unsw cle 19 july 20011 privacy and law enforcement in the on-line world – the bigger picture....
TRANSCRIPT
UNSW CLE 19 July 2001 1
Privacy and Law enforcement in the on-line world
– the bigger picture.
Nigel WatersConvenor, Australian Privacy Charter Council
Pacific Privacy ConsultingUNSW CLE Seminar – eSecurity & eCrime
19 July, 2001
UNSW CLE 19 July 2001 2
Introduction
• Narrow battles vs big picture
• Incremental loss of privacy
• Regulability of cyberspace depends on architecture – (Lessig 1999)– Choice to be made– Fully informed debate or vested interests– Globalistation
UNSW CLE 19 July 2001 3
Security & Privacy
• Can co-incide– Audit trails
• Security independent of type of information
• With Personal information, tension arises– Security vs other privacy principles– Employees and customers/public
UNSW CLE 19 July 2001 4
Powers to invade privacy
• Legal entities – arguments for transparency, but powers now being used against individuals
• Business/personal distinction blurring– ABN holders
• Privacy laws have no effective limiting function in the face of other laws
UNSW CLE 19 July 2001 5
Search and Communications Interception powers
• Inconsistent approach to electronic data vs physical intrusion – why?– Eg: ATO, Centrelink ‘notices’– Even looser controls in IPP11, NPP2
• Telecommunications– Warrants for content (but not all?)– Certificates– On request
UNSW CLE 19 July 2001 6
Interception Warrants
• Progressive weakening of controls– Judges to AAT members– Named person warrants– Period of warrant– Range of offences– No of agencies– More agencies with direct access
UNSW CLE 19 July 2001 7
Computer access warrants
• Introduced for ASIO
• Proposed extension to all investigatory agencies under Crimes & Customs Acts ? (Cybercrime Bill 2001)
• Major concerns about data integrity – question evidentiary value?
• Same issue in NZ
UNSW CLE 19 July 2001 8
Application of powers
• Specific investigations vs intelligence gathering - routine surveillance, matching
• Requirement to retain records
• Best protection is destruction
• Once available – pressure for access– Census– Proposed requirement on ISPs?
UNSW CLE 19 July 2001 9
Identification?
• Pressure to identify in more contexts
• Justification ? – ID fraud ?
• Often, real need is authentication
• PKI – muddled motives and application
• Privacy issues
• Privacy Commissioner Guidelines
UNSW CLE 19 July 2001 10
Data-matching
• Reversal of onus of proof
• AUSTRAC example– Subjective?– Disproportionate?
• Tendency for subjective norms to replace objective criteria
UNSW CLE 19 July 2001 11
Conclusion
• Common theme: Control vs freedom• How much risk to tolerate?• Difficult at individual program level
– will always favour greater control• Reject technological determinism• Fall back on basic principles• No Constitutional/BoR protection• Can only question each proposal