issues with human rights and civil liberties.

We cannot rely on ISPs to protect consumers — when push comes to shove, they will capitulate, so it is important that civil society and political groups and parties all sing the same song — termination, suspension or limitation of access to the Internet for allegations of copyright infringement, or even breaches, are not acceptable or proportional.

Below is a letter sent to the Secretary of the Attorney General’s Department, Mr Wilkins.

Dear Mr. Wilkins,

I write to you seeking clarification of certain issues raised in an article authored by Andrew Colley, published in The Australian on August 24, 2011 entitled ‘A-G in call for talks on online piracy’.[1]

The article cites a spokesperson for the Attorney General’s Department indicating that a meeting had been convened in order to garner the differing positions, need and scope of any governmental intervention.

It is very concerning that there has been no public mention of the meeting convened between stakeholders and that amongst the published list of invited participants there appears to be no representation from consumer organisations or civil society – in fact, the meeting appears to be convened with the specific intention to exclude these stakeholders.

It is even more concerning that organisations like the Australian Content Industry Group, and the dubious studies they have commissioned, which have subsequently been used by the Attorney General as justification for the policy direction of the Australian Government[2] and only released by the organisation after Freedom of Information requests were made by myself to the department, are being given unfettered access, facilitated by the Attorney General’s department to lobby government and industry for the development of an industry code, or to effect legislative changes.

The willingness of government ministers and the Attorney General to so readily facilitate the development of disconnection mechanisms for alleged copyright infringement like those operating in New Zealand, the UK or France, is worrying.

The termination or limitation of access to the Internet on the grounds of violation of intellectual property laws, in this case, copyright, is completely disproportionate, ineffective and a violation of human rights.

That this is done without the oversight or inclusion of civil society in an open forum raises questions regarding the integrity of the democratic process and the willingness of the government to engage and listen to alternative perspectives, economic analysis and academic study.

It is imperative that the government acts in the interest of Australian citizens, recognising the importance of Internet access, protecting the rights of Australian citizens to seek and impart information, knowledge and culture, and works to safeguard due process and fundamental rights. It can do this by being transparent and open in its decision-making and policy development process.

Kind Regards,

Rodney Serkowski

EDPS: Data Retention Directive Deficient; Fails Requirements of Privacy & Data Protection

Peter Hustinx, European Data Protection Supervisor has released his opinion on the European Data Retention Directive (2006/24/EC) and it is scathing. Flatly, the director has stated that the directive does not meet privacy and data protection requirements. This is something we have reiterated to various inquiries and government departments, considering the Australian Attorney General has signalled an intention to implement data retention in Australia in line with the EU directive.

Jonathan McIntosh - CC-BY-SA - Flickr


From a privacy and data protection perspective, the Evaluation report also justifies the conclusion that the Data Retention Directive does not meet the requirements imposed by the rights to privacy and data protection. There are several deficiencies: the necessity of data retention as provided for in the Data Retention Directive has not been sufficiently demonstrated, data retention could, in any event, have been regulated in a less privacy-intrusive way, and the Data Retention Directive lacks ‘foreseeability’

It is without doubt that the justifications for dragnet data retention are reactionary, without proportion and without necessity.

The report stipulates, that whilst there are interesting situations presented where data retention may be used or is ‘indispensible’ to the investigation, these do not constitute a necessity for data retention.

It interestingly also mentions the Commissions justification of the directive by attaching significant importance to retained data which was used to exclude subjects from crime scenes and to verify alibis.

Although these are interesting examples of how the data is used by law enforcement authorities, they cannot be put forward as demonstrating the need for data retention. This argument should be used with caution as it might be misunderstood implying that retention of data is necessary for proving the innocence of citizens, which would be difficult to reconcile with the presumption of innocence.

The report puts forward the use of data preservation as an alternative method for use by investigations of criminal activity, which is basically the securing or ‘freezing’ of metadata (locational and traffic data) relating to the suspect via a preservation order, which could then potentially be made available to law enforcement through  judicial authorisation (i.e. a warrant). This something that would comply with the minimum requirements of the CoE Cybercrime Convention, however the Commission seems intent on persisting with wide-scale data retention because preservation…

…does not guarantee the ability to establish evidence trails prior to the preservation order, and does not allow investigations where a target is unknown, and does not allow for evidence to be gathered on movements of, for example, victims of or witnesses to a crime.

The report gives four principle reasons as to why the wide-scale retention of traffic data as regulated by the EU directive goes beyond what is necessary and is disproportionate.

1. The notion of ‘competent national authority’ is understood differently, and in some cases have led to widespread use of the retained data by too many authorities. The consistency of safeguards across different nations has also led varying degrees of judicial oversight and conditions for access.

2. Two years is far too long, and the majority of requests (86%) have been for data within six months. The majority of EU states have also elected to retain data for no longer than 1 year, suggesting that the maximum period of two years far exceeds what is required or necessary.

3. Security of data is a huge issue. One only has to look to the crippling breaches in the security of private data in the last month to see how vulnerable data can be. In the EU, there seems to have been a ‘patchwork’ of security measures implemented, and although there apparently have been no concrete examples of serious breaches, this does not eliminate the potential for serious breaches.

This issue cannot be taken lightly, as the security of the retained data is of crucial importance to a system of data retention as such, as it ensures respect for all other safeguards.

4. The Directive demands a wide array of telecommunications data is retained, however there is very little information on whether it is necessary to retain all this data, and for the same length of time, thus preventing any meaningful conclusion being arrived at.

In reality, the only thing that can be deduced is that the directive is eroding the fundamental right to privacy, this insidious directive is leading to a situation where the populace is under perpetual surveillance. This report is just one of many, that reiterates that the only way to move forward is to dispense with the directive — repeal. It is an unjustified interference into the privacy of all citizens.

The full 16 page document can be found on the EDPS website.

Filtering and Blocking to Protect Copyright Infringes Fundamental Rights: EU Court of Justice

In what could potentially be very big news, and a first step in actively pushing back the copyright monopoly, the Advocate General Cruz Villalón of the Court of Justice of the European Union has given opinion that states:

Advocate General Cruz Villalón considers that the installation of that filtering and blocking system is a restriction on the right to respect for the privacy of communications and the right to protection of personal data, both of which are rights protected under the Charter of Fundamental Rights. By the same token, the deployment of such a system would restrict freedom of information, which is also protected by the Charter of Fundamental Rights.

Rick Falkvinge writes:

This means that Eircom can no longer be forced to eavesdrop on its customers to filter out certain parts, and it means that Danish ISPs can no longer be mandated to censor The Pirate Bay and AllOfMP3. Black Internet in Sweden can give the finger to the court order to block The Pirate Bay. Many, many aggressions from the copyright industry stand to just fall flat on their face.

Christian Engström relays a comment from Slashdot user CrystalFalcon which very succinctly relays what the opinion of the Advocate General actually means:

One, no court may impose an ISP with an order to filter, in particular not because of enforcement of copyright monopolies;

Two, such filtering is a reduction of fundamental rights, so

Three, if laws are written requiring an ISP filter or block the internet, such laws must conform to very strict criteria that are applied to laws limiting fundamental rights. They must be effective, they must be proportionate, and they must be defensible in a democratic society. While this sounds like political wishywashing, it has some very specific meanings. It is useful to compare to what laws have been written to prevent terrorism: these laws are held to that standard, which the copyright industry wants badly to supersede. The Attorney General also goes into detail how such laws must be transparent and predictable.

What this does not say is that:

Four, no censorship must ever take place.

Five, no ISP may choose to limit what they present as “The Internet”.

In conclusion:

Six, it has been the modus operandi of the copyright industry to threaten ISPs with “block to our wishes or we’ll take you to court”. This has been their standard operating procedure for the past couple of years, in order to establish enough precendents to get them written into law. Today’s verdict, or potential verdict, gives those ISPs the power to say “go play on the highway, parasites, we have an order from the highest possible court saying no court can force us to do that. We care more about our customers than about obsolete irrelevants”.

Seven, this is the highest court in Europe, referring to the (equivalent of) Constitution of Europe. Thus, there are no courts and no laws that can supersede this. No EU Directive can change this (potential) verdict. The way forward for the copyright industry appears permanently blocked; I hold it as absolutely improbable that they’ll get paragraphs in the referred European Charter of Human Rights that put the copyright monopoly before the sanctity of correspondence, of personal data, and freedom of information.

This on the day New Zealand’s Government have passed insidious disconnection laws that violate human rights.


Guiding Principles For Upcoming Copyright Reforms

We’ve put together some principles that we’re asking the law and policy makers to consider in the inevitable legislative responses to the Roadshow v iiNet battle that will inevitably go to the High Court.

Access is a right. The Internet should be considered a utility, and access should be considered a fundamental right. The government’s commitment to the construction of the National Broadband Network signals that it is every citizen’s right to have access to an Internet connection. Disconnecting a customer from an ISP not only affects the user found sharing, but all other occupants of the premises, making the punishment fundamentally unjust.

Due process must be observed. Economically, socially and culturally, Australian citizens have become reliant on the Internet in the conduct of their daily affairs. It has become a civic space, that allows for political discourse, and is increasingly important for social engagement with friends and loved ones. Extra-judicial termination, suspension or interference is not reasonable, it is a violation of fundamental human rights.

Privacy must be respected. The privacy of communication is a fundamental right that underpins human dignity and is essential in any democratic framework. Communications on the Internet should be considered akin to letters sent through the postal service — their contents should be protected by the law from interception, monitoring or inspection.

Sharing is legitimate. The non-commercial sharing of information, culture and information is a legitimate form of cultural participation. Economically and culturally, file sharing is positive. The marginalisation and repression of Australians sharing culture, information and knowledge must be stopped.

Structural reform is necessary. There is a genuine need of structural reform. It is difficult, if not impossible to ask industry to innovate where the law does not permit it. Concessions extracted from previous copyright panics have created structural barriers to reform and innovation of new business models. Whilst some will adapt, incumbent organisations will pursue the maintenance of their monopoly if the law, and politicians permit and enable it. Society’s perception of how information and culture regulation should occur, as well as its expectations of justice, has shifted.

All stakeholders must be represented. Any government facilitated industry agreement or code must be crafted in a transparent and inclusive manner allowing consumer groups and civil society to be adequately represented so that any potential agreement respects the interests and civil liberties of Internet users and artists.

Reasonable I think, whether they’ll be listened to is unknown. We’ll be asking for endorsement/review from civil society and other political parties who’ll hopefully embrace it.

Older posts

© 2017 Rodney Serkowski

Theme by Anders NorenUp ↑