In cyber engagement strategy, Australia overlooks its own threats to user rights

Last week, Australia launched a new International Cyber Engagement Strategy, intended to expand on “on how Australia will attain global responsibility and influence in cyberspace.” It includes goals in eight subject areas ranging from human rights and democracy to cybersecurity. Many of the goals are laudable and seek to establish Australia as a regional and global leader on issues impacting users online. However, the strategy fails to recognize that the government’s own current actions, including engagement in government hacking and threats to encryption, have global influence and run counter to its commitments in the document.

In a letter today to Dr. Tobias Feakin, the Australian Ambassador for Cyber Affairs, Access Now calls on Australia to strengthen its commitments to protecting users and address domestic policy issues that put their rights at risk.

Despite being a “cyber” engagement strategy, not all of Australia’s new roadmap is dedicated to cybersecurity, though all sections relate to security and human rights. Other sections focus on trade, development, “cybercrime,” internet governance, and a coordinated cyber agenda. The strategy makes mention of the rights to freedom of expression and association, but fails to show similar regard for privacy, not referring to it as a right and only referring to the “arbitrary interferences” to privacy instead of the unlawful, disproportionate, and unnecessary infringements.

While nuanced, that failure is not surprising given the way Australia has treated privacy in recent years. The government regularly conducts hacking operations that threaten privacy and security and government leaders have called for restrictions on encryption, which would make users more, not less, vulnerable to harms like data breaches, unauthorized access to private communications, crime, and human rights abuse.

In our letter, we submitted nine recommendations, summarized here:

  1. Strengthen and clarify the commitment to protecting privacy – The strategy does not explicitly recognize the right to privacy, nor does it adequately address the threats to that right.
  2. Create a dialogue around hacking with the goal of ending certain types of government hacking operations and codifying human rights protections for any future operations – Per our government hacking report, Australia has already authorized hacking operations, which the prime minister has described as “very considerable.”
  3. Support initiatives that build users’ capacity protect themselves and their rights – The government clarify how it intends to promote digital security protections that people can implement themselves.
  4. Support and play an active role in the Freedom Online Coalition – The Freedom Online Coalition is a group of 30 governments that works with civil society and the private sector to promote internet freedom.
  5. Include civil society organizations in policymaking and advisory bodies – The government should make clear it will ensure effective civil society participation in the opportunities for public engagement that are promoted in the strategy.
  6. Explain how resources will be used to to promote norms of international law to protect users – Earlier this year, the U.N. Group of Governmental Experts failed to reach consensus on a report on norms in cyberspace so the government should make clear where it intends to pursue future international cybersecurity norms development.
  7. Declare support for strong digital security tools, like encryption – The Prime Minister has called for limits on the use of strong encryption, which would not only threaten Australia’s cybersecurity but also infringe upon human rights.
  8. Add human rights principles as a factor in the design and development of ICT products, systems, and services – The strategy indicates Australia will promote cybersecurity in the design of ICT products and services, but human rights should be included in the design.
  9. Condition support for new methods for law enforcement access to cross border data on inclusion of human rights protections – The strategy mentions Australia’s participation in a process to reform the Budapest Convention to enable law enforcement access to data across borders. Access Now has joined a number of civil society organizations to address human rights implications of that reform process.

We also invited the Australian government to attend RightsCon Toronto in May 2018 to engage with civil society on these issues, as they pledged to do in the strategy.

The Australian government has taken a step toward better protecting users online, particularly in the Indo-China region. Now, it must show it can turn those commitments into meaningful change.

You can read our letter in full here.