How to keep analog data safe

The government has released guidelines to help protect Australian citizens’ digital rights after revelations that the US National Security Agency (NSA) was spying on Australia’s internet, mobile phone and cable television providers.

Key points:The guidelines set out measures to ensure the digital age remains a safe environment for everyoneThe guidelines were released to address concerns about a lack of clarity around the National Security LegislationThe Australian Federal Police (AFP) will now provide information about how to manage and monitor the use of digital dataThe Australian Communications and Media Authority (ACMA) is reviewing its current digital security guidelines to determine how best to implement them in the digital world.

The Government says it will take “care” to protect digital data from “illegal” use and theft, but will not be able to do so “at the expense of other critical public safety functions” in the future.

The guidelines, which were released in response to concerns that the NSA could potentially have collected metadata on Australian internet users’ internet usage, came after the release of a new National Security Strategy, released on Wednesday.

The strategy outlines how the government and the AFP will work together to “strengthen national security, protect Australia’s borders and combat the threat of cyber terrorism”.

“We will continue to ensure that Australian citizens can exercise their rights to privacy, freedom of expression, freedom from arbitrary detention and the right to access information,” it said.

But privacy and freedom of speech advocates were sceptical of the guidelines.

“We believe they are a huge step backwards from the Snowden revelations,” said Julian Robertson, a privacy expert at the Australian Civil Liberties Union.

“They are very clear that they are only for use by the AFP and they are vague on what that means.”

Mr Robertson said that the Australian Government had not followed its own legal obligations in terms of how the guidelines were interpreted.

“If they really believed the guidelines are not meant to be a ‘blanket’ policy, then that would be a very significant problem,” he said.

“It’s not clear what they are talking about, if they mean the guidelines apply to all Australian ISPs and only apply to them, or if they are just meant to apply to particular services.”

I don’t think they’re really being clear.

“But the guidelines come just weeks after the US Justice Department released a new draft of its own National Security Information Act (NSAIA), which sets out the guidelines for handling the handling of digital information.

It states:”Nothing in this Act shall be construed to authorize the disclosure, storage, or retention of, in whole or in part, any electronic communication by the United States Government, the intelligence community, or any other entity of the United Nations, or the private sector, to a person outside the United Kingdom.”

However, Mr Robertson said he was worried that the draft would not be clear about what could be considered “unauthorised disclosure” under the NSAIA.”

When you look at the draft it’s not entirely clear, and it’s only clear in relation to the NSA, whether it applies to all the communications being intercepted by the FBI,” he explained.”

That would make it incredibly difficult to enforce.

“The guidelines are also not clear as to whether they will apply to any data that has been collected by the Government and processed by the government.”

The guidelines also state that:”The Attorney-General, the Attorney-Minister and the Minister responsible for the AFP may not use electronic surveillance of a person or organisation under their control, or other surveillance, to obtain information or to carry out any operation, purpose or procedure of the Government; or to acquire any data or information in the exercise of any authority conferred by this Act.”

While the guidelines did not specify how such data should be handled, they do state that they will only be used to investigate crimes and “other lawful acts”.

But Mr Robertson believes that the guidelines “will not stop the NSA from using the guidelines as an excuse to spy on Australians, and that’s just not a good idea”.

“The government will be able, as a matter of policy, to collect all kinds of data about Australians in the name of national security,” he added.

“But it is not clear whether the guidelines will apply, or whether they’re intended to apply, to the information the NSA may have collected about Australians.”

Mr Roberts said the guidelines should be seen in the context of the current national security environment.

“There is a clear need to maintain a level of privacy and protection in the age of digital communication,” he noted.

“However, as digital communication has grown, the need to keep the privacy and security of Australians’ digital information has become even greater.”

In the digital era, the rules of the road have changed.