Tag: Surveillance

AFP Denies Access to Social Media Surveillance Documents

 

A little while ago (5 months ago) I made a request under the Freedom of Information Act for the following documents.

(a) Documents, reports, memoranda or policy statements not already made publicly available, regarding the use of social media or social networking sites in formal police inquiries, surveillance and investigation.

(b) Documents not already made publicly available detailing any formal or informal co-operative arrangements between law enforcement agencies and any such social networking sites, detailing prices and/or procedures for such agencies seeking access to information or details regarding subscribers to those services.

It is without a doubt that there is a public interest and democratic imperative that such information be released. Internet users have a right to understand and be made aware of what information is being collected, under what circumstances and under what arrangements that information is being collected or relayed, and who has access to that information.

There were some 23 documents found to have existed within the AFP, that detailed the arrangements between the organisation and other social media orgs, namely Google/Youtube, Skype, Yahoo, Facebook, MySpace and Twitter.

Access to these files and documents was denied completely — it would damage the international relations of the Commonwealth, in that the documents have been provided to the AFP by foreign governments, and in addition any release would prejudice the investigative, preventative and detective operations of the AFP.

It’s obviously not the case that revealing the broad overarching relationships and arrangements between the AFP and social media orgs would impact to the great detriment the AFP are espousing in their correspondence, the US Courts have compelled the release of similar documents sought in FOIA requests by the EFF.

There are extremely novel ways in which policing organisations are assessing the large amounts of data they are retrieving from social media organisations, for instance through the mapping of associations which have huge implications for the privacy of citizens and users, and we should be able to understand how enforcement organisations are using that data, and for how long it is stored.

So off I go to the OAIC…again.

EDPS: Data Retention Directive Deficient; Fails Requirements of Privacy & Data Protection

Peter Hustinx, European Data Protection Supervisor has released his opinion on the European Data Retention Directive (2006/24/EC) and it is scathing. Flatly, the director has stated that the directive does not meet privacy and data protection requirements. This is something we have reiterated to various inquiries and government departments, considering the Australian Attorney General has signalled an intention to implement data retention in Australia in line with the EU directive.

Jonathan McIntosh - CC-BY-SA - Flickr

 

From a privacy and data protection perspective, the Evaluation report also justifies the conclusion that the Data Retention Directive does not meet the requirements imposed by the rights to privacy and data protection. There are several deficiencies: the necessity of data retention as provided for in the Data Retention Directive has not been sufficiently demonstrated, data retention could, in any event, have been regulated in a less privacy-intrusive way, and the Data Retention Directive lacks ‘foreseeability’

It is without doubt that the justifications for dragnet data retention are reactionary, without proportion and without necessity.

The report stipulates, that whilst there are interesting situations presented where data retention may be used or is ‘indispensible’ to the investigation, these do not constitute a necessity for data retention.

It interestingly also mentions the Commissions justification of the directive by attaching significant importance to retained data which was used to exclude subjects from crime scenes and to verify alibis.

Although these are interesting examples of how the data is used by law enforcement authorities, they cannot be put forward as demonstrating the need for data retention. This argument should be used with caution as it might be misunderstood implying that retention of data is necessary for proving the innocence of citizens, which would be difficult to reconcile with the presumption of innocence.

The report puts forward the use of data preservation as an alternative method for use by investigations of criminal activity, which is basically the securing or ‘freezing’ of metadata (locational and traffic data) relating to the suspect via a preservation order, which could then potentially be made available to law enforcement through  judicial authorisation (i.e. a warrant). This something that would comply with the minimum requirements of the CoE Cybercrime Convention, however the Commission seems intent on persisting with wide-scale data retention because preservation…

…does not guarantee the ability to establish evidence trails prior to the preservation order, and does not allow investigations where a target is unknown, and does not allow for evidence to be gathered on movements of, for example, victims of or witnesses to a crime.

The report gives four principle reasons as to why the wide-scale retention of traffic data as regulated by the EU directive goes beyond what is necessary and is disproportionate.

1. The notion of ‘competent national authority’ is understood differently, and in some cases have led to widespread use of the retained data by too many authorities. The consistency of safeguards across different nations has also led varying degrees of judicial oversight and conditions for access.

2. Two years is far too long, and the majority of requests (86%) have been for data within six months. The majority of EU states have also elected to retain data for no longer than 1 year, suggesting that the maximum period of two years far exceeds what is required or necessary.

3. Security of data is a huge issue. One only has to look to the crippling breaches in the security of private data in the last month to see how vulnerable data can be. In the EU, there seems to have been a ‘patchwork’ of security measures implemented, and although there apparently have been no concrete examples of serious breaches, this does not eliminate the potential for serious breaches.

This issue cannot be taken lightly, as the security of the retained data is of crucial importance to a system of data retention as such, as it ensures respect for all other safeguards.

4. The Directive demands a wide array of telecommunications data is retained, however there is very little information on whether it is necessary to retain all this data, and for the same length of time, thus preventing any meaningful conclusion being arrived at.

In reality, the only thing that can be deduced is that the directive is eroding the fundamental right to privacy, this insidious directive is leading to a situation where the populace is under perpetual surveillance. This report is just one of many, that reiterates that the only way to move forward is to dispense with the directive — repeal. It is an unjustified interference into the privacy of all citizens.

The full 16 page document can be found on the EDPS website.

Submission to the Privacy Inquiry

The Senate is currently holding a Senate Inquiry into ‘The adequacy of protections for the privacy of Australians online‘ — we submitted a quick document outlining some of our concerns regarding privacy, and the perception of it amongst younger persons, and more specifically some issues around data retention, which the Attorney General has been making enquiries about. We really didn’t have enough time to go through everything we wanted to raise, or properly elaborate on our points, only we hope that our submission helps the committee in their deliberations.

The document can be found here (PDF) Unfortunately there weren’t that many submissions, which is very disappointing.

Thanks to Brendan, Frew, Steve and Stefan for their help.

© 2017 Rodney Serkowski

Theme by Anders NorenUp ↑