Beware the spin behind Australia's new surveillance laws

Attorney-General Brandis is failing to join the dots when it comes to new ASIO powers and the push for mandatory data retention laws.
Written by Stilgherrian , Contributor

"Now, Alison, I'm a liberal, so philosophically I have a very strong predisposition against big government and against expanding state power," said Australia's favourite Attorney-General, Senator George Brandis QC, to ABC Radio National journalist Alison Carabine last Thursday. "And that is why, in the legislation that I introduced into the Senate yesterday, we have taken the most conservative possible approach in empowering the national security agencies with additional powers, but it was necessary to contemporise the legislation."

Except that the 124-page National Security Legislation Amendment Bill (No. 1) 2014 is not "the most conservative possible approach". That's just part of the jumble of spin and logical fallacies that Brandis is using to "justify" substantial increases to the surveillance powers of the Australian Security and Intelligence Organisation (ASIO).

The most significant change, at least for ZDNet readers, would give ASIO the power to hack into the computers of completely innocent people in pursuit of their target.

Computer access warrants can already give ASIO permission to access a specific computer if there are "reasonable grounds" for believing the data in that computer will "substantially assist" the collection of intelligence in a matter that is "important in relation to security". The warrant may also allow ASIO to do "any thing reasonably necessary to conceal the fact that any thing has been done under the warrant" — that is, to erase their tracks.

The relevant law is section 25A of the ASIO Act 1979, although those provisions reflect more recent amendments.

Brandis' Bill extends the definition of computer access warrants. "The target computer may be any one or more of the following: (a) a particular computer; (b) a computer on particular premises; (c) a computer associated with, used by or likely to be used by, a person (whose identity may or may not be known)."

ASIO would also be able to use "any other computer or a communication in transit to access the relevant data and, if necessary to achieve that purpose, adding, copying, deleting or altering other data in the computer or the communication in transit", provided that they've considered other methods of obtaining that data that are "likely to be as effective" and using these third-party systems is "reasonable in all the circumstances".

The relevant text starts on page 29 of the Bill as initially tabled (PDF).

These expanded computer access warrants would still need to be requested by the Director-General of Security and signed by the minister. And ASIO still wouldn't be able to interfere with the lawful use of the hacked devices, except where that's necessary to execute the warrant in the first place. How that distinction would be made in practice is an interesting question in itself, but for another time.

At one level, Brandis' proposal simply reflects our increasingly networked world. Data no longer just sits on a specific computer somewhere. Data is now a constant flow between people using any number of devices in any number of locations, none of which may be identifiable in advance.

But if Brandis' Bill truly represented "the most conservative possible approach", then logically it shouldn't be possible to suggest any tighter rules under which ASIO still gets its new digital powers. Yet coming up with such suggestions is trivially easy.

How about only allowing the hacking of third-party computers if there's NO other way to reach the target data? Or only in cases where other methods would introduce a significant risk of discovery? Or limiting their use solely to terrorism-related cases? Or solely to cases where there's an immediate danger of people being killed?

I could go on, but the core problem is that Brandis' justification for all this is the same old same old: "The law is old. We have computers now. Terrorism. We must have new laws. Here are new laws." Except for one new twist: "Trust me, I'm a liberal."

Those first five sentences are the familiar logical fallacy. "We must do something. This is something. Therefore we must do this." Brandis will of course know the Latin name for it, but much as I love history I prefer to live in this century. And the last sentence is the logical fallacy of appeal to authority, the idea that you can trust a statement because of who said it.

Brandis has of course waved the terrorism scare stick, claiming that a few tens of "jihadists" who might eventually return from Syria — a figure cited by ASIO chief David Irvine — pose a national security threat, comparing them with those returning from Afghanistan a decade ago.

"During the Afghan conflict, about 30 Australians travelled to Afghanistan to link up with the Taliban and engage in jihadist war-fighting on behalf of the Taliban," Brandis told ABC Radio. "Of those 30, 25 returned to Australia. Of those 25, 19 were involved in preparing and planning mass casualty terrorist attacks within Australia and of those 19, 8 were actually prosecuted and convicted. So there is a very high incidence of returning jihadists who engage in terrorism."

And, by those figures, there's a 100 percent chance of those jihadists being caught before anything happens. So why does ASIO need any more power? It already seems remarkably effective. I've nothing against them seeking ways to make their job easier — we all do that, right? — but Brandis simply hasn't joined any of the dots.

What are the specific gaps in ASIO's powers that would prevent them maintaing their perfect score against another few handfuls of hopeful heroes? How, specifically, do the new powers plug that gap? What limits the use of those powers to these supposed terrorism cases, rather than to any old hand-wavey "national security" matters?

Unfortunately, our parliamentarians seem to have been implanted with a post-hypnotic suggestion, so that every time someone utters the words "national security" they turn off their brains and wave through whatever legislation is put in front of them.

Except for Senator Scott Ludlam, of course. He must have been away the day the hypnotist came through. "We see updates to expand ASIOs powers [in the face of technological change] in parliament roughly once a year, sometimes more than that, and we never get to see the bills that update privacy protections for the same reasons, and privacy protections as a result are lagging far behind," Ludlam told ABC Radio last Wednesday.

Brandis has also started the spin in support of mandatory data retention laws, which the government has "under active consideration".

"All it would mean is that the telecommunications companies would be obliged to maintain what is their existing practice," he told ABC Radio. But as I've written before, that simply isn't true, and anyone still pushing the idea that metadata is just billing data is either a fool or a liar.

Brandis is also spinning mandatory data retention as inevitable. It's the way Western nations are going, he says. That's another fallacious argument. We are doing it because we are doing it. It's also far from inevitable. The European Court of Justice (ECJ) has ruled the Data Retention Directive to be invalid. And the UN High Commissioner for Human Rights has said that mass surveillance is a "dangerous habit", with governments showing a "disturbing" lack of transparency about the reasons they set up such comprehensive data surveillance.

Brandis said that as Attorney-General he would focus on national security. In and of itself, there's nothing wrong with a focus on a specific policy area.

But resorting to spin and logical fallacies to justify substantial increases to state surveillance — even to the point of denying that they're substantial? Dismissing criticism, as he did on radio last week, as "very silly" remarks and "wild claims", which is nothing but name-calling?

I'd say that Brandis needs to be watched very closely indeed.

Editorial standards