So, in submissions to the parliamentary joint committee on intelligence and security (PJCIS) it’s been disclosed that government agencies, including local councils, are using loopholes in our current metadata legislation to lodge up to 35,000 requests for personal metadata a year. These requests are made without warrants and with little to no oversight.
My Australian readers will remember the Telecommunications (Interception and Access) Act that was passed three years ago to allow access our telecommunications metadata. They’d also remember how solemnly our government and ministries of state security swore that there’d be ‘robust protection’? Right, well as it turns out the earlier 1997 Telecommunications Act has a large existing loop hole that requires metadata disclosure, “if in any other case the disclosure or use is required or authorised by or under law.” All of which makes the provisions for privacy in the later act kind of moot.*
Then on top of this mess of existing legislation the Morrison government is now rushing additional security legislation through requiring the communications companies to provide access to encrypted data. From the weakening of encryption to covert insertion of spyware there’s pretty much nothing the government can’t demand a communications company provide. Weighing in on the issue are officials from the five eyes in a strongly worded communique. My guess is that’s because the legislation is seen as a stalking horse for the suite of powers that the security communities of the five nations have wanted for decades.
If all of this sounds like a mess it is, and if it also sounds like the current Government is trying to get some political mileage, they are. Of course anyone who remembers the NSA crypto wars of the eighties, which broke internet security for a generation, or how the NSA exploit Eternal Blue was turned by criminals into the Wanna Cry ransomware, would remark on how dangerous unthinking national security legislation can be, rousing endorsement by the five eyes notwithstanding.
Quis custodiet ipsos custodes indeed.
*Alternatively all the requests under the original legislation are now illegal, an outcome devoutly to be hoped for.
