There’s a disturbing new development in Australia. A law proposal was disclosed to the public that would get ISPs to spy on the contents of all communications to monitor for compliance. Presumably, the amendments would get Australian ISPs to monitor their networks for p2p activity and hand all their information to copyright holders.
Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes
If one were to say that internet privacy and concerns for file-sharers rarely, if ever, cross paths, this latest development would only further disprove this myth. While the Australian government says that the Telecommunications (Interception and Access) Amendment Bill 2009 – Network Protection is merely about network maintenance, the Electronic Frontier Australia paints a very different and far grimmer picture on what is going on.
EFA’s submission addresses our key concern that the proposed legislation provides a very broad exception to the prohibition on interception of network communications for the purposes of ensuring that a network is ‘appropriately used’. This is a very broad category that means that all network operators in Australia will be able to monitor the substance of communications that pass over their network for compliance with their Acceptable Use Policies — the terms of which could include nearly anything. The AGD suggests that this is necessary to increase security, but have not shown any convincing justification why the contents of communications need to be examined nor why the scheme should extend beyond corporate networks to all Australian networks — including consumer ISPs.
This proposed changed threatens to radically alter the ability of network operators to intercept, store, and disclose information passing over their networks. There are no safeguards to prevent disclosure to law enforcement agencies or third parties. It is entirely possible for these new provisions to be used to examine P2P filesharing data for copyright violations, for example, and to disclose any captured information to copyright owners.
In other words, these amendments could be used to get ISPs to do all the dirty work for the copyright industry.
In a submission during the very short consultation period, the EFA submitted their comments with regards to the proposed amendments, saying that the consultation was far too short for more critical analysis. They further comment with the following:
Section 5(1) effectively provides that ‘network protection duties’ includes monitoring the content of communications in order to ascertain whether the network is being ‘appropriately used’. Because of the broad undefined nature of the term ‘appropriately used’ and the fact that many AUPs may contain restrictions not on protocols or services that internet uses may use but upon the purpose for which those communications are being made, this provision opens the bulk of network communications to potential interception and continuing surveillance.
A common example can be found in AUPs that prohibit the use of peer-to-peer filesharing networks for the purposes of copyright infringement. In order to determine whether “the network is appropriately used”, a network operator would be required to intercept all peer-to-peer traffic and attempt a determination of whether any given traffic streams are being used to communicate copyright material without the licence of the copyright owner. Not only is such a task difficult or impossible due to the inherent complexity of copyright law and need to analyse the scope of any potential licences or fair dealing defences, it seriously imposes on the privacy of network users who are using legitimate file-sharing protocols for non-infringing activity.
EFA opposes the construction of ‘appropriately used’ in s 6AAA of the exposure draft. We submit that the definition in s 6AAA ought to be amended to reflect that operators are only entitled to intercept and monitor communications where those communications pose a threat to the security of the network itself. EFA notes that there are already laws in place which deal with the disclose of sensitive information, and that there are already civil and criminal procedures available to determine the origins and contents of communications that appear to contravene such laws. The proposed amendments have the dangerous effect of reversing the burden of proof for such monitoring, allowing network operators to monitor for compliance, rather than to seek disclosure once a prima facie case or reasonable suspicion of unlawful
activity exists. To the extent that operators of networks require the ability to monitor the activities of their users, there is no justification for allowing substantive examination of the contents of communication as opposed to the envelope information – numbers and types of packets and their destinations.
At best, this law should be a frightening prospect to all internet users, not just file-sharers as this is a huge infringement of personal privacy. While Canada is currently in the midst of mulling lawful access once again, at least the scope was far narrower than this. Even the US, home of the much despised DMCA didn’t go this far. Even the French three strikes law required some action from rights holders. To date, this appears to be the worst ISP law proposal we’ve ever seen followed closely by Austrian newspapers wanting to use data retention to enforce copyright.
Clearly, to the best of our knowledge, Australia is mulling the concept of boldly going where no other country has gone before in terms of mass communication interception. One wonders if the government has any idea what kind of task it would be to force ISPs to patrol their own networks on a packet-by-packet basis. Searching through headers on an entire major ISP is probably full time work for a team of internet specialists. That doesn’t even touch encrypted traffic. ISPs would probably have to pay money to a whole task force to people just to comply with this law which could have been spent on critical infrastructure upgrades, so Australian ISPs have a lot to lose, let alone Australian ISP customers who would have to worry about an ISP specialist covertly spying on every message or packet they send and receive online.
The law proposal will be debated in the Australian parliament in December, so there is still time to oppose this law.
Drew Wilson on Twitter: @icecube85 and Google+.