Australia Post - Nazi Post
While Land of the Corporate Nazi - the USA and it's global surveillance program is in full swing, which includes photographing every piece of mail ever sent in the USA, as well as monitoring all the web traffic, emails, phone calls etc., the odd thing is that the 53rd state of Nazi Land, commonly called Australia, with it's shitty postal system, run by a management team who at best do a duplicitious and piss poor job of it, say they don't photograph peoples mail, caveated with "Oh oh but we only RECORD the information if the cops (etc) tell us too."
Which is kind of bullshit, as the automated scanning systems LOG all of the names, address's and the WHO FROM and the WHO TOO, information anyway.
Tack on the greasy commonwealth acts that allow the managers of Australia Post to intercept all packages, phone calls, and transmissions such as emails etc., WITHOUT a warrant - then this story in the Herald Scum, just does not quite add up.
http://www.smh.com.au/national/australia-post-does-not-photograph-mail-20130704-2pe1c.html
Australia Post 'does not photograph mail'
It has been revealed that every piece of mail in the US is photographedAustralia Post has confirmed it rarely records personal details on mail packages, and only then at the direction of police.
The statement comes as the US Postal Service made headlines over its Mail Isolation Control and Tracking program, which uses computers to photograph the exterior of every single piece of paper mail that is processed in the US.
The total for last year was a staggering 160 billion photographs of pieces of mail. It is not known for how long the US government saves the images.
The revelation comes as the US government struggles to contain evidence that its National Security Agency has been engaged in widespread spying on its own citizens by monitoring telephone calls and email.
Fairfax Media on Thursday spoke to an Australia Post spokeswoman, who said the same practices were not in operation in Australia.
(Notice this bit and then compare it to the next highlighted section at the end)
“Australia Post does not photograph mail,” the spokeswoman said. “The only time Australia Post personnel would ever observe mail articles (???) would be if we were specifically obliged and directed to do so by a law enforcement agency with the appropriate authority. Even then it would not be photographed.”
The practice of photographing, or recording, the covers of posted mail in the US has been around for more than a century, but advances in technology mean the program now collects vast amounts of personal information of senders and recipients every day.
Postal workers record information on the outside of letters and parcels before they are delivered; opening the mail requires a warrant.
But law enforcement can request, without a warrant, details from the outside of mail packages – reportedly the postal service receives about 20,000 such requests a year.
Details of the Mail Isolation Control and Tracking program were revealed in The New York Times on Wednesday.
A former FBI agent was quoted on the benefits and potential concerns about the mail-scanning program, saying the mail-photographing process was “a treasure trove of information”.
“I can see who you bank with, who you communicate with — all kinds of useful information that gives investigators leads that they can then follow up on with a subpoena.”
But he warned that such a system “can be easily abused because it's so easy to use and you don't have to go through a judge to get the information. You just fill out a form.”
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
But Dear Lasses and Laddes - the simple "face value" slice of investigative journalism, does not portent to a deeper grip on the reality of the situation.
(will edit later)
I have left the index in - to give a better idea of the scope of surveillance in Australia, and then focused on Australia Post and their larcenistic .
http://www.pacificprivacy.com.au/Government%20Surveillance%20in%20Australia%20v6.pdf
Government Surveillance in Australia
p.1
August 2006
Government Surveillance in Australia
CONTENTS
Some introductory comments.......................................................................................................... 2
The general position on government access to information........................................................ 3
Government agency databases................................................................................................ 4
Use of information obtained using statutory powers .............................................................. 5
Access to Communications ............................................................................................................. 6
Postal communications ............................................................................................................... 6
Customer identification .......................................................................................................... 6
Private delivery services ......................................................................................................... 7
Telecommunications ................................................................................................................... 7
Customer identification .......................................................................................................... 8
Identification of pre-paid mobile phone customers ................................................... 8
Identification of callers ........................................................................................................... 9
Retention or preservation of telco records.............................................................................. 9
Access to telco information other than content .................................................................... 10
Interception of telecommunications content (wiretapping) .................................................. 11
E-mail and message interception ............................................................................. 12
Other changes to interception law ........................................................................... 12
Intelligence agencies interception............................................................................ 13
Encryption ............................................................................................................... 13
Financial surveillance.................................................................................................................... 14
‘Customer’ Identification...................................................................................................... 14
Transaction reporting............................................................................................................ 15
Credit reporting..................................................................................................................... 17
Record retention.................................................................................................................... 18
Property information............................................................................................................. 18
Government benefits............................................................................................................. 19
A national identity card?.......................................................................................... 19
Tracking individuals’ movements or location............................................................................... 20
International Travel................................................................................................................... 20
Domestic travel ......................................................................................................................... 21
Toll roads.............................................................................................................................. 21
Road & Traffic authority cameras ........................................................................................ 22
Vehicle location .................................................................................................................... 22
Public transport smartcards................................................................................................... 23
Other location information........................................................................................................ 23
Mobile phone location .......................................................................................................... 23
Location of Financial Transactions....................................................................................... 24
Surveillance devices.................................................................................................................. 24
CCTV.................................................................................................................................... 25
Obeying the law ........................................................................................................................ 26
The future.................................................................................................................................. 27
Positives................................................................................................................................ 27
Negatives .............................................................................................................................. 27
Further reading.......................................................................................................................... 28
Page 2
Government Surveillance in Australia
p.2
August 2006
Government Surveillance in Australia
Nigel Waters
Nigel Waters is Principal of Pacific Privacy Consulting. He was Deputy Australian
Federal Privacy Commissioner from 1989-1997, and before that Assistant UK Data
Protection Registrar. He is Principal Researcher on the Interpreting Privacy Principles
project at the Cyberspace Law and Policy Centre, at UNSW. He holds Masters degrees
from the Universities of Cambridge and Pennsylvania and from the University of
Technology, Sydney.
This paper is based on work commissioned by Professor James Rule of the State
University of New York, Stony Brook in June 2006, for his forthcoming book ‘Privacy
under Pressure’.
Some introductory comments
Major terrorist incidents (both the US incidents in 9/11/01 (more particularly for
Australia the Bali bombings in October 02 and October 05, and the London bombings of
July 2005) gave additional impetus to an existing trend towards a surveillance society.
There have been no radical new departures but instead an acceleration in the type and
amount of surveillance and the ease and speed with which it has been authorised.
Increases in surveillance have been effected not only by increasing the powers of various
government agencies to access information, but also, more fundamentally, by requiring a
range of organisations in both the public and private sector to collect and store more
information about customers and transactions. These requirements, effected through a
range of disparate legislation and regulations, is not always primarily or even incidentally
intended to give the authorities greater access – often it is in pursuit of other public
interests such as improved consumer protection or corporate governance, or health and
safety. Together with the trend for more activities to be conducted electronically, thereby
leaving a record, the overall effect is to create a much greater pool of available
information that can subsequently be searched in relation to particular individuals, or,
even more significantly, matched to identify individuals of interest.
There is a key difference between access to information in ad-hoc investigations by
government agencies, and routine reporting and compilation of databases. The analysis
in this paper focuses particularly on the latter – often resulting from statutory obligations
to identify customers, maintain records and/or routinely pass bulk information to
government.
Another significant trend has been a clear reduction in the level of transparency and
oversight. An important contextual factor is, since July 2005, government control of the
Page 3
Government Surveillance in Australia
p.3
August 2006
Senate1 for the first time in 30 years – there is now far less parliamentary scrutiny of
legislation and of the Executive’s exercise of powers (through Senate Committee
processes). This is mirrored at State level by government control of all State/Territory
parliaments – there are currently no ‘hung’ parliaments able to act as a constraint on
Executive power.
While some new accountability mechanisms have emerged in recent years in response to
‘scandals’ (notably anti-corruption and police integrity agencies), other accountability
mechanisms such as parliamentary committees, Ombudsmen, Privacy Commissioners
and other ‘watchdogs’ have been weakened either by limitations on independence or
scope and/or by resource cutbacks. Another example is the loss of judicial oversight of
various warrant processes – illustrated further below.
The general position on government access to information
Before answering the specific questions it is necessary to state the general position of
access by government authorities to personal information held by businesses and other
organizations, where no special laws or rules relating to particular activities apply.
The general position is that the police and many other government agencies may request
information from private sector organisations relating to customers or employees. It is
then up to the recipient of that request to weigh up the public interest in co-operating
against customer privacy. For those businesses subject to the Privacy Act 1988 (and in
some states also health privacy laws) it would be a question of whether the requested
disclosure fell under an relevant exception – the law provides for disclosure either where
it is required by law (e.g. with a court order or search warrant)2 or at the discretion of the
organization where it is either authorised by law or to assist law enforcement or revenue
protection.3 Similar provisions are found in the state health privacy laws that apply to
some private sector and non-profit organisations4.
For the many organisations not subject to any privacy laws (e.g. most small businesses,
and all businesses in relation to employee records), the decision to release information is
discretionary, and many are likely to co-operate without giving privacy much thought,
although HR policies would probably constrain many employers.
A disclosure could be ‘required’ by law as a result of either a court order (such as a
subpoena), a search warrant, or a statutory notice – many government agencies have
powers to require information (without any independent warrant) in pursuit of their
particular functions – including federal and state tax offices, regulatory and licensing
1 The upper house of the Commonwealth (Federal) Parliament
2 Exception at NPP 2.1(g) in the Privacy Act 1988, Schedule 3
3 Exceptions at NPP 2.1 (g) and (h)) (also other exceptions)
4 The Health Records Act 2001 (VIC), the Health Records and Information Privacy Act 2002 (NSW) and
the Health Records (Privacy & Access) Act 1997 (ACT)
Page 4
Government Surveillance in Australia
p.4
August 2006
authorities, welfare and benefit agencies, health and safety regulators and a variety of
‘watchdogs’ and complaint handing bodies.
In late 2005, the Australian Federal Police were given new ‘notice to produce’ powers5
which provides them with a means of access to information without a search warrant in
relation to investigation of any serious offence, not just terrorism6. Significantly, the
power overrides not only privacy laws but also legal professional privilege, duties of
confidence and any other public interest7, and also prevents someone served with a
‘notice to produce’ from informing any other person (other than those involved in
responding, and the person’ own legal advisers)8
Most search warrants are issued under the provisions of the criminal law in each
jurisdiction. In most jurisdictions, they may be issued either by judges or magistrates,
and the occupier of the premises being searched must be notified, preferably at the time
of the search but if not then as soon as practicable afterwards.
Search warrants may also be obtained by the Australian Security Intelligence
Organisation (ASIO) under its own legislation.9 A new category of ASIO ‘computer
access warrant’ was introduced in 1999, providing for using equipment and manipulating
and copying data as well as initial access to relevant premises.10 In relation to computer
data, see the discussion of encryption under telecommunications below.
Government agency databases
Apart from the annual reports and websites of individual agencies, a good source of
information on the overall range and type of record systems held by Commonwealth
agencies is the Personal Information Digest published each year as a requirement of the
Privacy Act 1988.11
All Australian Police Forces, taxation authorities and other investigative and enforcement
agencies keep their own files and databases, and there are many bilateral and multilateral
information sharing agreements. However, there is also a central agency CrimTrac which
holds a range of data as a common resource for specified agencies. According to the
agency:
“CrimTrac holds a National Names Index (NNI), which comprises multi-
jurisdictional indexed data on Criminal Histories, Missing Persons, Warrants,
Domestic Violence Orders, Adverse Firearms History and other related
information on persons of interest for police nationally. Each jurisdiction remains
5 Crimes Act 1914, Part 1AA, Division 4B, amendments made by the Anti-terrorism Act (No. 2) 2005 no.
144, 2005, Schedule 6
6 Crimes Act 1914, ss.3ZQN and 3ZQO
7 Crimes Act 1914, ss.3ZQR
8 Crimes Act 1914, ss.3ZQT
9 Australian Security Intelligence Organisation Act 1979, s.25
10 Australian Security Intelligence Organisation Act 1979, s.25A
11 Personal Information Digest (Commonwealth) (PIDC) 2005 at
http://www.privacy.gov.au/publications/index.html#P
Page 5
Government Surveillance in Australia
p.5
August 2006
responsible for its data and updates the NNI on a regular basis. The index of
records is kept indefinitely. Only the police jurisdiction that created a record can
amend/update/delete it.”12
NNI enquiry volumes rose from 3.7 million enquiries in 2001-02 to more than 5 million
in each of the last two years.13
Use of information obtained using statutory powers
Government agencies generally appear to consider any information lawfully obtained as
‘fair game’ for any subsequent lawful function. Moreover, the cumulative effect of the
various statutory disclosure provisions is that information obtained by one agency for a
specific purpose becomes at least potentially available to a range of other agencies for
quite different purposes.
Information privacy laws, in those Australian jurisdictions which have them14, purport to
limit use and disclosure to the purpose for which information is obtained, but this
principle is substantially undermined by the many exceptions, including where ‘required
or authorised by law’ and ‘where reasonably necessary for [a range of public purposes]’.
A 1993 High Court case15 held that information about an individual obtained by the
corporate regulator through use of a statutory demand power could not be disclosed to
another agency for another purpose, at least without giving the individual concerned an
opportunity to argue against disclosure. However, what seemed at the time to be an
important constraint does not seem to have inhibited agencies in their creative use and
exchange of information, and there has been no significant follow up either in other court
cases or by the various Privacy Commissioners in their guidance.
Australian information privacy laws do not in practice have a significant limiting effect
on the type and amount of surveillance by government agencies. They serve more to
ensure a minimum level of transparency and procedural fairness, as well as to require
minimum standards of data quality and security. The limits of surveillance are
determined far more by the availability of information in relation to different aspects of
individuals’ lives and the powers of agencies under other laws to access that information.
This paper does not deal with powers of questioning and detention both under the ASIO
Act and under the general criminal code – there have been major and controversial
changes to these powers in recent years.
12 Crimtrac entry in the PIDC 2005
13 Crimtrac website - http://www.crimtrac.gov.au/aboutus.htm
14 The Commonwealth, NSW, Victoria, Tasmania and the ACT and Northern Territory. The other states,
Western Australia, Queensland and South Australia, do no yet have information privacy laws although they
do to varying extents embrace privacy principles as administrative instructions.
15 JOHNS v. AUSTRALIAN SECURITIES COMMISSION AND OTHERS [1993] HCA 56; (1993) 178
CLR 408 F.C. 93/041
Page 6
Government Surveillance in Australia
p.6
August 2006
Access to Communications
Regulation of communications is, under the Australian Constitution, reserved for the
Commonwealth (federal) government, although this generally applies only to
communications in transit – before dispatch and after delivery communications are
subject to the same access powers as apply to other documents including State laws.
Postal communications
Letter post is still a state monopoly delivered through the corporatised but still wholly
government owned Australia Post. The postal legislation16 makes a distinction between
‘articles’ (letters, packages, and messages – including electronic messages17) and other
information or documents. There is a strict prohibition on opening or examining articles,
but with exceptions for a range of purposes18. Other information, including information
obtained from examining but not opening articles (such as addresses) is also subject to
non-disclosure rules, but with a broader range of exceptions19, although penalties for
unauthorised disclosure are the same for both.
Customer identification
Until recently, the only information about the sender of articles recorded by Australia
Post was on customs declarations where they applied, or for premium services such as
recorded or registered mail. The amount of detailed information about communications
has however expanded dramatically with the introduction of new requirements to provide
proof of identity when sending some overseas mail20. This information, which is held
electronically for 90 days, is subject to the less stringent protection regime.
Australia Post maintains a National Address File containing all delivery addresses in
Australia. While there is no automatic recording of named individuals at every address,
change of address requests have over time built up into a substantial database of name
16 Australian Postal Corporation Act 1989
17 Australia Post offers a range of electronic transaction services. The exact relationship between the postal
and telecommunications legislation as they apply to these services is unclear.
18 Australian Postal Corporation Act 1989 Part 7B, Divisions 3 & 4, which provide exceptions for
Australia Post itself in relation to undeliverable articles or where there is reasonable suspicion of drugs,
dangerous goods etc or of non-payment of customs duty
19 Australian Postal Corporation Act 1989 Part 7B, Division 2 – apart from s.90J, discussed separately, the
protection under Division 2 equates broadly to the Use and Disclosure Principles in the Privacy Act 1988,
which allow, for example, disclosure where reasonably necessary for revenue protection.
20 Since December 2002, Australia Post customers are asked to provide proof of identity (POI) when
lodging overseas bound mail (correspondence weighing more than 500 grams) is exempt, to meet
Department of Transport and Regional Services requirements for enhanced security measures for
international air cargo (Regulation 49 of the Air Traffic Regulations 1943 (Cth). While not strictly
required, anyone declining to provide POI is warned that their mail may be subject to ‘security related ‘
delays (by implication, opening and inspection). There have been reports of Australia Post staff asking for
POI for items under the weight threshold.
Page 7
Government Surveillance in Australia
p.7
August 2006
and related address information – over 9.6 million individuals in 2005.21 There is also a
database of more than 2.5 million post office box and private locked bag holders.
However, any information held by Australia Post, including about the substance or
content of articles, is subject to an overarching disclosure authority22, which allows
disclosure in response to a Commonwealth, State or Territory warrant or court order; as
required by any other Commonwealth law and certain specified State laws, to emergency
services, and where there is reasonable suspicion of criminal law offences or of matters
relevant to ‘security’23.
This amounts to a relatively weak non-disclosure regime for postal communications
when compared to the equivalent law on telecommunications interception (see below). A
wide range of information, including about communications content, is accessible
without warrant.
Australia Post is required to report annually on the number of disclosures under the
various provisions of the Act.24 Reflecting the analysis above, in 2004-05 there were
only 34 disclosures under warrant (to five different agencies) [23 in 2000-0125], and 95
without warrant to ASIO [204 in 2000-01], but more than 30,000 to a wide range of
government agencies under the alternative ‘authorised by law’ provisions26 [17,000 in
2000-01]. There is no breakdown given of how many of the disclosures involved
‘content’ information.
Private delivery services
Private courier or delivery services, which now have a significant share of the total
market for business letters and packages are not specifically regulated, and are therefore
subject to the same laws as other businesses in relation to access by authorities. ASIO
has equivalent warrant powers in relation to ‘delivery service articles’ as it does to postal
articles27, while other government agencies, including police, would use their general
powers to request or require information from private delivery services
The statement comes as the US Postal Service made headlines over its Mail Isolation Control and Tracking program, which uses computers to photograph the exterior of every single piece of paper mail that is processed in the US.
The total for last year was a staggering 160 billion photographs of pieces of mail. It is not known for how long the US government saves the images.
The revelation comes as the US government struggles to contain evidence that its National Security Agency has been engaged in widespread spying on its own citizens by monitoring telephone calls and email.
(Notice this bit and then compare it to the next highlighted section at the end)
“Australia Post does not photograph mail,” the spokeswoman said. “The only time Australia Post personnel would ever observe mail articles (???) would be if we were specifically obliged and directed to do so by a law enforcement agency with the appropriate authority. Even then it would not be photographed.”
The practice of photographing, or recording, the covers of posted mail in the US has been around for more than a century, but advances in technology mean the program now collects vast amounts of personal information of senders and recipients every day.
Postal workers record information on the outside of letters and parcels before they are delivered; opening the mail requires a warrant.
But law enforcement can request, without a warrant, details from the outside of mail packages – reportedly the postal service receives about 20,000 such requests a year.
Details of the Mail Isolation Control and Tracking program were revealed in The New York Times on Wednesday.
A former FBI agent was quoted on the benefits and potential concerns about the mail-scanning program, saying the mail-photographing process was “a treasure trove of information”.
“I can see who you bank with, who you communicate with — all kinds of useful information that gives investigators leads that they can then follow up on with a subpoena.”
But he warned that such a system “can be easily abused because it's so easy to use and you don't have to go through a judge to get the information. You just fill out a form.”
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
But Dear Lasses and Laddes - the simple "face value" slice of investigative journalism, does not portent to a deeper grip on the reality of the situation.
(will edit later)
I have left the index in - to give a better idea of the scope of surveillance in Australia, and then focused on Australia Post and their larcenistic .
http://www.pacificprivacy.com.au/Government%20Surveillance%20in%20Australia%20v6.pdf
Government Surveillance in Australia
p.1
August 2006
Government Surveillance in Australia
CONTENTS
Some introductory comments.......................................................................................................... 2
The general position on government access to information........................................................ 3
Government agency databases................................................................................................ 4
Use of information obtained using statutory powers .............................................................. 5
Access to Communications ............................................................................................................. 6
Postal communications ............................................................................................................... 6
Customer identification .......................................................................................................... 6
Private delivery services ......................................................................................................... 7
Telecommunications ................................................................................................................... 7
Customer identification .......................................................................................................... 8
Identification of pre-paid mobile phone customers ................................................... 8
Identification of callers ........................................................................................................... 9
Retention or preservation of telco records.............................................................................. 9
Access to telco information other than content .................................................................... 10
Interception of telecommunications content (wiretapping) .................................................. 11
E-mail and message interception ............................................................................. 12
Other changes to interception law ........................................................................... 12
Intelligence agencies interception............................................................................ 13
Encryption ............................................................................................................... 13
Financial surveillance.................................................................................................................... 14
‘Customer’ Identification...................................................................................................... 14
Transaction reporting............................................................................................................ 15
Credit reporting..................................................................................................................... 17
Record retention.................................................................................................................... 18
Property information............................................................................................................. 18
Government benefits............................................................................................................. 19
A national identity card?.......................................................................................... 19
Tracking individuals’ movements or location............................................................................... 20
International Travel................................................................................................................... 20
Domestic travel ......................................................................................................................... 21
Toll roads.............................................................................................................................. 21
Road & Traffic authority cameras ........................................................................................ 22
Vehicle location .................................................................................................................... 22
Public transport smartcards................................................................................................... 23
Other location information........................................................................................................ 23
Mobile phone location .......................................................................................................... 23
Location of Financial Transactions....................................................................................... 24
Surveillance devices.................................................................................................................. 24
CCTV.................................................................................................................................... 25
Obeying the law ........................................................................................................................ 26
The future.................................................................................................................................. 27
Positives................................................................................................................................ 27
Negatives .............................................................................................................................. 27
Further reading.......................................................................................................................... 28
Page 2
Government Surveillance in Australia
p.2
August 2006
Government Surveillance in Australia
Nigel Waters
Nigel Waters is Principal of Pacific Privacy Consulting. He was Deputy Australian
Federal Privacy Commissioner from 1989-1997, and before that Assistant UK Data
Protection Registrar. He is Principal Researcher on the Interpreting Privacy Principles
project at the Cyberspace Law and Policy Centre, at UNSW. He holds Masters degrees
from the Universities of Cambridge and Pennsylvania and from the University of
Technology, Sydney.
This paper is based on work commissioned by Professor James Rule of the State
University of New York, Stony Brook in June 2006, for his forthcoming book ‘Privacy
under Pressure’.
Some introductory comments
Major terrorist incidents (both the US incidents in 9/11/01 (more particularly for
Australia the Bali bombings in October 02 and October 05, and the London bombings of
July 2005) gave additional impetus to an existing trend towards a surveillance society.
There have been no radical new departures but instead an acceleration in the type and
amount of surveillance and the ease and speed with which it has been authorised.
Increases in surveillance have been effected not only by increasing the powers of various
government agencies to access information, but also, more fundamentally, by requiring a
range of organisations in both the public and private sector to collect and store more
information about customers and transactions. These requirements, effected through a
range of disparate legislation and regulations, is not always primarily or even incidentally
intended to give the authorities greater access – often it is in pursuit of other public
interests such as improved consumer protection or corporate governance, or health and
safety. Together with the trend for more activities to be conducted electronically, thereby
leaving a record, the overall effect is to create a much greater pool of available
information that can subsequently be searched in relation to particular individuals, or,
even more significantly, matched to identify individuals of interest.
There is a key difference between access to information in ad-hoc investigations by
government agencies, and routine reporting and compilation of databases. The analysis
in this paper focuses particularly on the latter – often resulting from statutory obligations
to identify customers, maintain records and/or routinely pass bulk information to
government.
Another significant trend has been a clear reduction in the level of transparency and
oversight. An important contextual factor is, since July 2005, government control of the
Page 3
Government Surveillance in Australia
p.3
August 2006
Senate1 for the first time in 30 years – there is now far less parliamentary scrutiny of
legislation and of the Executive’s exercise of powers (through Senate Committee
processes). This is mirrored at State level by government control of all State/Territory
parliaments – there are currently no ‘hung’ parliaments able to act as a constraint on
Executive power.
While some new accountability mechanisms have emerged in recent years in response to
‘scandals’ (notably anti-corruption and police integrity agencies), other accountability
mechanisms such as parliamentary committees, Ombudsmen, Privacy Commissioners
and other ‘watchdogs’ have been weakened either by limitations on independence or
scope and/or by resource cutbacks. Another example is the loss of judicial oversight of
various warrant processes – illustrated further below.
The general position on government access to information
Before answering the specific questions it is necessary to state the general position of
access by government authorities to personal information held by businesses and other
organizations, where no special laws or rules relating to particular activities apply.
The general position is that the police and many other government agencies may request
information from private sector organisations relating to customers or employees. It is
then up to the recipient of that request to weigh up the public interest in co-operating
against customer privacy. For those businesses subject to the Privacy Act 1988 (and in
some states also health privacy laws) it would be a question of whether the requested
disclosure fell under an relevant exception – the law provides for disclosure either where
it is required by law (e.g. with a court order or search warrant)2 or at the discretion of the
organization where it is either authorised by law or to assist law enforcement or revenue
protection.3 Similar provisions are found in the state health privacy laws that apply to
some private sector and non-profit organisations4.
For the many organisations not subject to any privacy laws (e.g. most small businesses,
and all businesses in relation to employee records), the decision to release information is
discretionary, and many are likely to co-operate without giving privacy much thought,
although HR policies would probably constrain many employers.
A disclosure could be ‘required’ by law as a result of either a court order (such as a
subpoena), a search warrant, or a statutory notice – many government agencies have
powers to require information (without any independent warrant) in pursuit of their
particular functions – including federal and state tax offices, regulatory and licensing
1 The upper house of the Commonwealth (Federal) Parliament
2 Exception at NPP 2.1(g) in the Privacy Act 1988, Schedule 3
3 Exceptions at NPP 2.1 (g) and (h)) (also other exceptions)
4 The Health Records Act 2001 (VIC), the Health Records and Information Privacy Act 2002 (NSW) and
the Health Records (Privacy & Access) Act 1997 (ACT)
Page 4
Government Surveillance in Australia
p.4
August 2006
authorities, welfare and benefit agencies, health and safety regulators and a variety of
‘watchdogs’ and complaint handing bodies.
In late 2005, the Australian Federal Police were given new ‘notice to produce’ powers5
which provides them with a means of access to information without a search warrant in
relation to investigation of any serious offence, not just terrorism6. Significantly, the
power overrides not only privacy laws but also legal professional privilege, duties of
confidence and any other public interest7, and also prevents someone served with a
‘notice to produce’ from informing any other person (other than those involved in
responding, and the person’ own legal advisers)8
Most search warrants are issued under the provisions of the criminal law in each
jurisdiction. In most jurisdictions, they may be issued either by judges or magistrates,
and the occupier of the premises being searched must be notified, preferably at the time
of the search but if not then as soon as practicable afterwards.
Search warrants may also be obtained by the Australian Security Intelligence
Organisation (ASIO) under its own legislation.9 A new category of ASIO ‘computer
access warrant’ was introduced in 1999, providing for using equipment and manipulating
and copying data as well as initial access to relevant premises.10 In relation to computer
data, see the discussion of encryption under telecommunications below.
Government agency databases
Apart from the annual reports and websites of individual agencies, a good source of
information on the overall range and type of record systems held by Commonwealth
agencies is the Personal Information Digest published each year as a requirement of the
Privacy Act 1988.11
All Australian Police Forces, taxation authorities and other investigative and enforcement
agencies keep their own files and databases, and there are many bilateral and multilateral
information sharing agreements. However, there is also a central agency CrimTrac which
holds a range of data as a common resource for specified agencies. According to the
agency:
“CrimTrac holds a National Names Index (NNI), which comprises multi-
jurisdictional indexed data on Criminal Histories, Missing Persons, Warrants,
Domestic Violence Orders, Adverse Firearms History and other related
information on persons of interest for police nationally. Each jurisdiction remains
5 Crimes Act 1914, Part 1AA, Division 4B, amendments made by the Anti-terrorism Act (No. 2) 2005 no.
144, 2005, Schedule 6
6 Crimes Act 1914, ss.3ZQN and 3ZQO
7 Crimes Act 1914, ss.3ZQR
8 Crimes Act 1914, ss.3ZQT
9 Australian Security Intelligence Organisation Act 1979, s.25
10 Australian Security Intelligence Organisation Act 1979, s.25A
11 Personal Information Digest (Commonwealth) (PIDC) 2005 at
http://www.privacy.gov.au/publications/index.html#P
Page 5
Government Surveillance in Australia
p.5
August 2006
responsible for its data and updates the NNI on a regular basis. The index of
records is kept indefinitely. Only the police jurisdiction that created a record can
amend/update/delete it.”12
NNI enquiry volumes rose from 3.7 million enquiries in 2001-02 to more than 5 million
in each of the last two years.13
Use of information obtained using statutory powers
Government agencies generally appear to consider any information lawfully obtained as
‘fair game’ for any subsequent lawful function. Moreover, the cumulative effect of the
various statutory disclosure provisions is that information obtained by one agency for a
specific purpose becomes at least potentially available to a range of other agencies for
quite different purposes.
Information privacy laws, in those Australian jurisdictions which have them14, purport to
limit use and disclosure to the purpose for which information is obtained, but this
principle is substantially undermined by the many exceptions, including where ‘required
or authorised by law’ and ‘where reasonably necessary for [a range of public purposes]’.
A 1993 High Court case15 held that information about an individual obtained by the
corporate regulator through use of a statutory demand power could not be disclosed to
another agency for another purpose, at least without giving the individual concerned an
opportunity to argue against disclosure. However, what seemed at the time to be an
important constraint does not seem to have inhibited agencies in their creative use and
exchange of information, and there has been no significant follow up either in other court
cases or by the various Privacy Commissioners in their guidance.
Australian information privacy laws do not in practice have a significant limiting effect
on the type and amount of surveillance by government agencies. They serve more to
ensure a minimum level of transparency and procedural fairness, as well as to require
minimum standards of data quality and security. The limits of surveillance are
determined far more by the availability of information in relation to different aspects of
individuals’ lives and the powers of agencies under other laws to access that information.
This paper does not deal with powers of questioning and detention both under the ASIO
Act and under the general criminal code – there have been major and controversial
changes to these powers in recent years.
12 Crimtrac entry in the PIDC 2005
13 Crimtrac website - http://www.crimtrac.gov.au/aboutus.htm
14 The Commonwealth, NSW, Victoria, Tasmania and the ACT and Northern Territory. The other states,
Western Australia, Queensland and South Australia, do no yet have information privacy laws although they
do to varying extents embrace privacy principles as administrative instructions.
15 JOHNS v. AUSTRALIAN SECURITIES COMMISSION AND OTHERS [1993] HCA 56; (1993) 178
CLR 408 F.C. 93/041
Page 6
Government Surveillance in Australia
p.6
August 2006
Access to Communications
Regulation of communications is, under the Australian Constitution, reserved for the
Commonwealth (federal) government, although this generally applies only to
communications in transit – before dispatch and after delivery communications are
subject to the same access powers as apply to other documents including State laws.
Postal communications
Letter post is still a state monopoly delivered through the corporatised but still wholly
government owned Australia Post. The postal legislation16 makes a distinction between
‘articles’ (letters, packages, and messages – including electronic messages17) and other
information or documents. There is a strict prohibition on opening or examining articles,
but with exceptions for a range of purposes18. Other information, including information
obtained from examining but not opening articles (such as addresses) is also subject to
non-disclosure rules, but with a broader range of exceptions19, although penalties for
unauthorised disclosure are the same for both.
Customer identification
Until recently, the only information about the sender of articles recorded by Australia
Post was on customs declarations where they applied, or for premium services such as
recorded or registered mail. The amount of detailed information about communications
has however expanded dramatically with the introduction of new requirements to provide
proof of identity when sending some overseas mail20. This information, which is held
electronically for 90 days, is subject to the less stringent protection regime.
Australia Post maintains a National Address File containing all delivery addresses in
Australia. While there is no automatic recording of named individuals at every address,
change of address requests have over time built up into a substantial database of name
16 Australian Postal Corporation Act 1989
17 Australia Post offers a range of electronic transaction services. The exact relationship between the postal
and telecommunications legislation as they apply to these services is unclear.
18 Australian Postal Corporation Act 1989 Part 7B, Divisions 3 & 4, which provide exceptions for
Australia Post itself in relation to undeliverable articles or where there is reasonable suspicion of drugs,
dangerous goods etc or of non-payment of customs duty
19 Australian Postal Corporation Act 1989 Part 7B, Division 2 – apart from s.90J, discussed separately, the
protection under Division 2 equates broadly to the Use and Disclosure Principles in the Privacy Act 1988,
which allow, for example, disclosure where reasonably necessary for revenue protection.
20 Since December 2002, Australia Post customers are asked to provide proof of identity (POI) when
lodging overseas bound mail (correspondence weighing more than 500 grams) is exempt, to meet
Department of Transport and Regional Services requirements for enhanced security measures for
international air cargo (Regulation 49 of the Air Traffic Regulations 1943 (Cth). While not strictly
required, anyone declining to provide POI is warned that their mail may be subject to ‘security related ‘
delays (by implication, opening and inspection). There have been reports of Australia Post staff asking for
POI for items under the weight threshold.
Page 7
Government Surveillance in Australia
p.7
August 2006
and related address information – over 9.6 million individuals in 2005.21 There is also a
database of more than 2.5 million post office box and private locked bag holders.
However, any information held by Australia Post, including about the substance or
content of articles, is subject to an overarching disclosure authority22, which allows
disclosure in response to a Commonwealth, State or Territory warrant or court order; as
required by any other Commonwealth law and certain specified State laws, to emergency
services, and where there is reasonable suspicion of criminal law offences or of matters
relevant to ‘security’23.
This amounts to a relatively weak non-disclosure regime for postal communications
when compared to the equivalent law on telecommunications interception (see below). A
wide range of information, including about communications content, is accessible
without warrant.
Australia Post is required to report annually on the number of disclosures under the
various provisions of the Act.24 Reflecting the analysis above, in 2004-05 there were
only 34 disclosures under warrant (to five different agencies) [23 in 2000-0125], and 95
without warrant to ASIO [204 in 2000-01], but more than 30,000 to a wide range of
government agencies under the alternative ‘authorised by law’ provisions26 [17,000 in
2000-01]. There is no breakdown given of how many of the disclosures involved
‘content’ information.
Private delivery services
Private courier or delivery services, which now have a significant share of the total
market for business letters and packages are not specifically regulated, and are therefore
subject to the same laws as other businesses in relation to access by authorities. ASIO
has equivalent warrant powers in relation to ‘delivery service articles’ as it does to postal
articles27, while other government agencies, including police, would use their general
powers to request or require information from private delivery services
Comments
Post a Comment