Forget PRISM: Who's watching on your doorstep?

Summary:Almost 300,000 Australian records of phone metadata were accessed last year, without the need for surveillance warrants. All thanks to legislation written well before the advent of the internet or the mobile phone.

This week, the Greens will try to get a Bill through parliament to prohibit warrant-less surveillance in Australia. The press release issued last week highlighted a move to prohibit "real-time" surveillance, when, in truth, very little of that might be going on. The real issue — and what the party really means to target — is the vast range of authorities that are able to access "historic" data without calling up their friendly local judge.

In theory, warrants are needed for all real-time surveillance. Under the Telecommunications (Interception and Access) Act 1979, law enforcement agencies need a judge's consent before they can intercept anybody's communications. Access is largely confined to the police, the Independent Commission Against Corruption (ICAC), and the police integrity commission, and it must relate to a serious crime, punishable by at least seven years in prison.

Last year, there were 3,755 such warrants issued. The NSW Police was the most prolific, accounting for 41 percent of all warrants. That's one for every 1,900 people; 10 times the rate of warrants for the Victorian police force. Yet, crime rates such as manslaughter and murder are pretty much the same in both of these states.

In fact, NSW Police received three times as many warrants as the Australian Federal Police (AFP). And this isn't an isolated occurrence; NSW has a track record of out-surveilling all other enforcement agencies.

In part, this is because of a huge number of intercept warrants related to "serious personal injury or loss of life". Google the phrase, and you'll be inundated with websites for compensation lawyers. It's a crime that's worth pursuing through intercepts in NSW, but far less so elsewhere. Go figure.

intercepts-by-offence-by-st
Image: Phil Dobbie

Low down the list of reasons for intercepts is terrorism — 71 from the AFP, nine from NSW Police, and none from the other states.

The real figure, of course, will be much higher if we include the Australian Security Intelligence Organisation (ASIO), which is not included in the Intercept Act. Instead, it's covered by the Australian Security Intelligence Act 1979, which states that it can intercept in real time, provided the attorney-general has to sign the paperwork. There's no visibility to how often this happens — but, perhaps, too often for former Attorney-General Nicola Roxon. No wonder she wanted to escape to spend more time with the family.

Both of these pieces of legislation came about well before the internet emerged. Or the mobile phone. It means the laws were designed at a time when intercepting was really the only way to gather anything meaningful. These days, real-time access is less important, because so much more information is retained.

For example, it matters little whether the PRISM project had real-time access to major providers like Facebook, Microsoft, and Google when you consider how much data is stored. What you feed into Facebook never disappears, even after you die.

Facebook said late last week that it received around 10,000 requests from law enforcement entities in the last six months of 2012, relating to 19,000 accounts. The social media giant's point was that this was a small number, given it has 1.1 billion accounts, but to me, it seems like a lot. That's 380,000 accounts per decade; 380,000 lives tracked, along with associated friends. And that's just Facebook.

Back on home turf, telecommunications carriers store far less information about customers, but it can still be intrusive. There are voicemail messages, emails, and SMS records that authorities can access. This stored communication still needs a warrant approved by a judge, and must relate to a crime punishable with three years' imprisonment. The list of agencies able to undertake this form of surveillance extends to include Centrelink, the Australian Taxation Office (ATO), the Department of Immigration, and the Australian Securities and Investments Commission (ASIC).

It's not a weapon of choice for many — the judicial oversight clearly doesn't warrant the information received. In total, there were only 485 applications made last year. If you've got to get a judge in on it, it's best to go the full surveillance option.

But there's far more interest in telecommunications metadata. After all, this doesn't require a judge. It just needs a form (PDF) completed by a head or deputy of an authorised department. And the list of eligible authorities is as long as your arm. Basically, it's anybody involved in the administration of legislation, including the protection of public revenue. That includes local councils and numerous state and federal departments. In 2011, there were 18 authorisations to the Victorian Taxi Directorate.

And it's in this category where the action really happens. There were 293,501 authorisations last year — one for every 77 people in the country. Once again, the odds are far greater in NSW, where the state police accounts for 103,824 of those authorisations. And there are some other surprising big hitters, as the below table shows.

forget-prism-whos-watching-on-your-doorstep
Image: Phil Dobbie

The message is clear: If you don't want your phone records tracked by the RSPCA, be kind to your cat.

Of course, the authorities don't get access to the content of your communications. It's just the metadata, which includes subscriber details and the date, time, duration, and location of the call or web access. But as we demonstrated in this edition of Twisted Wire a year ago , when this sort of data is gathered over a long period, it's easy enough to trace your whereabouts. It's a lot of power to give to an unelected representative.

So, whilst the focus is on the dangers of international real-time surveillance, a real question mark lurks at the unwarranted action of a huge range of public agencies using legislation that was designed before the mobile phone or the internet. Time for an update, perhaps. But not to add more power, surely?

Topics: Privacy, Australia

About

Phil Dobbie has a wealth of radio and business experience. He started his career in commercial radio in the UK and, since coming to Australia in 1991, has held senior marketing and management roles with Telstra, OzEmail, the British Tourist Authority and other telecommunications, media, travel and advertising businesses.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.