Australia


I thought given the wire-tapping excitement going on now, that I’d post some of the practices going on world-wide that maybe you are not aware of, all excepts from Virtual Shadows (2009), so there could be some updates since, I haven’t checked. If there are updates it will surely include social media as per USA with PRISM.

ILETS
Many of the international laws on wiretapping date back to a series of seminars hosted by the FBI in the United States in 1993 at its research facility in Quantico, Virginia, called the International Law Enforcement Telecommunications Seminar (ILETS) together with representatives from Canada, Hong Kong, Australia and the EU. The product of these meetings was the adoption of an international standard called the International Requirements for Interception that possessed similar characteristics to CALEA from the United States. In 1995 the Council of the European Union approved a secret resolution adopting the ILETS. Following its adoption and without revealing the role of the FBI in developing the standard, many countries have adopted laws to this effect. Following adoption of the standard the European Union and the United States offered a Memorandum of Understanding (MoU) for other countries to sign to commit to the standards. All participating countries were encouraged to adopt the standards so it was natural that international standards organisations, such as the International Telecommunications Union (ITU) and the European Telecommunication Standardization Institute (ETSI), would adopt the standards.

Adoption of wire-tapping laws
Australia was one of the first countries to sign the MoU along with Canada. In Australia the Telecommunications Act expects the telecommunications operators to proactively assist law enforcement by providing an interception capability.

In the UK RIPA requires that telecommunications operators maintain a ‘reasonable interception capability’ in their systems and be able to provide on notice certain ‘traffic data’.
In the Netherlands all ISPs have to have the capability to intercept all traffic with a court order and maintain users’ logs for three months.

In New Zealand the Telecommunications (Interception Capabilities) Act 2004 obliges telecommunications companies and ISPs to intercept phone calls and emails on the request of the police and security services.
In Switzerland ISPs are required to take all necessary measures to allow for the interception of mail and telecommunications.

In June 2008 Sweden’s parliament approved controversial new laws (FRA-lagen) allowing authorities to spy on cross-border email and telephone traffic. The Swedish press claim that this will make Sweden the most surveyed country in Europe. This wiretapping law enables the intelligence authorities to ‘listen’ to all traffic, Hotmail, MSN, SMS etc., across Sweden’s borders. The law becomes effective at the end of 2009. Given Sweden’s stance on human rights the passing of this law is quite remarkable. It was following some pretty heated dis- cussions in parliament that the law was passed on a very fine majority (47 against and 52 for). The argument for tapping of international lines is ‘terrorism’. Of course any ‘terrorists’ will encrypt their communications and there is nothing that the Swedish authorities can do about this. Of course one can always monitor ‘traffic patterns’ on identified suspect com- munication which can be as revealing as the communications’ contents themselves in certain situations. However the use of the contents of such communications in a court of law will be impossible without the decryption key and they cannot obtain this unless there is a law enacted similar to the RIPA in the UK, which forces the key-holder to give the encryption or decryption key to the authorities on request and if they refuse they can be convicted for concealing evidence.

There was also a telecommunications driven incentive in 2008 called Phorm. I have not checked out the present status in 2013.

With the recent phone hacking scandals in the UK, politicians in Australia are asking ‘can it happen here?’ – and it is highlighting the lack of rights individuals have with respect to privacy in Australia along with the lack of powers that the Privacy Commissioner has.

Whilst there has been an increase in the number of reported data breaches, there is no legislative requirement for companies to report breaches – hence a lot of breaches are not reported.  The Australian Law Reform Commission (ALRC) have made a number of recommendations on Data Breach legislation that have (largely) not been acted on by the Federal Government.

For more details, please see the following article:

http://www.smh.com.au/technology/technology-news/thousands-of-privacy-breaches-going-unreported-20110727-1hzes.html

This is an excellent podcast on many aspects of privacy in the modern world. – Enjoy! From the Australian Broadcasting Commission (ABC) Radio National.

http://www.abc.net.au/rn/backgroundbriefing/stories/2010/2896235.htm

In the first case of its kind, an Australian court has ruled that an internet service provider cannot be responsible for illegal downloading. The decision had the potential to impact internet users and the internet industry profoundly as it sets a legal precedent surrounding how much ISPs are required to do to prevent customers from downloading movies and other content illegally in Australia.

    “iiNet is not responsible if an iiNet user uses that system to bring about copyright infringement … the law recognises no positive obligation on any person to protect the copyright of another,” Justice Cowdroy said.

Read more at theage.com.au.

The (quiet) introduction of a National Police Reference System in Australia has raised concerns on the impact on privacy.  The database (run by CRIMTRAC has millions of records – including DNA and fingerprints) and is able to be accessed by all Australian law enforcement officers.  There are up to 80,000 accesses to the data per day.

For more detail, please see http://www.smh.com.au/national/privacy-fears-growing-as-police-tighten-national-grip-20100117-mecr.html.

Potential draftees  (and employees) are being  screened by Face Book ‘ghosts’ to gain access to personal information

It is also used by recruitment agencies, insurance companies even law enforcement.

For more information see http://www.smh.com.au/digital-life/digital-life-news/how-social-networking-created-a-legal-and-ethical-minefield-20100115-mcgu.html

Today is an exciting day because I have on Virtual Shadows added new authors to the blog. Each is either an expert in information security and privacy or they have done alot of research in this space. Please welcome them to this blog, I expect it to become much richer in content. Each will be posting events/issues on the privacy landscape on their respective countries.

So far we have Leo (Iceland), Roman (Latvia & Russia), David (Australia & New Zealand), May (Singapore), aliasname (China).

More authors to be added over the next couple of weeks 🙂

Next Page »