Senate debates

Tuesday, 18 November 2014

Committees

Parliamentary Joint Committee on Human Rights; Report

4:50 pm

Photo of Scott LudlamScott Ludlam (WA, Australian Greens) Share this | | Hansard source

I move:

That the Senate take note of the document.

I rise to thank the members and the secretariat of the Parliamentary Joint Committee on Human Rights for their valuable contribution to the debate over the government's proposal for mandatory data retention for the entire Australian population.

The proposal has copped a bit of a bucketing, since it first emerged into the light of day from the telecommunications industry, from digital rights organisations and advocates right across the political spectrum. The government is on the back foot, such that it has delayed debate on the bill to 2015 and the ALP and the crossbenchers have raised significant concerns alongside the concerns of the Australian Greens. So we may yet get our 38 votes.

Nonetheless, I am still asked in nearly every interview on the subject in most public meetings: 'If I am not doing anything wrong, why should I worry about government surveillance? It may well be indiscriminate but I actually have nothing to hide or at least nothing that the state would have any reason to come looking for.' The question is entirely reasonable but it still throws me when I hear it. Yesterday my colleagues and I had the privilege of spending an hour with Chinese pro-democracy leaders living here in Australia who joined us on the occasion of Chinese President Xi Jinping's address to the Australian parliament. They spoke on behalf of the Tibetan community, who are suffering violent, slow-motion genocide that has led 140 young Tibetans to self-immolate as the only form of visible dissent that cannot easily be stopped by the Chinese authorities. They spoke on behalf of the Uygur community and Mr Ilham Tohti, a prominent scholar and host of Uyghur Online, who was jailed for life this September for publishing a mild critique of the impact the Chinese government's authoritarian crackdown in Xinjiang province. The spoke on behalf of the Falun Gong practice in China, whose members' allegations of industrial-scale organ harvesting seem impossible to believe until you read the independent reports into the practice. And they spoke on behalf of those mainland, mainstream Chinese families who have had to flee Chinese Communist Party rule for a whole variety of reasons. This is a country in which a difference of opinion can get you killed or sent to a 're-education through labour' camp for the rest of your life. None of these issues made it into the President's speech or into anything, that we are aware of, that was raised by the Prime Minister or the Leader of the Opposition. Conversations like this with people who have direct, personal experience of what it is like to live under an authoritarian regime finally settled for me that question about why you should fear instruments like mandatory data retention if you have nothing to hide.

In February 2013 Mandiant Security Consulting Service published I guess what you could say was an unprecedented report into one of China's cyber espionage units. Some of what they published is apocryphal, some of it is circumstantial, but this consultancy figured that what they had been tracking and had discovered was important enough that they should put it into the public domain. In the highlights they suggest that their analysis has concluded that this entity that they call APT1, or Advanced Persistent Threat 1, is likely government-sponsored and one of the most persistent of China's cyberthreat actors. This is basically corporate espionage. What they allege is that it is a unit of the Chinese People's Liberation Army based mostly out of Shanghai that effectively infiltrates corporations or government departments and loots their servers and their databases using a variety of hacking techniques to conduct espionage. That is how—we do not know whether it was this unit or anything of the sort—things like the floor plans for the new ASIO building, things like technical documentation for the Joint Strike Fighter, have found their way from military or industrial servers here and overseas into the hands of the Chinese government. You kind of understand or assume that this kind of behaviour goes on, but it is really quite stark to see expressed in detail the degree of sophistication used by government-sponsored hackers—certainly as alleged in this report.

But it got me thinking about the degree to which these tools and techniques also get turned on political dissidents. The literature is actually quite forbidding on the degree to which the Tibetan or the Uygur diaspora community have found the tools of cyber espionage turned upon them. They are really sophisticated hacking attacks going after Tibetan or pro-democracy campaigners or Uygur campaigners, people living here in Australia or in other western democracies, where we just assume that the state would not come after us using these kinds of extraordinarily hostile techniques and technologies—ways of basically owning your mobile phone from a great distance so that you can switch on its camera, so that geolocation data can be sent back to Chinese government authorities, so that microphones can be switched on, conversations can be recorded, and people's precise locations can be mapped as they move around the landscape. These are tools that are being turned on dissidents.

I am using China as one example because this experience obviously is very fresh in my mind as a result of these conversations from yesterday. But authoritarian regimes around the world use these very same tools at home and abroad to crack down on dissidents and on people who have political views with which they strongly disagree. There is absolutely no reason to believe that this behaviour is not levelled, at least by Chinese authorities, on Tibetan dissidents or on Uygur dissidents or on people that, no matter what our political perspectives here in Australia, we would not support the Australian government turning those kinds of tools on dissident communities or on people who express different political views. It is one of the things I think—I hope and I would expect—that we would all value the most about living in a country like Australia.

We hosted an event on a data retention in this building three or four weeks ago now that featured this huge range of opinions from industry, from the private sector, from advocacy groups as diverse as the Australian Privacy Foundation and the Institute of Public Affairs and others who would not normally find themselves in the same room together. I just acknowledge that Senator Leyonhjelm has joined us—and Senator Xenophon, who cohosted that event with me. iiNet put the case very starkly. They were not necessarily speaking for their own business case but for the industry generally: you bring this massively expensive mandatory data retention regime into Australia and you are forcing and imposing costs on industry. The government does not know who is going to pick up the tab for this brand-new surveillance tax that was not announce before the election. What we understand is that, as a result of a PwC consultancy that has not been put into the public domain—and for all we know is as yet unfinished—industry will have to be passing along some of these costs in increased data charges and the taxpayer will pick up the rest of the tab. It is a really misconceived idea, and I hope those of sound mind inside the coalition, because I know there is a measure of dissent inside the coalition, actually push back internally and make sure this thing does not go any further. But the fact of that cost, and what the iiNet representatives told us, is that if you force industry to warehouse these massive new archives of data that we do not want, that we do not need for billing purposes, where is it going to end up? It is going to end up with Chinese cloud-hosting providers, because they are cheap.

Think about that for a second. If you are a Tibetan living here in exile, if you are worried about your family still inside Tibet, if you are a Chinese pro-democracy campaigner, if you had some part to play in the Umbrella Revolution in Hong Kong, or if you have upset some authoritarian government somewhere in the world and had the good fortune to find yourself in Australia, what is this Australian government proposing to do? It is going to force industry to archive everywhere you take your device, everyone you are in touch with, your whole social network, your movements, your bank transactions, your health care records, conversations you might have with your legal representatives. And industry is saying, 'Probably costs are going to force a lot of these data warehouses into Chinese cloud-hosting providers.' How the hell are we going to safeguard that kind of material?

That really hit home to me yesterday. Some people do have something to hide. Some people actually do have something to hide. If you do not, if you think you are a completely open book, I respect that; but I would ask you to think about whether you have curtains on your windows, whether you close the door when you go to the bathroom, whether you have passwords on your email accounts—any of the multiple ways in which we express that fundamental human right to privacy. You still may hold no fears for yourself.

But I do hold fears for those pro-democracy campaigners, for people here in Australia with opinions that the Australian government might disagree with from time to time—people who might find themselves standing in the way of coal-loading machinery, for example. These techniques could be turned against civil society actors, whistleblowers, campaigners, journalists or some of the dissidents that we met yesterday. Some people do have something to hide.

I think it is a very, very important part of the work of the Parliamentary Joint Human Rights Committee that they have set out in black and white that this proposed bill should not proceed in the form that it has been drafted because, when you view data retention through a human rights lens, it fails the common-sense test.

5:01 pm

Photo of Ian MacdonaldIan Macdonald (Queensland, Liberal Party) Share this | | Hansard source

I do not want to comment particularly on this committee report before the Senate, as I had little to do with it. But, according to Senator Ludlam, it deals with metadata.

Photo of Scott LudlamScott Ludlam (WA, Australian Greens) Share this | | Hansard source

Yes.

Photo of Ian MacdonaldIan Macdonald (Queensland, Liberal Party) Share this | | Hansard source

Now, Senator Ludlam referred a matter that is before the Senate Legal and Constitutional Affairs References Committee on telephone interception, where we have dealt with metadata in some detail. As I recall, we have deferred the filing of the report until early next year.

Senator Ludlam just said that the keeping of this information would allow Big Brother, whoever is looking, to look at your bank details and what you are saying to people. I stand to be corrected—and, as I said, I did not take part in that human rights committee inquiry—but my understanding, including from briefings I have received, is that metadata will only tell whoever is watching you, like Big Brother in 1984, the time of the activity, where a message went and other basic information but not what you said or what you are watching or what your bank details are. Anyone listening to Senator Ludlam could well think that this proposal is so that Big Brother could look at your bank details, look at what you are looking at or other material. As I said, I stand to be corrected, but I do not think Senator Ludlam reported that correctly.

In fact, my understanding of the legislation being proposed by the government, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill, is for the retention of that pure—if I can call it that—metadata only, which will not allow people to look at your bank account and see how much money you have, or to see what you might have been saying to your mistress or whatever.

This legislation, as I understand it, is essential for the protection of Australians against people who would be terrorists, and other criminal groups; it is an essential tool there. But what is said in the debate about it needs to be accurate. We should not go around telling Australians, 'Big Brother will be able to see your bank account, see who you are writing to, see what you are viewing on the internet.' So I plead with people involved in this very, very serious and sensitive debate that you do not scare Australians with inaccurate suggestions about things which are not likely to happen.

Question agreed to.