Legislative Council - Fifty-Fourth Parliament, First Session (54-1)
2019-02-12 Daily Xml

Contents

Bills

Statutes Amendment (Child Exploitation and Encrypted Material) Bill

Second Reading

Adjourned debate on second reading.

(Continued from 6 December 2018).

The Hon. M.C. PARNELL (15:42): Child exploitation is an abominable crime. Perpetrators deserve the harshest punishment and our law enforcement officers need every tool to identify and track down perpetrators, including those involved in the insidious online trade in child exploitation images and videos. In my view, the perpetrators of these serious crimes are the scum of the earth, and I have little sympathy for them. I expect most right-thinking people would agree.

However, other crimes that do not involve child exploitation attract very different reactions within the community, and they require very different responses. That is what makes this bill so insidious. Tacked onto a bill that deals with some of the most abhorrent crimes imaginable are other measures that are overwhelmingly unrelated to child exploitation. These measures are tacked onto the bill and we are told it is a package of responses that must be passed together.

I think this approach is disingenuous and dishonest. It is calculated to put unreasonable pressure on members of parliament who are, quite rightly, fearful of being accused of being soft on child exploitation if they do not support the whole of the bill. It is an all too common political tactic: you take a new law that everyone can agree with, tackling child exploitation, and you tack onto it other measures that are far more contentious and may bear no relationship with the expressed primary aim of the bill.

It is these provisions that the Greens want to see further debated and which we think should effectively be removed from the bill before it is passed. We are happy to give police the powers they have requested in relation to child exploitation, including the so-called encryption provisions, but we want the laws limited to that purpose until we can have a proper debate in the community about our digital privacy rights and the boundaries of police authority to force the unlocking of electronic devices.

In a nutshell, the so-called encryption measures in this bill provide that a magistrate, at the request of a police officer, can order that a person unlock a computer, phone or other device that contains or provides access to data, even in cases that have absolutely nothing to do with child exploitation, and it is these measures which we oppose. We have no problem with the parts of the bill that amend the Child Sex Offenders Registration Act 2006, the Criminal Law Consolidation Act 1935 or the Evidence Act 1929. These provisions all relate to child exploitation material and we support their passage.

The problem area is part 5 of the bill which inserts a new part 16A into the Summary Offences Act 1953. These provisions relate to data that is held electronically and, in particular, data that is password protected, encrypted or otherwise not accessible without a code or a key. The main provision is a new law requiring people subject to an order from a magistrate to provide access to electronic data on pain of a maximum five-year penalty for refusing to comply without good reason. In simple terms, it is up to five years' gaol if you refuse to unlock your device and provide access to its contents.

The way the bill is framed in proposed new section 74BR, the trigger for a police officer to be able to seek an order from a magistrate is whether:

(a) there are reasonable grounds to suspect that data held on a computer or data storage device may afford evidence of a serious offence;

The definition of 'serious offence' in new section 74BN is:

(a) an indictable offence; or

(b) an offence with a maximum penalty of 2 years imprisonment or more.

The order issued by the magistrate does not have to be directed to a suspect in relation to a serious offence, it can be directed to anyone who they believe knows the passwords or has the ability to access the device or data. This could be a family member, it could be an employee or it could be an IT professional. The order need not identify any particular device. It does not even have to specify what information is being sought. In short, you can be ordered to unlock everything or risk five years' gaol.

The question that arises is: what is wrong with that? Why would we not want to give the police every possible tool to catch criminals? I think there are a number of problems with these provisions and I want to go through them one by one. I would point out at this stage that my concerns have also been expressed by the Law Society of South Australia. The society published a submission to the former attorney-general back in October 2017, which was when this bill was first introduced. As members might recall, it did not pass in that last parliament due to parliament being prorogued; it has effectively been brought back now, but the Law Society's concerns back then are pretty well the same as they are today.

The first problem that arises is what is known as the rule against self-incrimination. Members would know that in this place we have debated very many criminal offences and we have almost invariably included provisions that support the longstanding provision in our legal system that a person is not required to incriminate themselves and that it is the job of the prosecution to prove the case against them. There are some important exceptions, of course, but that is the general rule. That is why defendants are advised in their interviews with police that they do not have to answer questions that might tend to incriminate them.

The government says in response to that argument that these so-called electronic warrants are really no different to an old-fashioned physical search warrant, but I would make the point that they are in fact entirely different. The main distinguishing element is that, in terms of a traditional search warrant, the cooperation of the person being searched is not required. It does not take a rocket scientist to realise that if police turn up at the door with a search warrant and say, 'It's the police here, we have a search warrant', and you say, 'Go away', you may get your door broken down. The police then enter and say, 'Can you unlock the filing cabinet to show us the contents?' and you refuse, well it is going to be jemmied open. You are not obliged to cooperate and that has been the law of the land pretty much forever.

The difference is that with these—let us call them electronic search warrants—the obligation on you is to cooperate to the extent, or in the event even, that you will incriminate yourself. You are legally required to assist the police to potentially incriminate yourself. If you do not, you are liable for up to five years' gaol. These are important considerations.

I make the point that the rule against self-incrimination is not absolute. There are some circumstances where parliament has decided that the public interest should prevail and the rule does not apply, but that has to be the exception rather than the rule. What we see in this bill is no such nuanced approach. If you are the subject of an order, you are legally obliged to unlock your devices and provide access to material, regardless of any consequences for you or for others.

The second problem is in relation to privacy considerations. When it comes to evidence of serious criminal offences, most people are not too worried about privacy, they think that prosecuting these offences should take priority. But we need to think a bit deeper because as we get further and further into the digital age increasingly the whole of our lives is digitally recorded. There is now a record of everything we write. There may still be some people with fountain pens; I cannot recall the last time I wrote anything significant with a biro or a pen. It is all written on computers, tablets and phones, and it is recorded digitally—everything we write.

There is a record of every person we talk to on the phone. In the past, I guess, the police may have gone to Telecom (or whoever it was back then) and got a register, if they could, of people who had used landlines and whatever. It is so much easier now; we nearly always use mobile phones for everything. There is a record of every person we talk to on the phone. With every person that we engage with through messaging services, there is a record. I know, from my private conversations with Liberal members, Labor members and Greens members, that most of us are using encrypted messaging services these days, we are trying to secure our internal communications, but all that stuff is on our devices and it is all subject to this bill.

Every photo we take, every diary entry, every appointment we make with someone, is now digitally recorded and subject, potentially, to these new laws. Possibly the most insidious of all: every single place that we go is recorded electronically on devices and would be available if a person was the subject of one of these orders and was forced to unlock, for example, their mobile phone. That information would certainly be of interest to the police in those small number of cases where they need to locate a potential suspect at the scene of a crime—you can sort of get that—but what we are really talking about are the movements of every other citizen at all times of the day or night.

I do not think I am Robinson Crusoe; I am rarely without my phone. If it is not in my pocket, it is on the bedside table. You only have to delve into the settings and have a look and it knows where you are, if you have your settings turned on. Which of us has not gone to the airport and, just as you enter the carpark, found that a message will come up, 'You have arrived at the airport; are you going overseas? Do you need any foreign currency?' I will not acknowledge the Hon. Ian Hunter putting up his hand, he does not use a smart phone in the same way as the rest of us, but for most of us every move that we make is tracked digitally. It is on our devices and it is potentially subject to these orders.

As I say, if the police were trying to locate someone at the scene of a crime, it might be useful information, but 99.9999 per cent of the time where we are at any particular given moment is of absolutely no interest to law enforcement authorities, yet that is information they will have access to.

That brings me to the next concern, which is that anything that is found on a device can be used and used against you. It does not matter that it was not what they were looking for. At first blush this might not seem problematic. If we go to the example of an old-fashioned physical search warrant, if the police believe that stolen goods might be at your property and they enter the property and what they discover instead is a crystal meth drug-making lab, most of us would think, 'Well, that's fair enough, of course you're going to get done for that', that would make absolute sense. But when you look at it in the electronic realm it raises a whole lot of issues.

The threshold test for whether one of these orders can be issued in the first place is that the police suspect that information in relation to a serious crime might be available—if they can convince a magistrate of that—but what they find on your phone is not evidence of a serious crime but evidence of something else; something else that might not be a crime at all; it might be something of purely prurient interest. The question is: what happens to that data? Can it be used?

I will give a couple of examples. Let's say that a person has dashcam footage from their car and they store it on their laptop. If they are forced to unlock the laptop will the police be able to scour through that information and use anything they find to charge the person with some other offence? Maybe you forgot to turn your headlights on until a few minutes after dusk.

We have all been in that position where you know that when the sun goes down you turn your headlights on, it is a safety measure in cars, but what if you had forgotten? What if the dashcam footage shows that you did not turn your headlights on in time? Maybe it showed that you were speeding. Maybe it showed that you went through a red light. Who knows what it would show? The question is: can the police use that information? It was not what they were looking for but it is what they found.

The police could not have got an order looking for that information because it does not relate to serious offences, but if they do not find what it was they were looking for and they do find this information instead, can they use it? I will put that question on the record for the minister to respond to in more general terms. What restrictions exist on the ability of the police to use material found on electronic devices for purposes other than the prosecution of a serious offence?

In terms of privacy the other thing we might want to think about is that some people include very private information on their electronic devices that are of no possible interest to law enforcement authorities. That might include personal photos, intimate text messages or even evidence of affairs or relationships that are of no business to anyone other than those involved. Again, I ask the minister to take that question on notice: what restrictions, if any, are imposed on the use of personal information that is disclosed on electronic devices that have no relationship to any crime, serious or otherwise?

Another concern is that the bill is not just in relation to police because, leaving aside other law enforcement officers like ICAC, there is a provision in here that says the police can take along anyone else they think might be handy, anyone else who might be able to help them. So you have, potentially, people who are not sworn police officers, they are not necessarily trained, they are not bound by any professional standards and yet they may be given access to electronic data that is obtained under an order.

Again, the question for the minister is: what restrictions, if any—I do not think there are any—are in place that limit the number of people or the range of people who can access this information? The order might be made by the police but the bill says that the police can get other people to help them access the data as well. These people, presumably, do get access to that data if they are successful.

There are a couple of other issues that I will raise: one relates to parliamentary privilege and one relates to journalist shield laws. These were two things that jumped out at me as potentially being infringed by these amendments. The first thing I would say in relation to parliamentary privilege is that most of us know that we inherited privileges through the Westminster system. It goes back to 1856, I think it is, and I understand, from my discussions with parliamentary counsel, that there is a provision in the constitution that we cannot expand on those privileges, but they have not been codified.

We do not have a privileges act as they do at the commonwealth level. However, most of us appreciate and accept that communications between constituents and members of parliament in relation to their parliamentary duties are privileged and are not something that is made available to law enforcement officers.

All of us here have received tip-offs from whistleblowers; all of us at some point have received email communications where people are alleging offences that have been committed by others, and we hold these communications in confidence. They are part of parliamentary privilege.

The question that then arises is how do those principles sit with this law? For example, if police manage to convince a magistrate that they believe a certain fictitious member of parliament may be in possession of stolen goods—or some such offence, just to make a hypothetical example—and they want to access the member's phone, tablet and parliamentary computer, the question arises can they do that? How do they do that?

It would seem to me that the first thing that they would probably do if they were determined to have access is ask the member. The member would probably say, 'No. My phone, my computer, my tablet contain information that is privileged.' They are communications between yourself as a member of parliament and constituents.

They possibly would not go to the MP; they would go across the road. They would go to the PNSG, the Parliamentary Network Support Group, and with their order in hand they would go to a public servant—who is, as I understand it, not directly employed by the parliament, certainly not employed by the members of parliament—and they would order them to unlock a member of parliament's computer, unlock every document that they have ever written, unlock every meeting they have ever held through their diary and unlock all of their emails, because the police have managed to convince a magistrate that they think a member might have information about stolen goods or some such thing. That raises very serious questions about privilege.

One amendment that I have moved is to include in this legislation pretty much the same provision that is included in the ICAC legislation, a provision that basically says that these laws do not derogate from parliamentary privilege. However, it is actually not quite that simple, because even though I have drafted that amendment, I do not intend to move it if my first set of amendments is successful.

My first set of amendments is to hold the government to the primary task that they have set, which is child exploitation. If this bill is confined entirely to child exploitation offences, then I do not particularly want to give members of parliament any protection in relation to those offences; I do not want to do that. I will only move an amendment in relation to parliamentary privilege if my first set of amendments is not passed.

The first set of amendments I see as an invitation to the government to accept what the parliament is saying about child exploitation material—I do not think there is any disagreement on that—but to defer to another day and a proper debate consideration on other crimes that might be appropriate to allow the police the ability to access computers.

I have no doubt that we could run through a list of crimes that people might think are appropriate. I am sure terrorism will be up there on the list, but at present I can just pick a couple of crimes that currently are caught by this bill. One is bigamy. I mean—really? That is punishable by two years in prison or more. To what extent is it of any great interest to order someone to unlock their device because there might be evidence of bigamy?

Another is sexual relations between two people, one of whom is one day over 17 and one of whom is one day under 17. You might have two people who are two days apart in age—that is 10 years' gaol. We know that the police are not chasing Romeo and Juliet. They are not out there looking for young lovers. They are not doing that, but technically this bill covers that situation—anything with more than two years' gaol.

There are other crimes; let's accept they are crimes. Someone goes into a shop and changes the price tag so they get the toaster a little bit cheaper. I do not know of anyone who has done that, but apparently it is done because there is a special Criminal Law Consolidation Act provision about changing the price tags in shops. The gaol time for that is more than two years. Is that the sort of offence that we think should be a trigger for a magistrate to be able to order someone, on pain of five years' gaol, to open up every electronic device they own because it may give evidence of the fact that they swapped tags, or someone swapped tags, in a shop?

People might think this is reductio ad absurdum. They might think it is taking it too far, but honestly we pass these laws in full knowledge of the consequences, and the consequences are that there is a range of these relatively minor offences. Yes, they are criminal offences, but should they be the trigger for a magistrate to order you to open up all your devices?

I will finish with this issue of journalist shield laws, because it struck me that, only last year, this parliament decided as a matter of principle that, in order for the fourth estate to operate correctly, journalists should be able to protect their sources. The question then arises as to how these laws interact with that. When I put it to parliamentary counsel, they suggested that an amendment was not required for the journalists because there is a provision in this bill that says that it is in addition to other laws.

It does not necessarily derogate from other laws, but it does not take a great deal of thought to realise that it could still be undone. You could still get a police officer going to a magistrate and the magistrate issuing an order against a journalist to access their devices. It may be that the device, let's call it a mobile phone, might have information about whistleblowers and sources or it might have other material on it as well. How on earth do we manage that impasse?

If the police find something that was not what they were looking for and all of a sudden say, 'We found the whistleblower. We weren't looking for that but we found it', how do they unknow that information? What is to stop them then using a circuitous route to go and find that person through some other avenue so that they can say, 'We didn't get it through the mobile phone, we got it elsewhere, it was just a lucky guess, we came across this person'? It does not take rocket science to imagine the number of scenarios. I think journalists are at risk as well.

I will just put a few more questions on the record for when the minister closes the second reading. Back in relation to parliamentary privilege, the question is does parliamentary privilege apply to documents affecting parliamentary business that are contained on a member's computer, phone or laptop? I think I know the answer and I think it is yes; not all information, but certainly parliamentary privilege applies to a lot of that information. Secondly, does it matter whether that information is physically held inside or outside Parliament House or inside or outside a member's electorate office? Does privilege still apply?

What is the situation for members' documents that are held on parliamentary servers, such as SharePoint or somewhere in the cloud that is managed by the Parliamentary Network Support Group (PNSG)? Would public servants employed by PNSG be caught by the legislation in relation to unlocking information that is held by or on behalf of members? Similarly, with our electorate staff, could the police go to the staff member of a member of parliament and order them, if they have the password to some device or cloud storage, to unlock it? I think these are very serious questions and I do not think they have been properly addressed.

I think the responsible approach for this house to take would be to accept that the primary evil we are trying to overcome here is in relation to child exploitation material. Let's deal with these insidious crimes, let's deal with these people, let's give the police the powers they have asked for. The broader question about the circumstances in which the police should be able to order the unlocking of phones and devices, whether for regular citizens, journalists or members of parliament, let's have a proper debate about that.

Effectively, what I am inviting the government to do is to split the bill. My amendments effectively seek to do that. It confines the encryption provisions to child exploitation cases only and, as I have said, if that amendment is unsuccessful, then I have a catch-all provision that relates to parliamentary privilege, at least. I think our democracy will suffer if members of the public cannot fully trust that they can communicate privately with their members of parliament. That would be a very slippery road to go down. Once citizens lose their trust in the politicians, then democracy is what is at risk. With those brief remarks, the Greens will be supporting the second reading of this bill and we look forward to the committee stage.

The Hon. D.G.E. HOOD (16:08): In making my contribution today, I would just like to place on the record that I have not had the opportunity to review the Hon. Mr Parnell's amendments. I believe they were only filed this morning, so when I was preparing my speech I had not yet taken into account the amendments. I will not make reference to them in my speech and I make no comment on the merit of them or otherwise. Of course, that will go through the normal process of going to cabinet and then ultimately to our party room before the party reaches a position.

But I do rise to speak in strong support of the bill as it currently stands, which introduces important measures to seek to stem the proliferation of child exploitation material, or what is commonly referred to as CEM. It is, of course, largely based on a bill the previous Labor government introduced in 2017, which unfortunately lapsed at the conclusion of the last parliamentary year due to its other priorities. I am therefore pleased that the Marshall Liberal government is introducing its own iteration of the bill in a further effort to protect children from what I consider to have been one of the most unconscionable and inexcusable forms of abuse that could possibly be inflicted upon the most vulnerable within our community.

It is imperative that our laws in this state are continually reviewed and updated to account for rapid technological advances that can serve to facilitate illicit behaviour of any kind and I am confident the bill will better equip our law enforcement agencies in the detection and prevention of offending of the worst kind imaginable. The impetus for the bill is the fact that those who contribute to satisfying the demand for CEM through promoting and enabling its distribution and exchange without actually possessing the material could avoid any culpability for their conduct under our current laws as they stand.

In order to rectify this, the bill includes numerous amendments to the Child Sex Offenders Registration Act 2006, the Criminal Law Consolidation Act 1935, the Evidence Act 1929 and the Summary Offences Act 1953. It specifically seeks to create three new offences targeting the administrators or hosts of child exploitation material websites and the persons assisting in their administration, establishment or operation, each with maximum penalties of up to 10 years' imprisonment.

This is, of course, intentionally in line with the penalties for most of the existing aggravated CEM offences in South Australia. Those who develop, manage or monitor these sites, encourage or promote their use or train and equip others to avoid detection and apprehension for committing relevant offences will be captured. The bill also endeavours to provide new investigative powers and procedures to assist police in the detection of offences that have been made increasingly difficult due to the evolution of technology and the development of sophisticated encryption programs.

Under these provisions, police and investigators for the Independent Commission Against Corruption will have the ability to make an application to the Magistrates Court for an order which could compel a person to provide necessary information or assistance that may include but is not limited to the provision of relevant passwords, fingerprints, retinal or facial scans or other data required for access that has not yet been designated. Due to the widespread use of encryption services to shield criminal activity that relies on the use of the internet, it can be expected that these provisions will naturally expand beyond supporting the investigation of suspected crimes associated with CEM, which may include those involving terrorism, illicit drugs, fraud, identity theft and cyberbullying.

I understand that states, including Victoria, Queensland and Western Australia, already offer similar powers to those postulated by the bill, so there is certainly precedence for this to be afforded to our jurisdiction. In addition, three further offences have been devised to capture those who impede or seek to impede such investigations through the alteration, concealment or destruction of data, with maximum penalties ranging from five to 10 years, depending on the circumstances relevant.

Both the Commissioner of Police and the ICAC will be required to provide an annual report to the Attorney-General detailing the number of applications for orders, whether they were granted, if they were urgent, the types of alleged offences, a description of the devices involved and any charges that resulted and were ultimately laid. Further, a statutory review would be undertaken three years following the enactment of these laws. Then, of course, the bill also provides for broader protections to victims of child exploitation material.

The need for the bill is perhaps best exemplified within our local context in the horrific case of child sexual abuse against children in South Australian state care perpetrated by Shannon McCoole. In 2015, members may recall McCoole was sentenced to some 35 years in gaol after pleading guilty to the various offences committed between 2011 and 2014, including:

two counts of unlawful sexual intercourse with a person under the age of 14;

three aggravated counts of indecent assault;

one count of gross indecency of a person under the age of 16;

three counts of persistent sexual exploitation of a child;

seven aggravated counts of producing child pornography;

one aggravated count of disseminating child pornography; and

one aggravated count of possessing child pornography.

The important point to note here is that although it was also discovered that McCoole was the administrator of what was to believed to be the world's largest child pornography website concealed within the dark web where its 45,000-plus members could only gain access through engaging TOR encryption software, he was never actually sentenced for any charge in relation to this particular act.

He was charged for the other matters I have just outlined and indeed found guilty but was never actually charged for his involvement in the dissemination of this material with 45,000-plus members, and arguably that is the most heinous of all of his acts. I hope members would agree that this is not acceptable when you consider the countless victims he had absolutely no regard for as he simply sought to profit from their degradation.

In 2010, I successfully introduced legislation to grant judges the power to ban convicted paedophiles from accessing the internet at all under certain circumstances, which I hoped would contribute to curbing the demand for child exploitation material. That bill did pass this place and is now law in our state. As most would appreciate, almost nine years later these laws appear to be more relevant than ever due to dramatic advancement with the internet's speed and capacity that provides all the infrastructure necessary to efficiently disseminate large volumes of disturbing content featuring victimised children for the consumption of depraved deviants all over the world.

Given the fact that the FBI reports that there are some 750,000 paedophiles online and 150 million images on the web documenting child exploitation, it is evident that this is an increasingly lucrative industry for criminals to participate in to satisfy themselves in some strange way. This government appreciates its responsibility to ensure our laws are fit for purpose and can effectively deter would-be offenders from perpetuating these sexual crimes with the threat that it will be increasingly difficult for them to succeed in maintaining their anonymity. Given the transitional nature of the crimes we are referring to, the proposed legislation is not only in the best interests of South Australians but will no doubt contribute to the protection of potential victims on a global scale, as of course this problem circles the globe.

I strongly support the bill. As I said, I have not had a chance to consider the amendments the Hon. Mr Parnell has proposed. They will go through our normal process and we will consider them in due course.

Debate adjourned on motion of Hon. I.K. Hunter.