ASIO is not carrying out mass surveillance of average citizens and the agency is subject to an appropriate level of oversight, according to the organisation's head David Taylor Irvine, director-general of security.
“We are not the United States,” Irvine told the Senate, Legal & Constitutional Affairs References Committee, which is mulling revisions to the Telecommunications Interception and Access (TIA) Act.
“We have a very adequate surveillance regime which strikes an excellent balance between the privacy of the individual on the one hand and the needs of national security on the other.”
Irvine responded to what he called “misplaced conceptions and concerns” about telecom interception. He complained that references to Big Brother and the George Orwell novel 1984 “are tossed around without any real balanced consideration [of] a number of things.”
“There should be no misunderstanding the interception of telecommunications is a key tool in the detection and prevention of terrorism and espionage, and in the investigation of major crimes,” Irvine said.
“Without it, and without an ability to access to access telecommunications call data and intercept communications, ASIO and law enforcement bodies in Australia cannot guarantee the level of safety assurance that people expect.”
Irvine said that warrantless collection of call metadata—the information about a call including time, duration and location—is not mass surveillance.
“It’s akin to a CCTV looking at you in the street—it doesn’t matter.”
However, committee chair Senator Scott Ludlam raised several questions about how clearly defined metadata is. He said that the definition appears to be arbitrary and open to interpretation.
While rejecting any additional oversight, Irvine supported updates to the TIA Act that would help surveillance officers keep up with technology used by persons of interest.
In particular, ASIO seeks a requirement that telcos retain customer metadata for two years. Irvine said telcos had been doing this before but have found diminishing commercial reasons to continue.
He stressed that ASIO is seeking no changes to the type of data collected and does not want the government itself to be storing the data.
Irvine also flagged several weaknesses in existing legislation that are increasingly exploited by persons of interest to evade detection.
Currently, ASIO must obtain a warrant for each mobile device from which it seeks to intercept information, he said. People have foiled law enforcement by using multiple devices, he said.
Irvine noted that the use of encryption on communications has significantly increased since the revelations about US surveillance by Edward Snowden.
He said ASIO needed to inspect innocent computers used by hackers to spread malicious attacks and the organisation would only look for malicious signatures and not anything else on the computer.
Irvine also said there was a need to remove bureaucracy that has hindered an open exchange of information between ASIO and the Australian Secret Intelligence Service (ASIS).
He estimated that there are about 150 people in Australia who are supporting, recruiting for or financing extremist elements in Syria or Iraq.
“Not all of those people are necessarily threats to national security. Not all of those people will go beyond expressions of verbal support,” he said.
“But the point is we don’t know that unless we look at them.”
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.