Privacy Law and Policy Reporter
The Measures to Combat Serious and Organised Crime Bill 2001 completed its passage through parliament on 20 September.
Among other things, it will:
According to the Minister, a number of checks and balances have been included in the Bill including an audit of controlled operations by the Commonwealth Ombudsman and a report to Parliament on the use of assumed identities in undercover operations.
Source: Government media release 27 August 2001 <law.gov.au/aghome/agnews/2001newsjus/e193_01.htm>.
The Cybercrime Bill 2001, reported on by the Senate Legal and Constitutional Legislation Committee on 21 August, is intended to give effect to the Model Criminal Code Damage and Computer Offences Report of January 2001. The Bill has two main components: changes to the definitions of computer offences and new investigatory powers for the Federal police and other law enforcement agencies. Both parts have been strongly criticised — not only by privacy and civil liberties groups but also by the information tech-nology industry and professionals. Technologists say that the new computer offences are so broadly drawn that they will inadvertently criminalise many innocuous and even essential activities. Concerns about the investigatory powers go both to their justification and to their breadth.
No firm evidence has been provided of the number of cases in which the absence of the new powers have inhibited investigations. The scale of the alleged problem is also cast into doubt by the available statistics — the AFP apparently received only 320 electronic crime referrals between July 2000 and March 2001, over a third of these from the Australian Broadcasting Authority regarding potentially prohibited internet content.
Even if a case can be made for some new powers, there are serious reservations about the breadth of those proposed, which would allow law enforcement agencies to remove computer equipment for examination, copy (image) the entire content of hard disks, and access other servers remotely from a subject computer without separate authorisation.
Several submissions to the Committee have highlighted the potential for abuse of these new powers, and the consequential erosion of confidence of the integrity and reliability of computer systems. Given that defending this integrity appears to be one of the main justifications for the Bill, it is bizarre that the provisions could have exactly the reverse effect. If law enforcement agencies are given the power to alter data without adequate oversight, the evidentiary value of the data must, in any case, be called into question.
The New Zealand Inland Revenue Department (IRD) has lost its bid to avoid paying damages to a woman after it revealed details of her income to her partner’s ex-wife.
Justice Wild dismissed the IRD’s request for a Court of Appeal hearing to challenge a Complaints Review Tribunal decision awarding $5000 damages to the woman, known only as B.
The woman had complained to the Privacy Commissioner after the department in 1998 revealed her $90,000 income to her partner’s ex-wife during a child support re-assessment. The ex-wife began making abusive phone calls to B about how much she earned.
The Complaints Review Tribunal’s damages award followed a finding in her favour by the Commissioner. The IRD appealed the Tribunal ruling to the High Court but its case was dismissed in March. It then asked for permission for a rare second appeal, this time to the Court of Appeal. Justice Wild dismissed the attempt, saying the department could not mount a ‘serious argument’ before the Court of Appeal. ‘I view the public interest as not being served by the expenditure of further public monies ... in taking a further appeal.’
Privacy Commissioner Bruce Slane said B should get her $5000 plus interest:
Inland Revenue never accepted that my opinion upholding the complaint was right. They tried to get the complainant’s case struck out by the tribunal without a full hearing. They failed. They fought the claim at the tribunal and lost. They appealed to the High Court and lost again. They sought to get a second crack at an appeal. They have now lost that.
An IRD spokesman said it was too early for the department to have made any decisions about whether it would appeal. ‘The case was proceeded with as a test case as it had potential implications for all child support review decisions. There were just over 3000 such decisions made last year.’
In its decision, the tribunal said the woman had suffered as a result of the breach of her privacy. She was unaware of the disclosure until she received the first abusive telephone call. That outburst was followed by a number of other calls, all in a similar vein. ‘They were made at a time when she was heavily pregnant and feeling vulnerable.’
The IRD had argued that the lawyer conducting the child support review was acting as a tribunal and therefore should not be subject to the Privacy Act. But in a letter it wrote to Mr Slane in January 1999, the IRD said its review officers did not have judicial functions and conducted administrative reviews.
Source: Sydney Morning Herald (Weekend Edition) 25 August 2001.
The first Victorian Privacy Commissioner, Paul Chadwick, comm-enced a five year term on 30 July, with only a month to establish an office before the Information Privacy Act 2000 (Cth) takes effect on 1 September. Mr Chadwick’s appointment has been welcomed by privacy groups as he is well respected as a consumer advocate — having been the Communications Law Centre’s founding Victorian Director and a leading campaigner and commentator on freedom of information laws. His background is in journalism and law, and was most recently a partner in a boutique Melbourne law firm. He has a budget for around 15 staff, which will make his office the best resourced in Australia on a per capita basis, and given that his jurisdiction is confined to the Victorian private sector, plus a more general advisory and educational role, he should be able to make a substantial contribution to privacy promotion both at the State level and on the national scene.
The 2001 national census was held on the night of 7 August. Included for the first time was an option (question 50) for respondents to consent to name-identified data being retained in sealed storage for public release after 99 years. This option resulted from a long campaign by amateur genealogists who regard the established practice of destroying the forms after processing and retaining only the de-identified data as akin to bookburning. The Government accepted their case against advice from the Statistician and the Privacy Commissioner but at least made the question optional — and both those ticking the ‘no’ box and those declining to indicate a preference will have their data irrevocably de-identified. It will be very interesting to see the response rates, as it will be a significant indicator of the trust that the public have in government assurances of confidentiality.