Mass surveillance in Australia

Mass surveillance in Australia takes place in several network media, including telephone, internet, and other communications networks, financial systems, vehicle and transit networks, international travel, utilities, and government schemes and services including those asking citizens to report on themselves or other citizens.

Telephone
Australia requires that pre-paid mobile telecommunications providers verify the identity of individuals before providing service.

Internet
Google's transparency report shows a consistent trend of growth in requests by Australian authorities for private information, constantly rising approximately 20% year-on-year. The most recent published volume for the period ending December 2013 indicates a volume of around four individual requests per calendar day.

Telstra's transparency report for the period 1 July - 31 December 2013 does not include requests by national security agencies, only police and other agencies. Nevertheless, in the six-month period 40,644 requests were made, 36,053 for "Telstra customer information, carriage service records and pre-warrant checks" (name, address, date of birth, service number, call/SMS/internet records. Call records include called party, date, time and duration. Internet information includes date, time and duration of internet sessions and email logs from Telstra-administered addresses ), 2,871 for "Life threatening situations and Triple Zero emergency calls", 270 for "Court orders", 1450 for "Warrants for interception or access to stored communications" (real time access): an average of around 222 requests per calendar day.



In 2013 more than 500 authors including five Nobel prize winners and Australian identities Frank Moorhouse, John Coetzee, Helen Garner, Geraldine Brooks and David Malouf signed a global petition to protest mass surveillance after the whistleblower Edward Snowden's global surveillance disclosures informed the world, including Australians, that they are being monitored by the National Security Agency's XKeyscore system and its boundless informant. Snowden had further revealed that Australian government intelligence agencies, specifically the Australian Signals Directorate, also have access to the system as part of the international Five Eyes surveillance alliance.

In August 2014 it was reported that law-enforcement agencies had been accessing Australians' web browsing histories via internet providers such as Telstra without a warrant (Optus confirmed that they cooperate with law enforcement, and Vodafone did not return a request for comment). The revelations came less than a week after government attempts to increase their surveillance powers through new legislation allowing offensive computer hacking by government intelligence agencies, and mere months after outrage surrounding the government's offer to share personal information about citizens with Five Eyes intelligence partners.

As of August 2014, no warrant is required for organisations to access the so-called 'metadata' information of private parties. This is information regarding "calls and emails sent and received, the location of a phone, internet browsing activity. There is no access to the content of the communication, just how, to or from whom, when and where". Under current law many organisations other than federal, state and territory police and security agencies such as ASIO can get access to this information, including "any agency that collects government revenue", for example the RSPCA,  the Australian Crime Commission, the Australian Securities and Investments Commission (though reportedly temporarily removed from the list), the Australian Tax Office,  Centrelink, Medicare, Australia Post,  the Australian Fisheries Management Authority, the Victorian Taxi Services Commission, the Victorian Transport Accident Commission, WorkSafe Victoria, local councils  and foreign law enforcement agencies.

In the 2013-2014 financial year there were over half a million disclosures of metadata to agencies.

The Australian Communications and Media Authority provides instructions for internet service providers and other telecommunications providers about their law enforcement, national security and interception obligations.

During the 2015-2016 financial year 712 warrants were issued for access to stored communications, 3,857 interception warrants were issued, and 63 enforcement agencies were granted 333,980 authorizations for metadata access.

There's some reports said Australia has been collaborating with Chinese Great Firewall security officials in implementing its data retention and filtering infrastructure and possibly obtained surveillance technology from China.

2014 proposals
A range of proposals are under discussion that affect surveillance of the population by government in conjunction with commercial service providers.

Hacking powers
The proposals seek to give the Australian Security Intelligence Organisation (ASIO) the right to hack into computers and modify them.

Single computer warrant to become umbrella surveillance
The proposals seek to give ASIO the power to spy on whole computer networks under a single computer-access warrant.

Spying on citizens abroad
The proposals seek to give the Australian Secret Intelligence Service (ASIS) the power to collect intelligence on Australian citizens overseas.

Law against media and whistleblowing
Section 35P of the proposals seeks to create a new criminal offence, with a maximum penalty of 10 years imprisonment, for revealing information about so-called 'special intelligence operations'. There are no exceptions listed, and the law would apply to journalists even if they were unaware that they were revealing information about such an operation. Shadow Attorney-General Mark Dreyfus called the measure "an unprecedented overreach".

Mandatory data retention
Mandatory data retention for two years of data relating to the internet and telecommunications activity of all Australians is currently under discussion.

"I must record my very grave misgivings about the proposal; it seems to be heading in precisely the wrong direction."

On Tuesday, 5 August, government Communications Minister Malcolm Turnbull complained about "waking up to newspaper headlines concerning the government's controversial plan for mandatory data retention", stating the government "risked unnecessary difficulties by pushing ahead with the data retention regime without fully understanding the details". In 2012, Turnbull had opposed mandatory retention.

On Friday, 8 August, Australia's federal privacy commissioner, Timothy Pilgrim, stated he felt it remained "unclear" exactly what data was to be retained, and that "there is the potential for the retention of large amounts of data to contain or reveal a great deal of information about people's private lives and that this data could be considered 'personal information' under the Privacy Act".

"The government's proposal on data retention raises a number of important issues and so it is important that there is an opportunity for public consultation and debate on these proposals once the detail is available."

Later in the month, the head of Australian Security Intelligence Organisation (ASIO) appealed for access to private citizens' data on the grounds that commercial entities may already be collecting it.

"For the life of me, I cannot understand why it is somehow correct for all of your privacy to be invaded for a commercial purpose but I am not allowed to do it for the purpose of saving your life."

On 19 February 2015, the Australian Broadcasting Corporation's Radio National program Download This Show broadcast an interview with a former police employee who had worked extensively with metadata, on condition of anonymity. "The Australian people are being sleep walked into a system the attorney general cannot even articulate [...] Right now it would be so easy for me to slip my ex-girlfriend's number in the current process under any investigation [...] No one would pick it up because there is no detail."

On 22 February 2015 Australian Federal Police Assistant Commissioner Tim Morris made the following claims appealing to blind trust from the public.

"Your chances that your data will be viewed by law enforcement is low [...] Those with nothing to hide have nothing to fear."

In 2015 the issue of costs became more heavily discussed in the media with figures such as 1% of all national telecommunications revenue annually or "two battleships" per year used.

Prominent parties concerned about the proposals include:
 * Media, Entertainment and Arts Alliance, the Australian journalists' union
 * Timothy Pilgrim, Privacy Commissioner
 * Gillian Triggs, Human Rights Commissioner
 * the Law Council of Australia
 * Communications Alliance
 * the Australian Mobile Telecommunications Association
 * Fairfax Media
 * News Corp Australia
 * councils for civil liberties across Australia
 * Blueprint for Free Speech
 * Australian Lawyers for Human Rights
 * the Institute of Public Affairs
 * the Australian Privacy Foundation
 * Electronic Frontiers Australia
 * Privacy International
 * George Williams, one of Australia's leading constitutional lawyers and public commentators and University of New South Wales professor
 * Dr Keiran Hardy, Research Associate, Faculty of Law, University of New South Wales

Telecommunications and Other Legislation Amendment (Assistance and Access) Act
On 14 August 2018, the federal government published draft text of the Assistance and Access Bill (often referred to by its satirical name, the Ass Access Bill). Modelled after the British Investigatory Powers Act, the legislation was designed to help overcome "the challenges posed by ubiquitous encryption". Under the bill, designated communications providers (which include carriage service providers, any electronic service with end-users in Australia, anyone who develops software likely to be used by a carriage service or an electronic service with end-users in Australia, or anyone who supplies or manufactures components likely to be used in customer equipment likely to be used in Australia") can be ordered to assist in intercepting information relevant to a case, either by means of an existing capability if possible (Technical Assistance Order, TAO), or being ordered to develop, test, add, or remove equipment for a new interception capability (Technical Capability Order, TCO). A "Technical Assistance Request" (TAR) can also be issued, which has fewer restrictions, but is not compulsory.

Orders must be connected to a warrant under the Telecommunications (Interception and Access) Act or the Surveillance Devices Act. Actions requested under the act must be "reasonable, proportionate, practicable, and technically feasible", and mandatory orders cannot compel a communications provider to add a "systemic weakness or vulnerability, such as requiring one to "implement or build a new decryption capability". or "render systemic methods of authentication or encryption less effective". An annual report must be issued on how many orders and requests are issued. Outside of certain proceedings processes, all specific information on requests and orders are confidential, and it is illegal to publish them publicly.  Only the chief officer of an "interception agency" (which includes the Australian Criminal Intelligence Commission, Australian Federal Police, and state police with permission from the AFP) or the director-general of the Australian Security Intelligence Organisation can issue a TAO or TCO. The Minister for Communications must additionally approve a request for a TCO. A TAR can be issued by these parties, or the Australian Signals Directorate.

The proposed legislation faced numerous criticisms from politicians, advocacy groups, and the tech industry. Liberal Democratic Party Senator David Leyonhjelm argued that the bill was "a draconian measure to grant law enforcement authorities unacceptable surveillance powers that invade Australians' civil rights", alleging that users could be compelled to provide passwords for their personal devices at the request of law enforcement, or be fined. it was felt that the bill had weaker oversight and safeguards than the equivalent UK legislation, where requests for assistance are subject to judicial review. It was also noted that although providers could not be ordered to do so, they could still be encouraged by the government via a TAR to add a "systemic weakness" to their systems. In testimony, cyptography expert and Stanford Law School attorney Riana Pfefferkorn argued that "whenever you open up a vulnerability in a piece of software or a piece of hardware, it's going to have consequences that are unforeseeable".

The bill was passed by the Parliament of Australia on 6 December 2018 as the Telecommunications and Other Legislation Amendment of 2018, commonly known as TOLA. Bill Shorten of the Australian Labor Party described the bill's passage as being "half a win", since he wanted Parliament to "reach at least a sensible conclusion before the summer on the important matter of national security". He explained that there were "legitimate concerns about the encryption legislation", but that he did not want to "walk away from my job and leave matters in a stand-off and expose Australians to increased risk in terms of national security". Shorten did state that he would consider amendments to the bill when Parliament returned in 2019.

A number of Australian tech firms and startups warned that the bill could harm their ability to do business internationally. Bron Gondwana, CEO of the e-mail host FastMail, felt that the Assistance and Access Bill "makes complying with both Australian law and the EU's GDPR privacy requirements harder, putting Australian businesses at a disadvantage in a global marketplace". After the bill's passing, the service faced concerns and questions over its effects from current and potential users, which has caused a decline in business. Encryption provider Senetas stated that the country could face "the real prospect of sales being lost, exports declining, local companies failing or leaving Australia, jobs in this industry disappearing and related technical skills deteriorating".

In June 2020, as requested by parliament,the Independent National Security Legislation Monitor (INSLM) released a report which recommended changes to the act to require independent and technically competent review of compulsory orders requested under the act.

Australian Federal Police raid the Australian Broadcasting Corporation
On 5 June 2019, at least six Australian Federal Police (AFP) officers raided the Australian Broadcasting Corporation with a warrant allowing them to access, alter and delete information allegedly in relation to reporting made based on secret files exposing the misconduct of Australian soldiers in Afghanistan. ABC Managing Director David Anderson stated the raid "raises legitimate concerns over freedom of the press. The ABC stands by its journalists, will protect its sources and continue to report without fear or favour on national security and intelligence issues when there is a clear public interest".

John Lyons, Executive Editor ABC News & ABC Head of Investigative Journalism commented on the raid by the AFP:

"I've never seen an assault on the media as savage as this... I've never seen a warrant this comprehensive & I'd say scary... The chilling message is not so much for the journalists, but it's also for the public. I'm still staggered by the power of this warrant. It allows the AFP to 'add, copy, delete or alter' material in the ABC's computers. All Australians, please think about that: as of this moment, the AFP has the power to delete material in the ABC's computers. Australia 2019."

The AFP released a statement asserting there was "no link between the execution of search warrants in the ACT suburb of Kingston yesterday (4 June 2019) and those on the Ultimo premises of the ABC today (5 June 2019)". 

International


Australia and the European Union have signed an agreement for the advanced sharing of passenger name records of international travelers. Similar agreements are in place with other countries.

In addition to passenger information and standard radar, Australia uses the Jindalee Operational Radar Network to detect individual boats and planes in the north and west of the country.

"It not only provides a 24-hour military surveillance of the northern and western approaches to Australia, but also serves a civilian purpose in assisting in detecting illegal entry, smuggling and unlicensed fishing. The system also assists in weather forecasting making it possible to produce wind and sea state maps from information provided by the network. These maps can give early warnings of cyclones and enable ships to save fuel by avoiding rough weather."

Domestic
Vehicles can be tracked by a range of systems including automatic number plate recognition (ANPR), video and sensor-based traffic surveillance networks, cellular telephone tracking (if a device is known to be in the vehicle) and automated toll networks. The ANPR systems are intelligent transportation systems which can identify vehicles and drivers. ANPR is known under various names in Australia: SCATS in Sydney, New South Wales; ACTS in Adelaide, CATSS in Canberra, SCRAM in Melbourne, DARTS in the Northern Territory and PCATS in Perth.

New South Wales
In December 2014, certain universities such as Sydney University delayed collaboration with the new Opal card system scheduled to fully replace existing, anonymous paper tickets on New South Wales mass transit, citing privacy concerns, whereas Macquarie University, University of New South Wales and Australian Catholic University had already agreed to provide the "student data" to the card network. Data is made available to other NSW government departments and law enforcement agencies. Concerns about privacy have been repeatedly raised in the mainstream media, with commentators questioning the extent to which user data can be accessed by authorities. According to the Opal Privacy Policy, data is made available to other NSW government departments and law enforcement agencies. On 13 March 2015 it was announced that Opal cards would be linked to commuter car park spaces, such that private road vehicle identities would become associated with individual mass transit use.

Victoria
On 24 March 2021, the Victorian government announced it would be expanding the network of traffic cameras at all major traffic intersections as part of a $340 million package to arterial roads throughout the East of Melbourne through an additional 700 traffic cameras on top of the existing 600 present and the 1,000 in total operated by VicRoads. The cameras are installed at pedestrian crossings and intersections of all key arterial roads in order to monitor traffic from a Traffic Monitoring Centre operated by VicRoads. It is not known whether the cameras possess any facial recognition or ANPR (Automatic Number Plate Recognition) technology capabilities or on what basis Victoria police have access to such cameras.

Other states
The extent and frequency to which individual traveler data is released without a warrant remains poorly documented for the following systems:
 * go card, Brisbane's smartcard system
 * MetroCARD, Adelaide's smartcard system
 * myki, Melbourne's smartcard system
 * SmartRider, Perth's smartcard system

Related law
This section outlines the main legal references for mass surveillance in Australia.

National
Under Australian law, the following acts are prominent federal law in the area of surveillance.
 * Telecommunications (Interception and Access) Act 1979 (formerly known as the Telecommunications (Interception) Act 1979)
 * Telecommunications Act 1997
 * Surveillance Devices Act 2004
 * Privacy Act 1988
 * Intelligence Services Act 2001
 * Intelligence Services Amendment Act 2004

A separate body of state-level laws also exists.

International agreements
Australia is part of the Five Eyes international surveillance network, run by the United States National Security Agency and generally protected from public scrutiny citing 'national security' concerns. According to the Canberra Times and cited policymakers, one of the most prominent critics of these agreements was the Australian National University academic Des Ball, who died in October 2016.