In the 2002 film Minority Report, Tom Cruise’s character John Anderton is a man on the run. After an initial daring escape from police, he’s got a new worry: Washington DC’s citywide optical recognition system — which not only directs advertisements to individuals by scanning their irises, but also provides a handy way of locating those people for the powers that be. Anderton’s only way out is to undertake a risky eyeball transplant. While such a system may sound like another typically fantastical trope of science fiction’s techno-dystopias, increasingly, technology and surveillance are intertwining in a way that’s bringing us closer to this world.
Here in Australia, we’ve taken the first tentative steps down this road. As recently as October 2017, the Prime Minister and leaders of the states and territories agreed to establish a National Facial Biometric Matching Capability (NFBMC). Essentially, this deal means that images of your face from your state driver’s licence and your federally issued passport, visa or citizenship documents will be shared between the federal government and the states and territories, allowing agencies in all jurisdictions to match images of your face to your name and details.
The new NFBMC is being rolled out in two segments, with the Facial Identification Service (FIS) – coming to an agency near you in 2018 — all the more controversial. The FIS allows cops, spies and fraud hunters around the country to use your ID photo to work out your name, place of residence and whatever else about you that might be on the system from a CCTV still. It’s not able to do it in real time as in Minority Report, but that’s mainly because the technology isn’t good enough yet — although researchers say it’s getting there.
“THIS fundamentally shifts the power of government over the citizenry and it has happened by technological advance, not by public debate and consent.”
The FIS has reignited the long-running debate on privacy, surveillance and security in Australia. Prime Minister Malcolm Turnbull said at the scheme’s announcement that it didn’t amount to Big Brother-style mass surveillance, but a bunch of the country’s leading civil liberties and privacy groups, including Australian Privacy Foundation, Digital Rights Watch and Electronic Frontiers Australia, came together to condemn it. In fact, they described it as “an unnecessary and disproportionate invasion of the privacy rights of all Australians… the foundation for suspicion-less, warrantless mass surveillance… fundamentally incompatible with a free and open society”.
“Make no mistake – this database will affect all Australians, even the most conscientious and law-abiding,” said Chair of the Australian Privacy Foundation, David Vaile. “It will likely generate massive ‘false positive’ lists that will flood our very effective police and security services with useless distractions. We’ve already seen calls for ‘scope creep’ to cover welfare enforcement and there’s every reason to expect this capability will come to be used to identify people with unpaid fines and other minor issues that have nothing whatsoever to do with terrorism.”
A widely cast net
The privacy-versus-security debate is nothing new in post-9/11 Australia. But despite this, the extension of surveillance powers has continued almost unabated. Chris Culnane, a researcher in data security and privacy at the University of Melbourne, says there has been huge growth in the scope and reach of surveillance in Australia over the past decade alone.
“Ten years ago, most people would not have been recorded in a surveillance database. Today, we all are,” Culnane told Penthouse.
“It’s not just that there is a reliance on mass surveillance. It is that the number of organisations that are reliant on it has also grown. In the past, surveillance was the preserve of intelligence agencies, but today it’s used throughout government and law enforcement.”
This is largely thanks to the ease by which agencies can access our data. Gone are the days of surveillance vans and men in trench coats a few paces behind you. The agent shadowing your every move is no longer a person; it’s the technology in your pocket or on your desk. And, as Culnane points out, it makes things a damn sight cheaper than traditional spying methods.
“Digital surveillance has such a low marginal cost. There is not a big difference between targeting one person or one million people.”
By the numbers
Over the past decade or so, we’ve seen a raft of legislation designed to beef up law enforcement and security agencies’ capacity to keep a watchful eye over the citizenry, with a focus on digital data collection. While the legislation is numerous, complex and, at times, intentionally secretive, let’s look at a few more examples of Australian agencies’ lust for your data.
ASIO monitoring powers
In 2014, Parliament easily passed the National Security Amendment Bill which, among a range of counter-terrorism measures, allows ASIO to monitor a limitless number of computers on a network with a single warrant. According to lawyers, rights advocates, academics and media, this effectively gives ASIO carte blanche to monitor the entire internet on a single warrant because it is a ‘network of networks’, and the legislation does not clearly define what a computer is. The same legislation allows for the content of communications to be stored, rather than just the metadata.
Decrypting encryption
Describing widely available encryption services as “the greatest degradation of our intelligence capability in modern times”, Attorney-General George Brandis has backed a proposal to compel tech companies to help government agencies get around encryption. This might require ‘backdoor access’ — essentially, in-built vulnerabilities — into things like Facebook Messenger, decryption keys for encrypted messenger services like WhatsApp, or even enabling remote access to devices to intercept communications. Despite being announced in July 2017, the legislation has not yet been brought to Parliament.
Metadata retention
Perhaps the single greatest change to Australia’s surveillance legislation has been the introduction of metadata retention laws, passed in 2015 and officially coming into effect in April 2017. Under these laws, internet providers and telecommunications companies must retain the metadata of every single Australian’s mobile and internet usage for a minimum of two years. Metadata refers to basically everything but the content of messages or calls, including names of users, their addresses, who they’re communicating with, how they’re communicating, how long the communication lasts, what time it occurs, and even where they were when they communicated. Plus, unless you’re using a VPN, the URL of any websites you’ve visited is included (think about that for a moment, dear Penthouse reader). Currently, at least 20 law enforcement and security agencies can access this information without a warrant. In 2015-16, before all telcos and IPs were even fully compliant, these agencies made a whopping 326,000 of these warrantless authorisations to access metadata.
The better nature of grey-suited bureaucrats?
One of the more common arguments in favour of greater surveillance powers sounds like something your mum would say: if you haven’t got anything to hide, you haven’t got anything to fear. The other is that we must trade some of our liberties to ensure our security. At times, those pushing for new powers appear publicly frustrated by what they must see as the naysayers’ inability to grasp the logic of both arguments. During the early days of the metadata retention debate, then ASIO chief David Irvine bemoaned what he saw as the public’s willingness to give corporations a window into their lives and habits, but not an agency tasked with keeping them safe.
“For the life of me, I cannot understand why it is somehow correct for all of your privacy to be invaded for a commercial purpose and not allow me to do it to save your life,” he told a Senate Committee in 2014.
While there may be some truth to both these arguments, it’s hard to say for sure. Culnane says the effectiveness of such surveillance programs is highly debatable.
“It is shrouded in so much secrecy that an independent evaluation of it is almost impossible,” he says. “In many respects, we should be asking a different question. It’s not whether we are safer for it, it is whether it was worth sacrificing our privacy and civil liberties for?”
Prominent critic of Australia’s surveillance laws, Federal Senator David Leyonhjelm, suggests the cost is too great, especially given what he sees as a lack of robust safeguards.
“The potential for misuse is very high,” he says, pointing to several recent examples in the Queensland Police Service.
“Clearly, if you’re trying to catch a murderer or a rapist or a terrorist or something like that, it can be used legitimately, but it’s far more likely it will be used by some copper somewhere who fancies a pretty girl and wants to find out what her name is and where she lives.”
Others say the average Australian should be concerned because there is the potential that the data gathered could be used in increasingly wider and damaging ways. Lecturer at the University of Melbourne’s School of Computing and Information Systems, Dr Suelette Dreyfus, says there’s good reason to believe that current surveillance schemes are open to what she calls “creeping aggressiveness”. She points to 2017’s Centrelink robo-debt debacle as one example of why we should be concerned. In that case, automated data-matching across systems lead to about 20,000 incorrect debt notices being issued.
“Let me give you a scenario, based on the behaviour of the Commonwealth Government in particular and its aggressive use of this data matching,” Dr Dreyfus said. “It’s quite feasible you could have a world where you have a girlfriend, and you go to visit her at her apartment on Friday night, and on Monday you get a notice saying, ‘We think you’re in breach of your Centrelink payment because you’re actually living with your girlfriend’.” Your undoing, she explains, might have been metadata about your location, or facial recognition, or something else that was supposed to stop the bad guys, but instead it’s got you spending four nights in any given week at your girlfriend’s, which suggests to the automated system that you actually live there. Worse still, they’ve got two years of data to check back on to chase up any back payments they think you may now owe.
Dr Dreyfus notes the shifting of parameters that could lead to such a scenario would not be debated in parliament, nor be subject to a marriage equality-style plebiscite: “They’re decided by some grey-suited bureaucrat in Canberra.”
But perhaps the simplest argument of all is that we have a right to secrets.
“It’s not illegal to see a psychiatrist or visit a by-the-hour motel, but they are private,” says Dr Dreyfus. “They used to be private from government when we weren’t carrying mobile trackers with us everywhere in the form of our phone. But we have now essentially handed over that data, without explicit agreement, without there being a proper debate about it.”
This, she says, “fundamentally shifts the power of government over the citizenry and it has happened by technological advance, not by public debate and consent.”
“The thing, too, is, of course, everybody has something to hide,” says Senator Leyonhjelm. “It might be relatively minor, and the rest of us might think it’s of no consequence at all, but we are all entitled to have secrets and we all do have secrets — even if it’s just looking at a photo of a pretty girl’s backside.”
But these arguments don’t appear to resonate with the wider Australian community. A November 2017 report by the University of Sydney, which surveyed 1,600 Australians, found that while 47 per cent of people were opposed to governments violating their online privacy, that number dropped to 31 per cent when framed in terms of governments collecting data as part of anti-terrorism legislation. When asked about metadata retention, 79 per cent said they thought it was a breach of privacy for the government to force telcos to store phone call data, and 58 per cent said the same for internet providers and online metadata. And yet, these are both things current legislation requires, perhaps largely because the wider community didn’t pay enough attention when the legislation was up for debate.
“There are not enough people in Australia who see what’s going on,” says Senator Leyonhjelm. “It’s a bit like the apocryphal story about boiling a frog: if you put the frog into boiling water, it will hop out. But if you put the frog into water and heat it up, it’ll stay and boil to death. Frogs are not that stupid as a matter of fact, but I think the Australian electorate is collectively allowing that to occur. By the time they wake up, it may well be too late.”