We need leaders who are smarter on data

1 Comment

 

Since 2014, the Australian parliament has passed 40 national security related bills into law. The most recent was the Access and Assistance Bill, which was passed before Christmas. Despite concerns expressed by security experts, technologists, privacy experts, business, and civil society groups, both government and the opposition voted in favour of the bill.

Woman using phoneThe new laws provide for 'back door' access to personal electronic devices. If a security agency sees the need to access devices of a suspect under investigation, it can request assistance to do so from any business involved in the supply line of the software or hardware concerned. Creating a 'back door' interferes with the inbuilt security of devices, permitting security agencies secret access to targeted phones and computers.

Inbuilt security features of all software and hardware that connect to the internet, including data encryption, is essential to protect our information online. Banking and e-commerce rely on encryption to function safely online. Without it, it is far easier for criminals to access our bank accounts and financial details. It is not only money at risk: our personal or sensitive information (for example, health records) might also be easily stolen in a weakened online environment.

In anticipation of concerns about developing systemic weaknesses in online security, the government attempted to limit the scope of the assistance provided. The legislation thus prohibits the creation of 'systemic' weaknesses. In a deal negotiated with the opposition, the government has promised to define 'systemic weaknesses'. What this will look like is open to conjecture.

According to technologists, any so-called back door is necessarily a systemic weakness. The concept behind the new powers is to target individual devices: perhaps by secretly installing code that opens it to scrutiny by security agencies. However, this concept fails to grasp the network environment of contemporary computing and how software is developed and tested. While security agencies may be interested only in a single device, it is not possible to alter that single device through a networked system. To target one device will inevitably mean targeting them all.

Even if this legislation can provide a means of targeting potentially dangerous criminal suspects, we have to ask whether the cost is worth it: undermining the entire online security infrastructure.

Further, the cost to Australian businesses is huge. Without considering the cost of complying with security requests, the legislation makes Australian technology businesses uncompetitive internationally. Ironically, at the time of the passage of the legislation the government announced a $10 million package to support small businesses to secure their and their customers' data. The government's professed aim is to 'keep Australians safe and our businesses competitive'. This goal will be put to the test with the new legislation.

 

"Australia will become the jurisdiction of choice for governments internationally that seek to weaken encrypted information for whatever reason, including those perhaps outside the rule of law."

 

While the act itself is concerning, it does not stand alone. It is simply the latest in a series of legislative and administrative technology initiatives that demonstrate either a lack of understanding of the realities of the contemporary data landscape, or a lack of competence in rolling out adequate data systems.

Australia thus has one of the most expansive data surveillance regimes in the world. Further, with the Access and Assistance Act, Australia will become the jurisdiction of choice for governments internationally that seek to weaken encrypted information for whatever reason, including those perhaps outside the rule of law. Australia's lack of a bill of rights makes it the ideal jurisdiction for eroding data privacy and citizen's rights. What may start out as a genuine response to concerns for safety is, of course, open to abuse under subsequent regimes. Function creep is a grave danger arising from surveillance architecture.

In addition, the government's other initiatives include the notorious census data grab, the increasingly doubtful MyHealthRecord, and the punitive Robodebt campaign. Each of these programs represents a failure by the government to deploy data technologies accountably or even, in some cases, successfully. Questions of privacy, integrity, transparency and competence continue to arise.

Enormous systems are necessarily complex. The task of transitioning to a networked world replete with data is a challenging one. However, the Australian government (of any stripe) is responsible for establishing clear and consistent processes that serve civil society. Parliamentarians and members of the public service all have a duty to appraise themselves of the basics of human rights, data ethics, and the technological frameworks that will deliver good governance. In other words, to become digitally capable.

It is only once our representatives become digitally capable themselves that we are likely to see coherent policies and, consequently, fully operable, interoperable, and just legislation. Ideally, government and opposition policy would provide a transparent decision-making framework for all technology-related laws. Voters could then be better informed about the overarching effect of government data regulations.

Until then, we are left lurching from one technology omnishambles to the next.

 

 

Kate GallowayKate Galloway is a legal academic with an interest in social justice.

Topic tags: Kate Galloway, data, privacy, Robodebt, MyHealthRecord

 

 

submit a comment

Existing comments

I am in whole-hearted agreement with you on this. Unfortunately, the problem is much bigger than that. Not only is the number of politicians - across the board- who are digitally savvy miniscule, but the number of those who have a reasonable STEM background abysmally small also. It makes it easy for them to think and act ideologically or on gut-feel, rather than weigh up relevant facts before making decisions or policies. They then feel good because they have acted in the public interest, unaware of their own ignorance and often of the misleading arguments of those who do know relevant facts but are bent on influencing them in a certain direction.
Dennis | 30 January 2019


x

Subscribe for more stories like this.

Free sign-up