Parliament may have shut down for five months, but the chaos of the coronavirus pandemic wasn’t enough to stop the government from polishing off legislation that will see the government handing over Australians’ personal data to overseas authorities.
Those powers are contained within the Telecommunications Legislation Amendment (International Production Orders) Bill 2020, which introduces a framework that would let Australian government agencies serve overseas communications providers with IPO notices compelling them to hand over certain “stored communications and telecommunications data” of interest to ongoing investigations.
The bill was referred to the Parliamentary Joint Committee on Intelligence and Security on 12 March – the day Dutton was admitted to hospital with coronavirus and a week after his return from a United States trip where he met to talk about preventing child exploitation with representatives including Ivanka Trump.
Alan Tudge, Minister for Population, Cities and Urban Infrastructure, took care of the bill’s first reading on March 5, while Dutton was overseas.
In the second-reading speech Tudge warned that “almost every serious crime and national security threat today has an online element.... vital evidence of serious criminality is often distributed across multiple jurisdictions.”
“Our agencies’ ability to deter, detect, investigate and prosecute national security threats and serious crimes, now more than ever, is heavily reliant upon significant international cooperation to... access crucial evidence.”
Among other capabilities, the IPO legislation provides for three types of orders including wiretapping telecommunications services and messaging apps, accessing stored communications such as emails or messaging-app chats, and access to telecommunications metadata.
The bill is, Dutton wrote in requesting the PJCIS review, “an essential pre-condition” for a proposed cross-border data sharing agreement under the United States’ CLOUD (Clarifying Lawful Overseas Use of Data) Act, which has already paved the way for a contentious data-sharing agreement with the UK government.
Passed in 2018, the CLOUD Act lets government authorities compel US-based companies to produce data even if it’s stored overseas – and Australia’s IPO Act would facilitate compliance with such requests by empowering organisations to send Australians’ data to those overseas authorities.
Privacy cuts both ways
The potential problems with such legislation have already been widely discussed on the US side of the equation.
The potential for free-flowing movement of personal data from non-US governments such as Australia raised red flags with privacy advocates such as the Electronic Privacy Information Center (EPIC), which warned after the UK agreement that “once an agreement is in place, no federal official or court will review an incoming foreign request for access to data stored in the United States”.
Data would be made available without regard to “baseline human rights standards”, EPIC warned, such as informing the target of a data request about the request for access.
This approach is in contrast to the increasing control over personal data in other spheres, encapsulated in regimes such as Australia’s Consumer Data Right (CDR) and the US California Consumer Privacy Act (CCPA) – which both came into effect this year and are predicated around giving individuals more control over their data.
Dutton has previously used the spectre of child exploitation and terrorism to justify a host of moves that critics have called “disproportionate”.
Most recently, the minister has been pushing for jurisdictional changes that would let the government enlist the overseas-focused Australian Signals Directorate (ASD) to spy on Australians at home.
The powers within the IPO would represent a marked escalation of the existing telecommunications metadata retention regime, which has suffered from allegations of opacity, poor management and scope creep during its recent PJCIS review.
This latest move – referred to as “Dutton’s Frankenstein” – has angered Australian rights advocates such as Civil Liberties Australia CEO Bill Rowlings, who called the IPO legislation “overkill” in a Sydney Criminal Lawyers analysis.
“We’ve had nearly 20 years of draconian laws – many totally over the top – and most absolutely slashing personal privacy,” he said while warning that the lack of a federal charter of rights has left “nothing protecting the basic rights of individual Australians.”
“These proposed laws will make it worse.”