Senator Ludlam’s request follows an article on the website of Fairfax papers (an article which has since been removed) suggesting TrapWire is in operation in Australia. If such technology is in use, it raises genuine concerns about the government-backed surveillance of the Australian people.
TrapWire is described by the vendor as a video surveillance system with capabilities that will assist in preventing terrorist attacks prior to the event. The system is designed to collect video and, by using specialised data mining and video analysis techniques, can identify suspicious people and actions (such as leaving a bag unattended) that might represent a pre-cursor to a terrorist or criminal act.
TrapWire does not operate in isolation but uses facial recognition to identify everyone that is filmed. What this means is that everyone is being identified, tracked and having their information stored in databases that are under the control of a private security company.
Of course, surveillance is not new – many cities and companies around the world utilise CCTV surveillance systems. What is new is the ability of TrapWire to analyse the video, identify everyone that appears in the video and to then store this information in a database.
Senator Ludlam has voiced the concerns that many Australians will have about the introduction of systems such as TrapWire.
Indeed, there are many questions that need to be answered:
- Are foreign companies operating intelligent surveillance systems within Australia?
- Where is the data stored?
- What information is leaving Australia?
- What privacy and security provisions have been made to protect Australians from the incorrect use of the data?
- Is this information being made available by the operator to other companies, government departments or the police?
- Who is responsible for auditing data retention and for ensuring data remains safe, secure and is not traded at a later date?
The increased concern about intelligent data mining systems such as TrapWire comes just days after the Attorney-General Nicola Roxon shelved plans to implement a policy that would have seen the web history of all Australian internet users retained for two years.
The government’s capitulation on this issue is at odds with statements made by a senior national security official to Fairfax Media on August 10 2012:
Ms Roxon’s decision to refer the proposals to the parliamentary joint committee for intelligence and security was symptomatic of “the risk adverse character of the government”
“These reforms are urgently needed to deal with a rapidly evolving security environment, but there isn’t much appetite within the government for anything that attracts controversy.”
While the intelligence and security community may want increased surveillance to protect the national interest there are good reasons to put a freeze on increased surveillance and data retention schemes. For a start, we need to wait until technology has been implemented that will improve the capability for government and companies to adequately protect data.
Australians should be very worried about increased data retention and the introduction of new intelligent surveillance systems by stealth.
Now that the Attorney-General has taken the step to put the controversial data retention scheme on the backburner, she should announce what the government is going to do to improve privacy and security for Australians on the net.
One suggestion is a national committee to review privacy and security and to report on the introduction of technologies that would improve the secure operation of the digital network within Australia. The committee should be broadly based and include members from academia, government, industry and civil liberties organisations such as Electronic Frontiers Australia.
The committee should consider:
- the immediate mandatory introduction of Internet Protocol version 6
- the immediate mandatory introduction of Secure Socket Layer encryption for all websites and traffic over the Australian digital network
- mandatory use of two-factor authentication for all electronic commerce and other electronic systems that store customer information
- best-practice requirements for securing electronic systems
- triple-factor authentication for access to any electronic system deemed to be national infrastructure
- a mandatory requirement for all government departments and companies to carry out annual security audits of electronic systems and report the audit to a newly established federal security agency
- a mandatory requirement for all electronic system security breaches and hacking attempts to be reported to the newly established federal security agency.
Australia must not wait for the rest of the world to act to implement a more secure digital network. Instead we should take a lead role in doing so.
Furthermore, until the government can guarantee the privacy and security of Australians on the net there should be a moratorium on the introduction of intelligent networked surveillance systems such as TrapWire.