July 2018


Minding your data in a post-GDPR world

By Scott Ludlam
Some good news about online privacy has just popped up

That bundle of privacy policy updates that suddenly clagged up your inbox a few weeks back? The pop-ups that need your consent before you can visit some website or other? These are the flotsam bobbing around in the shockwaves from what just happened in the European Union. A six-year campaign to make the internet a safer and less predatory place closed out on May 25, and the consequences are now starting to sink in.

It is a rare and important piece of good news. In the five years since Edward Snowden first became a household name, there has been precious little of that. In Australia, we got mandatory data retention laws, relentless expansions of surveillance state capabilities, and an agglomeration of unaccountable power in the hands of a home affairs minister whom most people wouldn’t trust to mind their dog. Even now, the government is flirting with a bill to undermine the encryption standards that underpin most private communications and all financial transactions. As the prime minister would have it, “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.” So when activists and legislators pull off an almost continent-wide pushback against full-blown global surveillance capitalism, it’s worth taking notice. Sometimes, we can win.

It is now fairly commonplace to see the phrase “data is the new oil” splattered on PowerPoint slides and news headlines, as though that’s a good thing. The phrase is more apt than its proponents might like to acknowledge. It implies extraction and exploitation (true), concentrated benefit and widely distributed harm (true), and huge public risks that become apparent only after the industry has amassed enormous political and economic power (also true). So, for the moment, let’s go with it.

Fine-grained details of our relationships, purchasing habits, physical locations and medical histories – some of the most intimate moments of our lives – are seen by these industries as a kind of extractible commodity to be drilled, refined and sold. If that doesn’t creep you out just a little, it gets worse, because the further assumption is that you don’t own this information, the drilling companies do. And every time we click our assent to one of those incomprehensible 500-page “user agreements”, we cement that assumption.

States obviously find these huge pools of data irresistible. One of the early striking revelations of the Snowden disclosures was that in addition to tapping the internet’s physical hardware – the routers, satellites and undersea cables – Western signals intelligence agencies had installed PRISM “backdoors” in the archives of the tech companies responsible for much of the primary data drilling. There are equally disquieting examples of various actors systematically poisoning these information wells, for the purposes of influencing public debates or tilting elections.

We don’t have to look to science fiction to contemplate what happens when these tools are turned, without restraint, against ordinary people. Right now, one fifth of the world’s population is locked behind the great firewall of China, subjected to saturation censorship and opinion monitoring. Without question this requires the abolition of any quaint notions of privacy. Late one night in Beijing, I joined the queue outside a security post to be allowed into the forecourt of the Forbidden City, over the road from the haunted expanse of Tiananmen Square. Not being in possession of an ID card, I was pulled aside after going through the scanner for a passport check, and, while waiting, I got a user’s-eye view of the system I’d just passed through. Ghostly squares settled across the faces of those shuffling through the metal detector, and one by one they were assigned an identity, names and numbers scrolling past on an adjacent monitor. In the southern industrial capital of Shenzhen, the facial recognition network can now recognise jaywalkers, and beam them and their names onto giant screens in real time. Eventually, the same system will be able to send you an aggressive message via your social media apps and issue an on-the-spot fine.

In the restive autonomous region of Xinjiang, we can see the full measure of why Snowden referred to surveillance technologies as weapons. In a place where people are rated as “safe”, “average” or “unsafe” depending on their religion, ethnicity or “social stability situation”, officials are collecting a wealth of biometric data, including pictures, fingerprints, blood type, iris scans and DNA. The region is now a laboratory for saturation surveillance, operating as a high-technology front-end to much older forms of coercion and state violence.

Russia, that other human rights stronghold, has installed a facial recognition system to weld most of Moscow’s 170,000 cameras into a single, unblinking digital eye. “We needed an artificial intelligence to help find what we are looking for,” Moscow’s IT departmental head said reassuringly in 2017.

Xinjiang and Moscow are a long way from Canberra, but ask yourself, and be honest, whether you believe that there aren’t people within Peter Dutton’s sprawling home affairs department who wouldn’t cheerfully roll out this technology across the whole Australian population. With stringent Aussie checks and balances, naturally.

There’s no need to guess, because we already have a pretty good idea. The core of the Australian system is referred to as the “National Facial Biometric Matching Capability”, or just “The Capability” if you prefer to keep your dystopian descriptors concise. At present, it is designed to provide seamless cross-matching between existing state, territory and federal holdings of biometric data contained in driver’s licences and passports. At present, we are asked to believe, by people who may even believe it themselves, that this system will never be patched into the mesh of CCTV cameras proliferating across the country, and never be perused by AI in real time to bring suspected wrongdoers to the caring attention of Border Force, or the tax office, or Centrelink.

Or, presumably, to the attention of military intelligence agencies. Months of quiet behind-the-scenes preparation were abruptly forced out into the sunlight in March when a memo from Australian Signals Directorate head Mike Burgess, seeking to “better support a range of Home Affairs priorities”, was leaked. The ASD, as the Australian “Eye” of the Five Eyes surveillance network, is prohibited, on paper at least, from spying on Australians. The leaked letter, since repudiated by everyone except Peter Dutton, proposed abolishing that threshold and formalising the ability of the ASD to engage in warrantless surveillance on the Australian population.

As a general rule, these “innovations” are rolled out stepwise, rather than all at once, preferably in the wake of some appalling attack or security near-miss in order to spook a sufficient parliamentary majority into granting them passage. That’s the Australian template, anyway: objectively untrue assurances that Australia’s spy agencies operate under “a regime of strict parliamentary oversight” combined with a one-way legislative ratchet granting them ever-more intrusive powers.

There are other templates, however, and our European colleagues just wrote a brand new one. “The GDPR strengthens existing rights, provides for new rights and gives citizens more control over their personal data,” the bills page on the EU website dryly notes. GDPR: that’s the General Data Protection Regulation to you and me, and it’s the reason we’re being sent all those emails. It goes some distance towards giving ownership and control of your personal data back to you. It is the brainchild of privacy campaigner Ralf Bendrath; former European Commissioner for Justice, Fundamental Rights and Citizenship Viviane Reding; and German Greens MEP Jan Philipp Albrecht. The story of their half-decade campaign to get the new law over the line is the subject of a recent documentary whose title translates as “Inside the Noise of Data”.

“Surveillance is not about knowing your secrets, but about managing populations, managing people,” argues the Panoptykon Foundation’s Katarzyna Szymielewicz in the film. For Albrecht, fighting upstream in early 2013 amid a swamp of industry lobbyists pushing for 4000 hostile amendments, the Snowden revelations landed like a bombshell. Just as Snowden had hoped, transparency changed the game.

“People say nothing has changed: that there is still mass surveillance. That is not how you measure change. Look back before 2013 and look at what has happened since. Everything changed,” Snowden told The Guardian on the fifth anniversary of his extraordinary disclosures.

As of May 25, 2018, if you collect information on citizens of the European Union, you’re obliged to tell people what you’re going to do with it. You’re obliged to only collect the minimum that you require in order to do whatever it is you’re doing. You’re obliged to notify people if your website is loaded up with commercial spyware. And so it goes.

In one highly instructive example, USA Today decided that it would be easier to design a special Europe-only version of its website rather than bring its main site into compliance with the GDPR. Austrian developer Marcel Freinbichler helpfully compared the size of the regular page for a US audience and the GDPR-compliant page. The latter is designed to “not collect personally identifiable information or persistent identifiers from, deliver a personalized experience to, or otherwise track or monitor persons reasonably identified as visiting our Site from the European Union”. You get the picture. As it turned out, the compliant page required less than 10 per cent of the bandwidth of the one bloated with unasked-for tracking devices.

The GDPR is a long way from perfect, as even its architects acknowledge. Despite the huge fines that can accrue for companies in breach, it will only be as good as those tasked with enforcing it. There is also a very deliberate carve-out for policing and national security agencies, which will be governed by a rather more ambiguous standard.

But credit firmly where it’s due. The GDPR is a testament to the degree by which strong civil society advocacy within an existing legal rights framework can empower committed legislators to change the law, and thus the world.

If they can do it in Europe, is there any reason why we can’t do it in Australia? At first glance, it doesn’t seem promising. After all, our current baseline is the Office of the Australian Information Commissioner’s grotesque ruling that former human services minister Alan Tudge was justified in leaking the private details of writer Andie Fox to a journalist, in order to procure a hostile story about someone who had dared to raise a public critique of the government’s “robodebt” disaster.

In fact, there’s no reason why we can’t turn the tide here too. We don’t have a sweeping mandatory internet filter in Australia, because of successful political opposition. Nor do we have mass prosecutions for minor copyright violations, and, for the time being, even the Labor Party has baulked at the prospect of giving military intelligence agencies warrantless surveillance powers over Australians.

“The internet may seem like the last frontier of a human rights battle that is increasingly hard to win,” says Tim Singleton Norton, chair of the Australian advocacy network Digital Rights Watch, “but it is also where you will witness the most creative, the most engaged, and the most dedicated defenders practise their art.”

His optimism comes in the wake of the organisation’s State of Digital Rights report, which sets out a unifying set of recommendations and directions for Australian campaigners in the wake of the GDPR. The internet, it is worth remembering, is not some frictionless post-material medium unmoored from the rest of the world. Nor are our private lives just some commodity to be sucked out of the ground and sold to advertisers. The internet is entirely a creature of engineering, power and capital, and there is no reason why we can’t win fights for justice and democratisation online, just as we do everywhere else.

The fights won’t be easy, as those who spent years advancing the GDPR discovered. We’ll know we’re on the right track when we get a batch of cheerful spam from Australian service providers, announcing our next wins.

Scott Ludlam

Scott Ludlam is an ICAN ambassador, a former Australian Greens senator for Western Australia and the author of Full Circle.

There is nowhere quite like The Monthly. We are told that we live in a time of diminished attention spans; a time where the 24-hour-news-cycle has produced a collective desire for hot takes and brief summaries of the news and ideas that effect us. But we don’t believe it. The need for considered, reflective, long-form journalism has never been greater, and for almost 20 years, that’s what The Monthly has offered, from some of our finest writers.

That kind of quality writing costs money, and requires the support of our readers. Your subscription to The Monthly allows us to be the home for the best, most considered, most substantial perspectives on the state of the world. It’s Australia’s only current affairs magazine, an indispensable home for cultural commentary, criticism and reviews, and home to personal and reflective essays that celebrate and elevate our humanity.

The Monthly doesn’t just comment on our culture, our society and our politics: it shapes it. And your subscription makes you part of that.

Select your digital subscription

Month selector

From the front page

Illustration by Jeff Fisher

Letter from Dunkley

As a byelection drew the nation’s focus to the scrappy suburb of the author’s childhood, a visit revealed the damage wrought by the housing crisis

Kim Williams seen through window with arms half-raised

The interesting Mr Williams

At a time when the ABC faces more pressure than ever before, is its new chair the right person for the job?

Andrew Tate in dark sunglasses flanked by two men, attending his trial in Bucharest, Romania, July 2023

The Tate race

Online misogyny touted by the likes of Andrew Tate (awaiting trial for human trafficking and rape) is radicalising Australian schoolboys

Exterior of the Department of Treasury, Canberra

Tax to grind

Tax reform should not be centred on what we want, but on who we want to be

In This Issue


Voice, Treaty, Truth

An uncoordinated approach to treaty-making creates a quandary for Aboriginal and Torres Strait Islander peoples

Image of Angélique Kidjo

Angélique Kidjo reinvents Talking Heads’ ‘Remain in Light’

This remake of the 1980 classic insists on the connections between musical traditions

Cover of Kudos

‘Kudos’ by Rachel Cusk

A masterful trilogy concludes


The Buddha of Bendigo

The world’s biggest gem-quality Buddha statue has made its home in central Victoria

More in Comment

Exterior of the Department of Treasury, Canberra

Tax to grind

Tax reform should not be centred on what we want, but on who we want to be

Parliament House, Canberra, under a sunset

An executive summary

Labor’s pledge to depoliticise the public service is undermined by the government only hearing what it wants to hear on climate change

Image of Treasurer Jim Chalmers standing at lectern at Parliament House, October 25, 2023, taken from side stage

What kind of year has it been?

Was 2023 – beyond the referendum calamity – a year of government timidity or a demonstration of its ability to keep the national conversation on course?

Illustration by Jeff Fisher

Truth after the Voice

The lost opportunity of the Voice referendum revealed Australians’ poor understanding of the Constitution, and the level of racism in the community

Online latest

Osamah Sami with members of his local mosque

In ‘House of Gods’, Sydney’s Muslim community gets to be complicated

Plus, Barnaby Joyce shines in ‘Nemesis’, Emma Seligman and Rachel Sennott deliver ‘Bottoms’, and Chloë Sevigny and Molly Ringwald step up for ‘Feud: Capote vs. The Swans’.

International Film Festival Rotterdam highlights

Films from Iran, Ukraine and Bundaberg were deserving winners at this year’s festival

Two women on a train smile and shake hands

‘Expats’ drills down on Hong Kong’s class divide

Plus, Netflix swallows Trent Dalton, Deborah Mailman remains in ‘Total Control’ and ‘Vanderpump Rules’ returns for another season

Image of a man playing music using electronics and the kora (West African harp)

Three overlooked albums of spiritual jazz from 2023

Recent releases by kora player John Haycock, trumpeter Matthew Halsall and 14-piece jazz ensemble Ancient Infinity Orchestra feel like a refuge from reality