Sydny – The proposal to store the data of all Australian users for 2 years has drawn a storm of outrage. Now it’s starting to look like it can’t even do the job it’s supposed to do. There are some serious weaknesses from the point of view of law enforcement
The Sydney Morning Herald:
In a heated submission to that inquiry, Victoria’s Acting Privacy Commissioner, Anthony Bendall, dubbed the proposals ”characteristic of a police state”, arguing ”it is premised on the assumption that all citizens should be monitored”.
The government says its proposals are under consideration only, and it has sought the views of the multi-party inquiry on the plans in its discussion paper.
These include allowing authorities to access anyone’s computer to get to a suspect’s device, or to ”enter a third-party premises for the purposes of installing a surveillance device”
Trouble is there are too many reasons why this won’t work.
The general idea is to access data related to breaches of law. The Australian Federal Police and the Australian Taxation Office support the proposal.
“Data” is the key word.
The trouble is that accessing people’s computers isn’t necessarily the best way to find incriminating data, particularly if you’re trying to get the basis for laying charges, let alone a conviction.
The best analogy is fraud. Fraud is detected through a range of transactions and found at points of actions taken by those committing it. Under Australian law, financial records are kept for six years. There’s usually a long list of leads to follow, and people who commit fraud usually slip up and leave a lot of evidence around under this system.
Internet records are very different. The list of possible methods of evasion of detection is almost endless.
Ironically, “third party” is one of the major methods. Why use your own ISP and your own IP when you can use a botnet or another computer with a fake account? You could be the “innocent” recipient of a lot of spam, which could be encrypted to provide code.
You could also be a proxy. Botnet zombie computers can process a lot of data. You might not even know that your computer is doing anything at all, and be directly implicated in a money laundering scam.
Then there’s the “occasional computer” problem. Does anyone really believe that someone laundering millions of dollars would not buy a throwaway computer to do a few transactions? Value of records?
The record keeping process is worse than dysfunctional in this scenario. Two years of records could provide enormous amounts of quite inaccurate, misleading data which could take 5 years to analyze. That scenario also happens to be exactly what law enforcement agencies and regulators specifically do not need.
Worse, you can do a lot of the things that law enforcement needs to see on a phone, anyway. Get rid of the SIM card, and where’s your evidence? Phone service provider records? Maybe, but your quality of evidence is now also based on records from a third party. It may and probably will have big gaps, and it certainly won’t be an easy trail to follow. The phone may have changed providers multiple times to add more difficulty to tracking. It’s not much of a trail of breadcrumbs.
The other story- Surveillance
The surveillance process is much closer to practical actual evidence gathering with a chance of conviction. Exactly how this will work, however, is getting blurry. The part about requiring legal power to install surveillance devices is obviously necessary, the bit about installing it in third party premises is vague to say the least.
If you install a surveillance device in an adjoining premises, you need to do it by stealth.
If a team of police come in and install it, it’ll be common knowledge in a couple of seconds.
If a tradesman comes in and tries to install it, he has no legal power to do so.
(There are legal technicalities here. A plainclothes police officer can install a device, and breach a lot of laws in the process, in theory, negating the value of the surveillance.)
If a surveillance device is detected- and they can be- the person with the surveillance device on their premises could be put at serious risk. The person may not even know they have a device on their property, but that wouldn’t stop them being seen as part of the problem by some very nasty people.
If the presence of a surveillance operation is known, what’s being monitored is likely to be absolutely useless. The surveillance operation is more likely to get fed a lot of non-information that looks like it’s information. So and so goes to a certain site at a certain time and searches “bozo” every day for weeks. Is this a clue? It could be, it could even be a signal to someone else using the site, but it could also be a simple bit of decoy work. Data leading to a conviction, it ain’t. Sounding suspicious is easy enough to do when people are trained to be suspicious.
Sorry guys, but I think you’d be a lot more likely to achieve more with something much closer to the warrant system and intelligence community methods. Discretion is the better part of law enforcement in this case. You can track involved third parties. You can track transactions through their sources. You can join dots without giving away the fact that surveillance is being carried out. Money has to go somewhere from somewhere. Tracking needs to pin down these facts, anyway.
Privacy is a two way street
This particular proposal has to go back to the drawing board, but with a suggestion and a couple of other points to consider-
With great respect to privacy advocates, (I’ve had enough invasions of my own privacy not to appreciate their work) let’s not forget that the absolute worst serial abusers of privacy include the people the surveillance idea is trying to catch. Identity theft is a plague on the public. It’s invasion of privacy in its most literal sense. I met a guy from England during the Sydney Olympics who’d been cleaned out before his plane landed, and things have got a lot tougher in those 12 years.
This sort of surveillance can do a lot to track these vermin. It’s how it’s done that’s important. I’d ask privacy advocates to keep open minds on this subject and try to come up with some working solutions for the law enforcement and tax agencies. Let’s get constructive about dealing with the problems, not obstructive to the basic idea of protecting the public.
Ref : http://digitaljournal.com