Intercept laws hamper local user privacy

Analysis: Is a surveillance-free ISP possible in Australia?

Plans to establish an internet service provider in the US that would block government requests for user information or surveillance would fail at the first hurdle locally, according to experts.

The "privacy-protecting" US provider, dubbed Calyx, has established a mandate to encrypt user information at all levels of transmission throughout its network, keep limited logs of user activity and "challenge government surveillance demands of dubious legality or constitutionality" in the hopes of securing user information from government surveillance, according to CNET US.

The company's founder, Nicholas Merrill, hoped to build on his defeat in 2004 of an FBI request for customer information based on what he alleged was a violation of the US constitution's First Amendment.

However, telco lawyer Erhan Karabardak said any attempts to erect a similarly capable service provider in Australia would likely fail under Australia's legal framework.

According to Karabardak, a director with Cooper Mills Lawyers, serious penalties would be imposed on any company that refused to disclose user information requested under warrants from authorities.

"The regulatory regime in Australia is very interesting because while... it does give quite significant access to law enforcement and other agencies, it still does maintain some pretty strict offences with respect to disclosure," he said.

"It is, I would say, a good balance, others would say it's ridiculous and too far gone but you need to look at it in the context of the world as it is today as opposed to the world as it was when the Telecommunications Act first came out in 1997."

Australian carriers and service providers are required by law to provide the Federal Government with proof they can intercept user data and information over their networks, or they face a $10 million fine and loss of carrier licence.

Karabardak ultimately cast doubts on Merrill's plans for an anti-surveillance service provider in the US.

"If there is a loophole I can tell you that the Americans will close it pretty quickly," he said.

"People complain about our national security regulation but if you think the Australian laws are tough in that respect, the US laws have a lot more power than the Australian authorities."

Big business

Federal and state authorities spend approximately $50 million a year on intercepting telecommunications in Australia, with the numbers of interception requests slowly rising to 3488 applications during the past financial year.

The Attorney-General's Department, which oversees issuance of warrants for such intercepts, have credited the laws with a 27 percent rise in the number of arrests made as a result of telecommunications interception during the same period.

The current Labor Government has also sought to make data retention and interception capabilities more onerous for local service providers, making numerous amendments to the Telecommunications Act in recent years.

Separate legislation aimed specifically at cybercrime and introduced to the Parliament last year, was designed to make ISPs collect user traffic data in real-time and retain it for 30 days.

The bill is yet to pass through the Senate after the Greens refused to vote in favour of the bill without amendment.

Intercepting NBN Co?

The introduction of communication technologies - such as ISDN and GSM mobile services in the 1990s or more recently VoIP services - have prompted authorities to continually warn service providers of the continued requirement to operate these services in compliance with interception laws.

In some cases, the technologies have been delayed to ensure interception is possible.

A similar issue was raised recently surrounding the introduction of Internet Protocol version 6.

In addition, industry talks around how such interception will occur under the National Broadband Network have turned to whether authorities will bother with end-user service providers for fixed-line access and move straight to intercepting traffic at NBN Co's points of interconnect.

A senior network engineer, who wished to remain anonymous, told iTnews that the ability to intercept such traffic would only become easier as more Australian networks conformed to Ethernet standards.

A spokesman for the Attorney-General's department confirmed talks with NBN Co over interception and telecommunications security matters but would not reveal the nature or extent of the talks.

"The Government has a responsibility to do its utmost to protect the security and privacy of the information of Australians and Australian businesses," they said.