The Victorian government recently announced plans to legislate the mass surveillance of citizens. Primarily it wants to mass harvest location data on mobile phones and other connected devices such as mobile apps, GPS and in-vehicle bluetooth devices. This is the equivalent of having facial recognition technology at every intersection, outside every business and in every home.
What is it for? Victoria’s Department of Transport say it’s intended to improve transport systems; the data will be used to analyse “mode of travel, purpose and time” and also measure delays. There has been no indication of secondary or possible tertiary aims, and no information of how it will work in practice.
In response to privacy concerns from civil liberties organisation Liberty Victoria, the Victorian government noted the state had “some of the toughest privacy laws in the country”. But this is not correct. Let’s go a bit deeper.
Privacy and protections
The Victorian Privacy and Data Act 2014 was re-enacted in 2014 to bring it closer in line with the Federal Privacy Act 1988 (Amendment 2000) — legislation that was introduced at a time when Australians were playing snake on their Nokias.
The Victorian act also had 10 information privacy principles (IPPs); less than the 11 IPPs and 10 national privacy principles in the federal act. In the same year, 2014, the federal act was updated to Federal Privacy Act 1988 (Amendment 2012) with 13 Australian privacy principles.
The Victorian Privacy and Data Act 2014 applies to Victorian public sector departments, local councils, statutory offices, universities and TAFEs. Amendments to the act would be required for mass data harvesting to cancel an individual’s right to request their own data and allow sensitive data about a person’s race, religion, sexual preferences and political inclinations to be collected. The Victorian Surveillance Devices Act 1999 would also need to be amended to allow use of devices to record private activities. Similar laws exist in each state and territory of Australia.
The Victorian Charter of Human Rights, which provides freedom, safety and security for Victorian people and aligns the state with human rights practices expected in Western liberal democracies, would also be weakened. Two of the 20 fundamental rights in the charter would not apply because of this law.
Under Section 13 of the charter, a person has the right “not to have his or her privacy, family, home or correspondence unlawfully or arbitrarily interfered with”, while Section 20 applies similarly to a person’s right not to be “deprived of his or her property”. A warrant should be obtained to enter property and access data from an electronic device.
Privacy in the context of mass data harvesting means confidentiality and sometimes anonymity. The Victorian government says that data privacy will be achieved by de-identifying the data and keeping it secure. But past research has demonstrated the ease in which this can be circumvented.
Data footprints are unique to each individual. The data would become very valuable when it is mass-harvested and would be a target for hackers. Individual device security would also be weakened if backdoors or data harvesting apps are mandatorily applied to each device in Victoria.
Consent and control
Protections and control of devices should ultimately be conceded carefully, and individual consent should be a necessary principle. In theory, harvested data could be used by the governing political party to significantly influence elections, change social dynamics and target individuals or minority groups for their beliefs. Every person would be effectively downloading their device to a government computer.
Opt-outs such as turning off location services — which the government has offered as an option for dissatisfied citizens — would be difficult to achieve in practice. Location data could still be accessed and safety services such as Find My iPhone and Maps would be rendered useless, creating a vulnerability in the device and negating freedom of movement (another principle guaranteed by the Victorian Charter or Human Rights).
People would effectively have to choose between using their apps and their right to privacy — and even then, their privacy isn’t guaranteed.
The government could absolutely choose another path on this. Public transport apps, for example, could ask for consent from users to contribute data to a government agency. Specific Victorian government apps could be downloaded by volunteer or paid contributors. Regardless of the mechanism chosen, effective independent oversight — including citizen oversight via the media — should be applied.
This isn’t just an issue for Victoria either. The NSW government has recently proposed that facial recognition could replace the Opal ticketing card used on NSW public transport, and Transport for London has just started harvesting location data from the tube network’s free wi-fi. These technology solutions provide identified data and have significant privacy and consent issues.
This isn’t just an issue for Victoria. The NSW government has recently proposed that facial recognition could replace the Opal ticketing card used on NSW public transport. Transport for London is harvesting location data from the tube network’s free wi-fi. These technology solutions provide identified data and privacy and consent issues have been raised.
This is an opportunity for the Victorian government to demonstrate its commitment to the Victorian Charter of Human Rights and prioritise consent over force. It’s particularly important when gender-based violence and coercive control, enabled by devices and app surveillance, is becoming more prominent.
Saying “turn your location services off” isn’t good enough.
Simone Anon is a consultant, writer and lecturer. She has previously volunteered with Liberty Victoria as a privacy adviser to the policy committee in 2018.
Is it fair to suggest people opt out through location services? Send your comments on privacy and data-harvesting to boss@crikey.com.au. Please include your full name.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.