Attorney-General Nicola Roxon appears to have swung her support behind a controversial plan to capture the online data of all Australians, despite only six weeks ago saying ”the case had yet to be made” for the policy[1].

Pirate Party Australia is confused over why the Attorney-General is supporting mandatory data retention, despite acknowledging the many flaws and security issues that storing this data presents.

Ms Roxon seems to have held a prior opinion opposing the retention plan, and for good reasons. The suggested plan is in direct contravention of human rights treaties Australia is signatory to. It includes arbitrary violation of privacy and an unprecedented level of interference, in violation of the UN Universal Declaration of Human Rights, Article 12[2]. It is akin to having the postal service steam open your mail, photocopy it and reseal it before delivering it.

“It is amusing that in a talk she gave at the Security in Government Conference[3], Roxon talks about the ‘balance between ensuring we have the investigative tools needed to protect the community and individual privacy’ – less than ten minutes after saying that ‘staff can be confused, exploited or corrupted into providing access to systems.’ How can she envision setting up a system for data retention, knowing these systems can be, and are being, subverted?” said David W. Campbell, President of Pirate Party Australia

“To a potential hacker or identity thief, the retention system itself is a treasure-trove of information – a high value target. Considering that it will be kept in private hands and telecom employees will have access to it – the very same risks she eloquently describes as a problem with government agencies would present an even greater risk for a privately owned system,” continued Mr Campbell

In the same talk, Ms Roxon continues to describe the system as intending to “ensure that vital investigative tools are not lost,” essentially admitting that today’s tools are sufficient. She invokes the murder of the Cabramatta PM in 1994, a murder case that was successfully resolved using decades old laws and investigative tools applied to modern technology. She says that “without data retention, this capability will be lost.”

Today law enforcement agencies can and do get access to the data when they have a warrant, and the Cybercrime Legislation Amendment Bill 2011 which recently passed the Senate allows for even greater powers of data retention and access to the very same data when a warrant is presented – so it is unclear what capabilities are lost and why it is necessary to violate Australians’ privacy so arbitrarily.

An additional aspect of the proposed legislation changes that Ms. Roxon has chosen not to mention is the criminalisation of a failure to assist in decryption of encrypted data. The proposal paper was especially vague about who would be asked to assist under the new legislation but raises strong concerns, particularly regarding the right to avoid self-incrimination.

For more details, please read Pirate Party Australia’s submission to the PJCIS[4].

[1] http://www.smh.com.au/technology/technology-news/roxon-edges-toward-keeping-online-data-for-two-years-20120903-25amz.html#ixzz25Sj8XDmN
[2] http://www.un.org/en/documents/udhr/index.shtml#a12
[3] http://www.attorneygeneral.gov.au/Speeches/Pages/2012/Third%20Quarter/4September2012-SpeechtotheSecurityinGovernmentConferenceprotectivesecurity-policyinaction.aspx
[4] https://pirateparty.org.au/2012/08/24/pirate-party-releases-national-security-inquiry-submission/