Mass surveillance in Australia


Mass surveillance in Australia takes place in a number of network media including telephone, internet and other communications networks, financial systems, vehicle and transit networks, international travel, utilities, and government schemes and services including those asking citizens to report other citizens.

Communications

Telephone

Australia requires that pre-paid mobile telecommunications providers verify the identity of individuals before providing service.

Internet

According to Greens Senator Scott Ludlam, Australian law enforcement agencies were issued 243,631 warrants to obtain telecommunications logs between July 2010 and June 2011, which vastly overshadowed the 3500-odd legal intercepts of communications.
In 2013 it was reported that under Australian law state, territory and federal law enforcement authorities can access a variety of 'non-content' data from internet companies like Telstra, Optus and Google with authorisation by senior police officers or government officials rather than judicial warrant, and that "During criminal and revenue investigations in 2011-12, government agencies accessed private data and internet logs more than 300,000 times."
Google's transparency report shows a consistent trend of growth in requests by Australian authorities for private information, constantly rising approximately 20% year-on-year. The most recent published volume for the period ending December 2013 indicates a volume of around four individual requests per calendar day.
Telstra's does not include requests by national security agencies, only police and other agencies. Nevertheless, in the six-month period 40,644 requests were made, 36,053 for "Telstra customer information, carriage service records and pre-warrant checks", 2,871 for "Life threatening situations and Triple Zero emergency calls", 270 for "Court orders", 1450 for "Warrants for interception or access to stored communications" : an average of around 222 requests per calendar day.
, which was disclosed to the public in 2011, and was the basis for the modern Five Eyes international surveillance alliance.
, one of Australia's major spy facilities.
In 2013 more than 500 authors including five Nobel prize winners and Australian identities Frank Moorhouse, John Coetzee, Helen Garner, Geraldine Brooks and David Malouf signed a global petition to protest mass surveillance after the whistleblower Edward Snowden's global surveillance disclosures informed the world, including Australians, that they are being monitored by the National Security Agency's XKeyscore system and its boundless informant. Snowden had further revealed that Australian government intelligence agencies, specifically the Australian Signals Directorate, also have access to the system as part of the international Five Eyes surveillance alliance.
In August 2014 it was reported that law-enforcement agencies had been accessing Australians' web browsing histories via internet providers such as Telstra without a warrant. The revelations came less than a week after government attempts to increase their surveillance powers through new legislation allowing offensive computer hacking by government intelligence agencies, and mere months after outrage surrounding the government's offer to share personal information about citizens with Five Eyes intelligence partners.
As of August 2014, no warrant is required for organisations to access the so-called 'metadata' information of private parties. This is information regarding "calls and emails sent and received, the location of a phone, internet browsing activity. There is no access to the content of the communication, just how, to or from whom, when and where." Under current law many organisations other than federal, state and territory police and security agencies such as ASIO can get access to this information, including "any agency that collects government revenue", for example the RSPCA, the Australian Crime Commission, the Australian Securities and Investments Commission, the Australian Tax Office, Centrelink, Medicare, Australia Post, the Australian Fisheries Management Authority, the Victorian Taxi Services Commission, the Victorian Transport Accident Commission, WorkSafe Victoria, local councils and foreign law enforcement agencies.
In the 2013-2014 financial year there were over half a million disclosures of metadata to agencies.
The Australian Communications and Media Authority provides for internet service providers and other telecommunications providers about their law enforcement, national security and interception obligations.
During the 2015-2016 financial year 712 warrants were issued for access to stored communications,
3,857 interception warrants were issued, and 63 enforcement agencies were granted 333,980 authorisations for metadata access.

2014 proposals

A range of proposals are under discussion that affect surveillance of the population by government in conjunction with commercial service providers.

Hacking powers

The proposals seek to give the Australian Security Intelligence Organisation the right to hack into computers and modify them.

Single computer warrant to become umbrella surveillance

The proposals seek to give ASIO the power to spy on whole computer networks under a single computer-access warrant.

Spying on citizens abroad

The proposals seek to give the Australian Secret Intelligence Service the power to collect intelligence on Australian citizens overseas.

Law against media and whistleblowing

Section 35P of the proposals seeks to create a new criminal offence, with a maximum penalty of 10 years imprisonment, for revealing information about so-called 'special intelligence operations'. There are no exceptions listed, and the law would apply to journalists even if they were unaware that they were revealing information about such an operation. Shadow Attorney-General Mark Dreyfus called the measure "an unprecedented overreach".

Mandatory data retention

Mandatory data retention for two years of data relating to the internet and telecommunications activity of all Australians is currently under discussion.
On Tuesday, August 5, government Communications Minister Malcolm Turnbull complained about "waking up to newspaper headlines concerning the government's controversial plan for mandatory data retention", stating the government "risked unnecessary difficulties by pushing ahead with the data retention regime without fully understanding the details". In 2012, Turnbull had opposed mandatory retention.
On Friday, August 8, Australia's federal privacy commissioner, Timothy Pilgrim, stated he felt it remained "unclear" exactly what data was to be retained, and that "there is the potential for the retention of large amounts of data to contain or reveal a great deal of information about people's private lives and that this data could be considered 'personal information' under the Privacy Act".
Later in the month, the head of Australian Security Intelligence Organisation appealed for access to private citizens' data on the grounds that commercial entities may already be collecting it.
On February 19, 2015 the Australian Broadcasting Corporation's Radio National program Download This Show broadcast an interview with a former police employee who had worked extensively with metadata, on condition of anonymity. The former employee was quoted as feeling the proposed system was open for abuse and may one day be used against Australians who download music and TV shows.
On February 22, 2015 Australian Federal Police Assistant Commissioner Tim Morris made the following claims appealing to blind trust from the public.
In 2015 the issue of costs became more heavily discussed in the media with figures such as 1% of all national telecommunications revenue annually or "two battleships" per year used.
Prominent parties concerned about the proposals include:

Telecommunications and Other Legislation Amendment (Assistance and Access) Act

On 14 August 2018, the federal government published draft text of the Assistance and Access Bill. Modelled after the British Investigatory Powers Act, the legislation was designed to help overcome "the challenges posed by ubiquitous encryption". Under the bill, designated communications providers can be ordered to assist in intercepting information relevant to a case, either by means of an existing capability if possible, or being ordered to develop, test, add, or remove equipment for a new interception capability. A "Technical Assistance Request" can also be issued, which has fewer restrictions, but is not compulsory.
Orders must be connected to a warrant under the Telecommunications Act or the Surveillance Devices Act. Actions requested under the act must be "reasonable, proportionate, practicable, and technically feasible", and mandatory orders cannot compel a communications provider to add a "systemic weakness or vulnerability, such as requiring one to "implement or build a new decryption capability." or "render systemic methods of authentication or encryption less effective." An annual report must be issued on how many orders and requests are issued. Outside of certain proceedings processes, all specific information on requests and orders are confidential, and it is illegal to publish them publicly. Only the chief officer of an "interception agency" or the director-general of the Australian Security Intelligence Organisation can issue a TAO or TCO. The Minister for Communications must additionally approve a request for a TCO. A TAR can be issued by these parties, or the Australian Signals Directorate.
The proposed legislation faced numerous criticisms from politicians, advocacy groups, and the tech industry. Liberal Democratic Party Senator David Leyonhjelm argued that the bill was "a draconian measure to grant law enforcement authorities unacceptable surveillance powers that invade Australians' civil rights", alleging that users could be compelled to provide passwords for their personal devices at the request of law enforcement, or be fined. it was felt that the bill had weaker oversight and safeguards than the equivalent UK legislation, where requests for assistance are subject to judicial review. It was also noted that although providers could not be ordered to do so, they could still be encouraged by the government via a TAR to add a "systemic weakness" to their systems. In testimony, cyptography expert and Stanford Law School attorney Riana Pfefferkorn argued that "whenever you open up a vulnerability in a piece of software or a piece of hardware, it's going to have consequences that are unforeseeable."
The bill was passed by the Parliament of Australia on 6 December 2018 as the Telecommunications and Other Legislation Amendment of 2018, commonly known as TOLA. Bill Shorten of the Australian Labor Party described the bill's passage as being "half a win", since he wanted Parliament to "reach at least a sensible conclusion before the summer on the important matter of national security". He explained that there were "legitimate concerns about the encryption legislation", but that he did not want to "walk away from my job and leave matters in a stand-off and expose Australians to increased risk in terms of national security." Shorten did state that he would consider amendments to the bill when Parliament returned in 2019.
A number of Australian tech firms and startups warned that the bill could harm their ability to do business internationally. Bron Gondwana, CEO of the e-mail host FastMail, felt that the Assistance and Access Bill "makes complying with both Australian law and the EU's GDPR privacy requirements harder, putting Australian businesses at a disadvantage in a global marketplace." After the bill's passing, the service faced concerns and questions over its effects from current and potential users, which has caused a decline in business. Encryption provider Senetas stated that the country could face "the real prospect of sales being lost, exports declining, local companies failing or leaving Australia, jobs in this industry disappearing and related technical skills deteriorating."
In June 2020, as requested by parliament,the Independent National Security Legislation Monitor released a report which recommended changes to the act to require independent and technically competent review of compulsory orders requested under the act.

Specific Incidents

June 2019 Incidents

Raid on Journalist's Home

On the 4th June 2019, the home of Annika Smethurst, national politics editor of the Sunday Telegraph and other News Corp Australia titles, was raided by the Australian Federal Police. Annika had reported in April 2018 that Australia's Departments of Home Affairs and Defence were discussing a proposal to grant the Australian Signals Directorate new powers, such that emails, bank records and text messages of Australians could be accessed by the ASD if the two ministries gave their approval. Currently the ASD is not allowed to spy on Australians, although Australia's domestic spy agency, the Australian Security Intelligence Organisation, can already investigate citizens with a warrant. News Corp Australia called the raid "outrageous and heavy-handed and a dangerous act of intimidation which will chill public interest reporting." The Media, Entertainment and Arts Alliance, a relevant union in Australia, said the police sought to "punish a journalist for reporting a legitimate news story that was clearly in the public interest." It was subsequently reported that Malcolm Turnbull had vetoed the proposal to expand the ASD's powers.

Australian Federal Police raid the Australian Broadcasting Corporation

On the 5th June 2019, at least six Australian Federal Police officers raided the ABC with a warrant allowing them to access, alter and delete information allegedly in relation to reporting made based on secret files exposing the misconduct of Australian soldiers in Afghanistan. In a statement ABC Managing Director David Anderson said the police raid "raises legitimate concerns over freedom of the press. The ABC stands by its journalists, will protect its sources and continue to report without fear or favour on national security and intelligence issues when there is a clear public interest."
John Lyons, Executive Editor ABC News & ABC Head of Investigative Journalism commented on the raid by the AFP:
The AFP released a statement asserting there was "no link between the execution of search warrants in the ACT suburb of Kingston yesterday and those on the Ultimo premises of the ABC today."

Travel

International

Australia and the European Union have signed an agreement for the advanced sharing of passenger name records of international travelers. Similar agreements are in place with other countries.
In addition to passenger information and standard radar, Australia uses the Jindalee Operational Radar Network to detect individual boats and planes in the north and west of the country.

Domestic

Vehicles can be tracked by a range of systems including automatic number plate recognition, video and sensor-based traffic surveillance networks, cellular telephone tracking and automated toll networks. The ANPR systems are intelligent transportation systems which can identify vehicles and drivers. ANPR is known under various names in Australia: SCATS in Sydney, New South Wales; ACTS in Adelaide, CATSS in Canberra, SCRAM in Melbourne, DARTS in the Northern Territory and PCATS in Perth.

Mass transit

New South Wales
In December 2014, certain universities such as Sydney University delayed collaboration with the new Opal card system scheduled to fully replace existing, anonymous paper tickets on New South Wales mass transit, citing privacy concerns, whereas Macquarie University, University of New South Wales and Australian Catholic University had already agreed to provide the "student data" to the card network. Data is made available to other NSW government departments and law enforcement agencies. Concerns about privacy have been repeatedly raised in the mainstream media, with commentators questioning the extent to which user data can be accessed by authorities. According to the Opal Privacy Policy, data is made available to other NSW government departments and law enforcement agencies. On the 13th of March 2015 it was announced that Opal cards would be linked to commuter car park spaces, such that private road vehicle identities would become associated with individual mass transit use.
Other states
The extent and frequency to which individual traveler data is released without a warrant remains poorly documented for the following systems:
This section outlines the main legal references for mass surveillance in Australia.

National

Under Australian law, the following acts are prominent federal law in the area of surveillance.
A separate body of state-level laws also exists.

International agreements

Australia is part of the Five Eyes international surveillance network, run by the United States National Security Agency and generally protected from public scrutiny citing 'national security' concerns. According to the Canberra Times and cited policymakers, one of the most prominent critics of these agreements was the Australian National University academic Des Ball, who died in October 2016.