Government surveillance a slippery slope: Ponemon

No looking back from Patriot Act, data retention laws.

US privacy expert Larry Ponemon has warned against data retention proposals that could give the Australian Government greater surveillance powers over its citizens.

Although surveillance laws may initially target criminal groups, he said they risked being expanded to the detriment of political enemies and minority groups.

"There are issues in terms of governments having access to personal information," said Ponemon, who founded information management research firm the Ponemon Institute.

"The question is, where do you draw the line," he said, noting that once introduced, government surveillance was difficult to abolish.

Ponemon highlighted the US Patriot Act, which was introduced by former president George Bush in 2001 to give authorities greater information gathering powers to combat terrorism.

With opponents of the Act arguing that it infringed on civil liberties, Ponemon expected privacy protections to be increased when the Obama administration was elected in 2008.

But the administration's actions to date proved otherwise, he said.

"My belief was that when we got a new president, we would see change, but it's [surveillance] gotten worse, not better," he said.

"I think the thing is, once you start it [surveillance], it's hard to turn back because you've already built the infrastructure."

The Australian Attorney-General's Department in June admitted to consulting with the industry about introducing data retention laws similar to the European Directive on Data Retention.

If introduced, the data retention laws could see carriers and ISPs asked to store the browsing and calling logs of Australian subscribers for three months at a time.

Ponemon drew parallels between data retention and the potentially dangerous ability for a nation to marginalise parts of its society.

"That seems to be the reality in the world - that has happened in history," he said, referring to Nazi Germany prior to World War II.

"The Germans were very good at record-keeping," he said. "I'm not saying that could happen again, but there certainly is that risk."

Privacy watchdog

He called for the establishment of an international authority - like the UN - to tackle global privacy issues, arguing that privacy was a fundamental human right to which all should be equally entitled.

The authority could also target cyber crime, he said, noting that international borders did not deter cyber criminals who were stealing information in "more stealthy and sinister" ways than ever before.

It would exercise parity and consider cultural differences - for example, Latin American countries tended to be primarily concerned about government surveillance, while the U.S. was focussed on corporate data breaches.

But it may take a large scale disaster for society to recognise the value of such an authority, Ponemon said, noting that "we have other problems" deemed more urgent.

"I'm not sure what the answer is, from a regulatory point of view, but it should be global," he said.

"It's not going to be easy - we'll need a disaster or two, unfortunately, before people realise how big a problem this will be."