The Australian Signals Directorate (ASD) has received a formal complaint from UK-based privacy group Privacy International following allegations that the ASD offered to share information about Australian citizens with international counterparts.
According to documents leaked by United States whistle-blower Edward Snowden this week, the ASD indicated that it could share medical, legal and religious information with agencies in the United States, Britain, Canada and New Zealand during a 2008 intelligence conference in England.
At the time, the ASD was called the Defence Signals Directorate (DSD). According to the leaked documents, DSD said that it could make this information available without some of the privacy restraints imposed by some other countries.
"DSD can share bulk, unselected, unminimised metadata as long as there is no intent to target an Australian national," read the document.
Privacy International’s complaint (PDF) was sent to the Australian Inspector-General of Intelligence Security, Vivienne Thom, on 2 December 2013.
In the documents, the group asks Thom for an immediate investigation into reports that the ASD offered to “violate the privacy rights” of millions of Australian citizens by handling over metadata to its overseas partners.
According to Privacy International, ASD acted in a manner that violates the laws of the Commonwealth and is contrary to guidelines given to the agency.
The group pointed out that the intelligence agency’s Rules to Protect the Privacy of Australians were released on 2 October 2012 and include the following guidelines:
“Where DSD does retain intelligence information concerning an Australian person, DSD is to ensure that access to that information is only to be provided to persons who require such access for the performance of a DSD function,” read the documents.
“DSD may communicate intelligence information concerning Australian persons only where it is necessary to do so for the proper performance of DSD’s functions or where such communication is authorised or required by or under another Act.”
In addition, the rules set out that intelligence information concerning an Australian citizen or resident may be communicated where the information concerns a person “who is, or was at the time the information was collected, the subject of an authorisation given by the minister under section 9 of the <i>Intelligence Services Act 2001</i>”.
Privacy International's head of international advocacy, Carly Nyst, said that the ASD is violating their own rules to protect the privacy of Australians as well as the Intelligence Services Act.
“That law prescribes that an agency must not undertake any activity unless the activity is necessary for the proper performance of its functions or required by another Act,” she said in a statement.
In parliament, Prime Minister Tony Abbott has defended Australia's intelligence agencies. He said that their gathering of telephone and email metadata is within the law.
However, Greens Senator Scott Ludlam said that Abbott's description of metadata as "billing info" falls short, as such data reveals a person's web history, social networks and entire phone records.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.