Privacy Law and Policy Reporter
Privacy advocates and regulators worldwide have had to decide how best to respond to the aftermath of the 11 September terrorist attack in the US. At the annual conference of Privacy and Data Protection Commissioners in Paris only a week after the incidents, speakers were understandably cautious in their public response — it may have appeared insensitive to have leapt to the defence of privacy values so soon after the traumatic events, although several Commissioners and experts warned against a hasty acceptance of new surveillance activities.
In the event, while many of us have been pleasantly surprised by the level of balanced debate in the serious media, our expectations about the potential for overreaction have been realised all too soon. Draconian legislation in the US and the UK giving greater powers to intelligence and law enforcement agencies belies the public reassurances of their governments (see <www.epic.org>). Fortunately, Australian governments have not yet rushed proposals into Parliament, although this may have had more to do with the intervening Federal election than to any greater degree of thoughtful analysis. Ominously, before the election the Government announced it would give ASIO power to detain without charge, for up to 48 hours, people suspected of having information about terrorism, and to interrogate them without legal representation. The proposals would also allegedly allow ASIO to seize assets and records of Australian organisations.
We can confidently expect our intelligence and law enforcement agencies, like their counterparts overseas, to take this opportunity to further their long term ambitions for a range of greater powers and for weakening of unwelcome accountability safeguards. This seems inevitable notwithstanding considerable evidence that the terrorist incidents reveal a widespread failure of existing surveillance activities — particularly those making use of advanced technology.
Fortunately, Australia’s three Privacy Commissioners have been courageous in their initial responses. The speech by Paul Chadwick in Melbourne reproduced as the lead article in this issue set a new standard both of principled argument and eloquence. NSW Commissioner Chris Puplick, speaking the following day, was no less forthright in his demand for a defence of privacy values in the face of the inevitable attacks we can expect in the near future.
And in an opinion piece in the Australian Financial Review on 6 October, Federal Commissioner Malcolm Crompton put down his marker by stating:
Crompton put forward a seven point ‘benchmark’ for consideration of any proposals for new or expanded surveillance.
1. Establish the scale of the problem.
2. Determine whose privacy will be affected, and to what extent. It is important to get a full measure of the privacy impact: numbers of people affected, who those people are, to what extent people will be forced to change their behaviours and provide personal information, or feel as though their every move is being watched or recorded. As part of making this assessment, we need to ask whether the measures are likely to confront peoples’ expectations about their right to privacy. Some measures proposed, such as identity cards, may well be regarded as having too high an impact on privacy.
3. Ask whether the measures will work. For example, will additional powers for ASIO and armed guards on planes address terrorist activity in Australia? I suggest measures are more likely to work if they are developed in response to a thorough analysis and debate of terrorist activity in Australia, and if they have community support. Community support can be built by reassuring people their basic rights (including privacy rights) will not be breached and the measures are considered and appropriate.
4. Ensure the measures are proportional to the risk. We need to identify the risks of terrorist activity, and the risks associated with not taking action. There are the obvious risks of damage to people and buildings, but there are also risks that inappropriate counter measures compromise everybody’s lives every day.
5. Ensure that responsibilities and powers are explicit and clear. New security powers and responsibilities must be clearly understood by all parties. Legislation is a good way of achieving this.
6. Security measures must be administered in transparent and accountable ways. If peoples’ rights to privacy are to be limited in some ways by security measures, the exercise of those measures must be done as transparently as possible. Those taking the measures must be fully accountable.
7. Review new security measures. My preference is for new measures to have sunset clauses, as it may be that the new powers are no longer needed after a while, or do not achieve their ends, or that the community regards the cost of the security measures as being too high.
Two common themes in all three Commissioners’ public positions has been the need for a proportional response, and for strict time limits on any new powers or weakening of established safeguards. One would like to think that any government proposing new powers would accept the need for balancing accountability safeguards. Unfortunately, experience even before 11 September is that the law enforcement/intelligence community usually argues not only that they need extra powers but that existing accountability mechanisms are too restrictive and hamper the effectiveness of their activities.
In the new environment where overseas governments are seriously proposing extraordinary measures, such as prolonged detention without charges, racially discriminatory law enforcement and even extrajudicial death sentences, we are surely entitled to demand that our hard won civil liberties, including the relatively newly established rights to privacy, are not sacrificed without compelling justification, and even then only for as long as absolutely necessary. Otherwise, the terrorists will have done even more harm to civilised values than on 11 September.
Nigel Waters, Associate Editor.