Spy agencies seek to store Aussies’ web-browsing histories, end encryption

The Australian Security Intelligence Organization (ASIO) is pushing for laws that would make telecommunications companies retain their customers’ web-browsing data, as well as forcing web users to decrypt encrypted messages.

In these post-Snowden times, when people around the world are furious over revelations that their communications’ ‘metadata’ has been scooped up by a vast, US-built surveillance network, Australia’s ASIO is looking to further bolster its phishing powers, as opposed to scaling them back as many people clearly favor.

With no loss of irony, the agency is pointing to the sensational case of Edward Snowden - the former NSA contractor-turned-whistleblower who last year departed from US shores with thousands of files on the American spy program - to expedite the process of creating a data-retention regime that would store users’ data for two years, or possibly longer.

"These changes are becoming far more significant in the security environment following the leaks of former NSA contractor Edward Snowden," ASIO said in its parliamentary submission to modify the Telecommunications Interception and Access Act.

Although retaining ‘content’ data has been declared off-limits to the surveillance program, several security agencies, including the Northern Territory Police and Victoria Police, want web-browsing histories stored.

Metadata gathered on web-browsing would include an IP address and the IP addresses of web servers visited, or uniform resource locators (URLs) and the time at which they were visited. Email metadata, meanwhile, might include information such as addresses, times and the subject field.

Australia’s intelligence agencies accessed metadata 330,640 times during criminal and financial investigations in 2012-13, according to The Sydney Morning Herald.

Northern Territory Police said in its submission that meta-data found in browser histories were "as important to capture as telephone records".

Additionally, the agency is calling for enhanced powers to sift intelligence data from emails and social media sites, as well as forcing web users to decrypt encrypted material if requested to do so by the spy agency.

“Under this approach, the person receiving a notice would be required to provide ‘information or assistance’ to place information obtained under the warrant into an intelligible form,” the submission said.

“The person would not be required to hand over copies of the communication in an intelligible form, and a notice would not compel a person to do something which they are not reasonably capable of doing. Failure to comply with a notice would constitute a criminal offense, consistent with the Crimes Act.”

ASIO points to the Snowden leaks, and the increased popularity of encryption technology on the internet, as a reason for resisting changes.

"In direct response to these leaks, the technology industry is driving the development of new internet standards with the goal of having all web activity encrypted, which will make the challenges of traditional telecommunications interception for necessary national security purposes far more complex."

However, a number of organizations, including the Australian Mobile Telecommunications Association, the communications lobby group, warned against widening surveillance capabilities and what it means for privacy rights.

“The associations also note that a data retention scheme will involve an increased risk to the privacy of Australians and provide an incentive to hackers and criminals. Data retention is at odds with the prevailing policy to maximize and protect privacy and minimize the data held by organizations,” the submission said.

“Industry believes it is generally preferable for consumers that telecommunications service providers retain the least amount of data necessary to provision, maintain and bill for services.”

ASIO is not only fighting back against any restrictions on its work, it is actually calling for more spying powers.

For example, when the Australian Law Reform Commission argued for the creation of a “public interest monitor” to assert some guidelines on intelligence gathering, ASIO said it “has reservations about this, if the effect would be simply to insert yet another approval step into the authorization of a TI warrant.”

Meanwhile, the Australian Federal Police said it wanted to store data "to ensure a national and systematic approach is taken to safeguarding the ongoing availability of telecommunications data for legitimate, investigative purposes." At the same time, however, it admitted work needed to be done to understand what type of data got retained and for how long.

Electronic Frontiers Australia, the online rights group, is lobbying against the amendments, arguing that storing web meta-data was "an ineffective method to curb terrorism."

"The ease with which data retention regimes can be evaded is grossly disproportionate to the cost and security concerns of the data retention regime," it said.

Meanwhile, the Coalition government's Attorney-General George Brandis said on Monday that the government was "not currently considering any proposal relating to data retention" despite the push from the country’s intelligence agencies.

Shadow Attorney-General Mark Dreyfus said Labor was waiting for the Coalition's response to an inquiry that had opened in June of last year before it announces its position.

"There was insufficient time while Labor was in office to formulate a considered response to the matters discussed in the Committee's report, including the merits of a data retention scheme," Dreyfus said, as quoted by the paper.