Law enforcement agencies have a cavalier attitude to the right to privacy and a “whatever it takes” attitude to raiding databases of personal information, writes Greg Barns. Given the treasure trove of information now available from all the Covid tracing apps, strong penalties and laws are needed to ensure evidence obtained from those apps cannot be used in legal proceedings.
Governments at all levels have collected unprecedented amounts of data on every Australian thanks to the pandemic.
Your every movement is being tracked, from your trips to the local supermarket to your interstate travel, all via apps that state and territory governments have introduced over the past 12 months.
The information in this database is a treasure trove for law enforcement and security agencies. As history has proven repeatedly, these agencies will abuse this information. When it comes to personal information, police forces, ASIO and the like can’t help themselves. Illegal access to, and the unethical use of, personal data are routine among these organisations.
When governments were last year urging all Australians to cooperate and download the Covid apps and travel passes, many of us warned that this presented a danger to our fundamental human right of privacy unless there were strict protections.
Assurances count for little
But it seems assurances we were given by government counted for little.
In Victoria, Police Commissioner Shane Patton revealed this week that his members had tried on three occasions to access Covid tracing data. Fortunately government departments had resisted. Concerningly, the Victoria’s acting Police Minister Danny Pearson thinks it is OK for police to have the ability to access this data.
In Western Australia, police accessed the SafeWA app, introduced for Covid tracing purposes, on three occasions to gather intelligence in criminal investigations. To be fair to WA Premier Mark McGowan, his government is legislating to prevent this from occurring again.
But concerningly, again, is the attitude of the WA Police Commissioner Chris Dawson. Last week, Dawson defended his agency’s actions in accessing personal data from the Covid app in two cases (while indicating there had been a third request to him to access data), because the alleged crimes were so serious.
Disturbingly, Dawson added: “When I signed up to the app, the terms and conditions said it can be issued for a lawful reason,” and that “police have a duty to investigate crime”.
‘Whatever it takes’ attitude
Such statements tell us that, as per usual, police and law enforcement types have a “whatever it takes” attitude to raiding databases of personal information.
What is needed are strong penalties and laws to make it impossible for evidence obtained as a result of accessing Covid tracing app data (or any other database) to be used in legal proceedings.
What also emerged last week was that WA Police refused to accede to a government request not to use the app database for intelligence gathering.
In light of the WA revelations, it was confirmed that police in Victoria and Queensland can also access Covid tracing app data. A warrant is required, but the threshold for obtaining one is low.
Then there was the revelation in the latest Inspector-General of Intelligence and Security report (IGIS), released last week, which indicated that between November last year and May this year “relevant agencies have incidentally collected COVID app data, which the Privacy Act recognises may occur”.
The report went on to say that:
“IGIS had found … no evidence to suggest that these agencies have deliberately targeted or have decrypted, accessed, or used such data.” In other words, organisations like ASIO have collected Covid data.
While such access might be benign now, according to IGIS, what is to say it will continue to be so?
Am I being paranoid? No.
Repeated unlawful access
There are numerous reports of police and security agencies abusing their powers by unlawfully accessing databases containing personal information.
In April the ACT Ombudsman reported that the Australian Federal Police had, between 13 October 2015 and 2019, accessed location information more than 1700 times, but on only nine of those occasions did police comply with the law.
In 2017 the AFP admitted illegally accessing the phone records of journalists.
In 2019 the ABC revealed that NSW Police had accessed a database containing 40 million pieces of information on individuals.
In 2015 the Queensland anti-corruption commission revealed serious breaches by that state’s police department of personal information databases. And the list goes on.
Don’t be fooled
Any politician or law enforcement official who suggests there will be no misuse of the billions of pieces of data collected on us courtesy of Covid tracing apps is simply fooling us.
The abuses of power by police, law enforcement and security agencies in Australia is simply part of their culture and their leadership. Such abuses are aided and abetted by governments which, particularly at the federal level, enable it by passing legislation that continually weakens privacy protections.
The 2015 federal data retention law that forces internet and telecommunications companies to keep personal data for two years is a case in point.
Another is the Morrison government’s proposed surveillance legislation which would enable the AFP and the Australian Criminal Intelligence Commission to access a person’s digital data and collect intelligence on the person’s online activities.
Would personal Covid tracing data be vulnerable to access under this proposed law? Of course.
Another example is the Data Availability and Transparency (Consequential Amendments) Bill 2020, currently before the federal parliament, which would enable greater data sharing between governments.
Policy makers have given little thought to all the potential abuses of the gargantuan amount of data collected by Covid tracing apps and other forms of Covid information gathering.
But clearly there needs to be, given the poor track record of respect for privacy on the part of the police, law enforcement and intelligence agencies in Australia.
Constitutional right to privacy
A good start would be that laws that breach the protection of privacy are struck down as unconstitutional. The Canadian Charter of Rights and Freedoms, for example, protects privacy from unreasonable searches and seizures. No such protection exists in Australia.
There should also be heavy penalties and sanctions for the leadership of the police, law enforcement and security agencies when they facilitate, or turn a blind eye to, the unlawful gathering of data such as Covid tracing app data.
Just as in occupational health and safety laws, there needs to be direct liability for leaders of these organisations. Evidence laws throughout Australia should also be strengthened to make inadmissible evidence obtained by illegal accessing personal data.
Given the cavalier attitude to privacy of the police, law enforcement and security agencies and most of their political bosses, the Covid tracing app data will be fertile ground for further undermining our fundamental human right to privacy.
Wait for the Covid data breach stories to emerge, because unless there is serious law reform and a cultural shift, this will become reality.
Greg Barns is the author of Rise of the Right: The War on Australia’s Liberal Values (Hardie Grant Publishing 2019).
Greg graduated BA LLB from Monash University in 1984. He has been a member of the Tasmanian Bar since 2003. He is the former National Chair of the Australian Republican Movement and a director of human rights group, Rights Australia. He has written three books on Australian politics, is a Director of the Australian Lawyers Alliance, and a member of the Australian Defence Lawyers Alliance.