Proxies

'Surveillance deputies: When ordinary people surveil for the state' by Sarah Brayne, Sarah Lageson and Karen Levy in (2023) 57(4) Law & Society Review 462-488 comments 

 The state has long relied on ordinary civilians to do surveillance work, but recent advances in networked technologies are expanding mechanisms for surveillance and social control. In this article, we analyze the phenomenon in which private individuals conduct surveillance on behalf of the state, often using private sector technologies to do so. We develop the concept of surveillance deputies to describe when ordinary people, rather than state actors, use their labor and economic resources to engage in such activity. Although surveillance deputies themselves are not new, their participation in everyday surveillance deputy work has rapidly increased under unique economic and technological conditions of our digital age. Drawing upon contemporary empirical examples, we hypothesize four conditions that contribute to surveillance deputization and strengthen its effects: (1) when interests between the state and civilians converge; (2) when law institutionalizes surveillance deputization or fails to clarify its boundaries; (3) when technological offerings expand personal surveillance capabilities; and (4) when unequal groups use surveillance to gain power or leverage resistance. In developing these hypotheses, we bridge research in law and society, sociology, surveillance studies, and science and technology studies and suggest avenues for future empirical investigation. 

In 2020, Amazon announced that over 10 million users had joined its “Neighbors” app (Huseman, 2021). The app is integrated into the company's home surveillance devices, including the popular “Ring” doorbell camera—a video-enabled device that enables users to view, speak with, and record their front door area as well as the people who visit it. When a person purchases and installs a Ring doorbell, they are automatically enrolled in the Neighbors app, which enables users to post videos of “suspicious” activities and crimes (including the theft of Amazon packages from their doorsteps; Molla, 2020) and to view similar content posted by other users within five miles of their location. Although these “surveillance as a service” devices are marketed to, purchased, and installed by civilians, the state regularly seeks access to their data (West, 2019). The content collected by Ring cameras is shared directly with more than 2000 police departments across the United States through a combination of subpoenas, warrants, court orders and memorandums of understanding between municipalities or homeowners' associations and local law enforcement agencies (Lyons, 2021). Most often, that content is shared with the state by users who volunteer it to police (Gilliard, 2021; Haskins, 2021). Ring and Neighbors thus represents a convergence of interests among consumers, the state, and one of the largest and most powerful technology companies. Homeowners can protect their property; police have access to previously difficult-to-reach surveillance content; Amazon profits. 

Ring exemplifies the phenomenon of what we term surveillance deputization: when ordinary people use their labor and economic resources to engage in surveillance activities on behalf of the state. Our analysis of the historical development and contemporary forms of surveillance deputization demonstrate that the phenomenon shows no signs of abating, as states continue to implore people to watch and report on one another. Despite its prevalence, sociolegal scholarship has rarely examined surveillance deputization as a coherent phenomenon, and it remains an underspecified mechanism of state power. The case of surveillance deputization illustrates broader forces at play, including neoliberal privatization of state functions, the cultivation of risk and fear, and the interplay between law, technology, and privacy. It also sheds new light on core themes and debates in law and society literature, including legal consciousness, legal mobilization, and legal ambiguity—concepts which consider how ordinary people make sense of ambiguous and rapidly changing legal and quasi-legal contexts. Therefore, we articulate a theoretical framework of surveillance deputization rooted in a law and society approach, describing how it functions, what motivates participation, its implications, and how it intersects with state and corporate interests. We offer four hypotheses about its dynamics and implications: (1) the interest convergence hypothesis; (2) the legal institutionalization hypothesis; (3) the technological mediation hypothesis; and (4) the social stratification hypothesis. 

Our hypotheses draw upon several key themes in the law and society literature. First, surveillance deputization represents a case in which ordinary people must contend with both an ambiguous legal environment and a new suite of technological capabilities. Future law and society scholarship might continue to examine this interplay between lay people's understanding of law and legal rights as they implement new tools that in turn support functions typically relegated to the state. Our hypotheses also invoke concepts of legal mobilization, when both private companies and private individuals actively leverage surveillance to obtain quasi-legal outcomes or aid in legal processes, exposing unclear meanings of the law in the digital, platformed age. Finally, our analysis directly engages law and society scholarship with studies of technology. As we show, the networked, data-intensive technologies that have become the infrastructure of everyday life—like smartphones, Internet of Things (IoT) sensors, software, and digital platforms—are both intensifying and transforming these practices (Ferguson, 2017; Murakami Wood & Monahan, 2019). Our analysis shows how these new devices and capabilities benefit the interests of both the user and the state; they allow more expansive and invasive surveillance capabilities as technology evolves; they allow governments to evade privacy-protective legal constraints; and, while they have the potential to further marginalize vulnerable groups, they can potentially be used to turn the lens back on the state itself. 

Although this article focuses on surveillance deputization, we hope the framework and empirical hypotheses detailed below spurs sociolegal work on questions of how the law deals with technological change, how ordinary people make sense of and contribute to the workings of the legal system, and continuities and changes in the practice of policing and in legal institutions. We begin with a brief social history of surveillance deputization, then explain our analytic and theoretical approach, including the literatures we draw from and the empirical examples we provide. We then move to a discussion of our four hypotheses, laying the groundwork for testable propositions in future empirical work. We close by encouraging scholars to continue to examine whether and how the acceleration of surveillance deputization augments the scope of state surveillance, intensifies the effects of surveillance on marginalized populations, and opens opportunities for collective resistance.

Spyware

'Selling Surveillance' (Indiana Legal Studies Research Paper No. 495) by Asaf Lubin comments 

There is a vast and growing network of private companies selling spyware—tools and services that provide their clients with unprecedented access to smartphones, laptops, and other internet-connected devices. Investigative reporting and work by civil society have now repeatedly confirmed the systematic abuses of these technologies by government actors to target human rights activists, journalists, and dissidents around the world. 

A large group of UN human rights special rapporteurs, civil society organizations, and members of the European Parliament have recently called for an immediate and global moratorium on the sale, transfer, and use of spyware technologies. The paper argues that such calls are not only impractical, but they are also hypocritical and pose a danger to public safety and the future integrity of our information and telecommunication technologies. Ad hoc litigation and ex post blacklisting and sanctions are similarly inapt in generating sufficient deterrence. 

As an alternative to these flawed approaches, this paper makes the case for an international system to standardize the commercial spyware industry, which I call the “Commercial Spyware Accreditation System” (CSAS). The paper first explains the limits of existing domestic and international regulation—including international export control law, international human rights law, and corporate social responsibility—in constraining the negative externalities of the commercial spyware trade. The CSAS model responds to these limitations by proposing a multistakeholder forum with a set of binding controls, enforced through governmental licensing and contracting, that could mitigate the harms produced by these technologies. The control spans the five stages of the spyware lifecycle: (1) development and investment; (2) marketing and sale; (3) client management; (4) spyware diplomacy; and (5) client and product/service termination. 

Policy makers both in the United States and across the Atlantic are engaging in an ongoing dialogue to develop new international instruments that effectively respond to threat of spyware. This paper aims to provide these regulators with a set of innovative tools that have not been considered before in the literature.

Crime Data

‘The Early Criminal Record on the Boundary of Entertainment: Thomas F. Byrnes’ Professional Criminals of America and the Spectacle of Criminal Identification’ by Charles F Brackett in (2022) 20(2) Surveillance & Society 157-171 comments

While the proliferation of criminal records has received much recent attention, the origin of the criminal record in the United States itself is relatively obscure. This article examines an episode in the development of criminal record keeping and lateral surveillance in the United States, the publication and reception of Thomas F .Byrnes’ Professional Criminals of America ([1886] 1969). I argue that Professional Criminals of America developed a cultural purchase well beyond its relatively modest circulation. By exploiting anxieties about mobility, anonymity, and the decline of class distinction, Byrnes’ book sold itself as a tool to develop regimes of lateral surveillance, enlisting regular citizens to support the police by spying on one another. 

 Brackett argues 

 The proliferation of criminal records in the US and the resulting handicaps for people who have them are topics of increasing concern for scholars and policymakers (e.g., Lageson 2020; Jacobs 2015). While the stigma of a criminal record has been the subject of extensive study, scholars are only beginning to study the extensive use of records (e.g., Jacobs 2015; Lageson 2020; Thacher 2008). Meanwhile, the emergence of the criminal record in the United States has received almost no sustained study. Drawing on theories of surveillance technology as both practical and imaginary (Cole 2001; Bunn 2012), and testing theories of the emergence of “risk society” and lateral surveillance (e.g., Beck 1992; Andrejevic 2002), I examine Detective Thomas F. Byrnes’ 1886 book Professional Criminals of America ([1886] 1969). Specifically, Byrnes’ entertaining volume, which sold more than ten thousand copies in its first printing (Brooklyn Daily Eagle 1886), merged entertainment with new technologies of crime control and sought to produce a type of lateral surveillance. Byrnes used his own charisma and public fascination with criminality to turn Professional Criminals into a significant cultural object in the turn-of-the-century United States. In doing so, Byrnes ([1886] 1969) sought to introduce a tool that would provide any citizen the information they needed to be their own detective. … 

Late-twentieth and twenty-first century scholarship on security and surveillance has emphasized the supposed emergence of “risk”as a dispositif for the management of diverse populations of people, events, or probabilities (e.g., Foucault 2008b; Bigo 2012). Since the 1980s, a growing body of surveillance and security literature has come to emphasize the role of disembodied data (e.g., Gandy 1983; Lyon, ed. 2003; Haggerty 2001; van Dijck 2014), algorithmic and predictive practices (Aradau and Blanke 2017, 2018), and the technologies of data-driven risk management in both security practices and governance more broadly (e.g., Lageson 2020; Eubanks 2018; Noble 2018). 

Studies of risk often position the rise of risk as a de facto rupture in the social order (e.g., Beck 1992 and Giddens 1990). Briefly stated, risk society theories posit the emergence of a new social form governed less by traditional class conflict and competitive governance than by the technocratic assessment and management of various social risks (Giddens 1998). Or, as Beck(1992: 223) argues, “[p]olitics is no longer the only or even the central place where decisions are made on the management of the political future.” Perhaps the best example of this shift for criminal punishment can be found in Ericson and Haggerty’s (1997) argument that law enforcement’s main function today is the production of data. 

A central aspect of this conceptualization of risk and risk management is the role of state institutions in the production of supposedly objective knowledge. In his study of criminal justice statistics, for example, Haggerty (2001: 191–192) argues that one of the main functions of statistical institutions is their claim to represent “objective rationality.” This formulation is substantively reproduced in multiple examinations of the risk society and the proliferation of risk management practices (e.g., Aradau and Blanke 2017). Challenges to the risk society formulation have tended to critique the claim of newness, both implicitly and explicitly (e.g., Rigakos and Hadden 2001). Others implicitly challenge Beck’s (1992) and Giddens’ (1998) claim to the declining salience and value of contentious politics, for example with a call reexamine the importance of “agonism” in democratic politics (e.g., Mouffe 2005; Wenman 2013). 

Even critical scholars tend to take for granted that risk-based surveillance technologies are founded upon a logic of science and gain legitimacy from their patina of objectivity or rationality. This comes despite a rich trove of research that highlights the important role of spectacle in the growth and legitimization of surveillance. Several scholars have examined the interpenetration of spectacle with surveillance, either in legitimizing surveillance society (Gold and Revill 2003) or spectacular uses of surveillance itself (Kammerer 2012). Scholars including Loic Wacquant (2012), Barry Glassner (2000), and Jonathan Simon (2007) have examined the role of spectacular media coverage of crime and terrorism in legitimizing and expanding surveillance practices. Brucato (2015) has problematized the ideology of “objectivity”in police use of bodycams, while a long social-scientific tradition has focused on the role of charismatic authority (Weber [1919] 1947,[1922] 1946) in legitimacy, as well as problematizing objectivity as a social reality (e.g., Foucault 2013; Galison 2000). 

How we understand the social management of risk and the resultant surveillant practices, then, has much to do with how we analyze the interaction of scientism and spectacle in the framing of both risk and its management. As much as a large insurance company may appreciate the multiplicity of statistics available to manage suspect populations and “dangerous” areas through Big Data, everyday citizens are more likely to frame their relationship to risk through lurid news coverage or the television show 24. 

Further, while the risk society is consistently positioned as a development of Late Capitalism or Neo-Liberalism (e.g., Beck 1992), such a framing threatens to disappear the long history of risk. Scholars from across the political spectrum have pointed to risk’s role in creating capitalism itself, either celebrating (Bernstein 1998), analyzing (Foucault 2008a, or critiquing (Rigakos and Neocleous, eds. 2011) this relationship. 

In examining Thomas Byrnes’ Professional Criminals of America ([1886] 1969), as well as its public reception, then, I seek to frame two basic questions at a micro-level. First, how did Byrnes’ work function as a melding of charisma and scientific authority, and what was its contribution to public acceptance of large-scale data collection?

Governance and Ghosting

'Governance ≠ Leadership: What Blockchain and AI Won't Do for Corporate Lawyers' by Jeffrey M. Lipshaw in (2020) The Journal of Corporation Law comments

This is a contribution to the Journal of Corporation Law’s 2020 symposium on blockchain technology and corporate governance. The thesis is that blockchain technology is well suited to the monitoring function in corporate governance; that monitoring as the primary function of corporate governance is a particularly legal conception; and that the business conception of governance has far more to do with leadership, strategy, and operations. If the legal and business conceptions of governance tend to be ships passing in the night (at least in this somewhat exaggerated rendering), it is because prevailing economic and legal theoretical models have a difficult time incorporating human qualities that underlie leadership, intuition, insight, and creativity. Law schools have long taught litigation skills and transactional skills have come into vogue as well. Teaching leadership to aspiring business lawyers is the next challenge.

In NSW the Independent Commission Against Corruption (ICAC) has found that employees of companies who supplied security services to the University of Sydney engaged in 'serious corrupt conduct', dishonestly obtaining hundreds of thousands of dollars by submitting false timesheets. The CEO of one company and an employee of another company engaged in serious corrupt conduct by providing benefits to the University’s security operations manager, including a pinball machine and luxury hotel accommodation, as an inducement or reward for him using his position at the University to favour their interests. The security operations manager engaged in serious corrupt conduct by accepting, or agreeing to accept, those inducements or rewards.

 ICAC's Investigation into the over-payment of public funds by the University of Sydney for security services (Operation Gerda) report indicates that between December 2015 and April 2018 employees of Sydney Night Patrol and Inquiry Co Pty Ltd (SNP) and its subcontractor, S International Group Pty Ltd (SIG), obtained financial benefits by submitting timesheets in which they made false representations as to the identities of guards who provided, or purported to provide, ad hoc security services to the University, knowing that the funds to pay those claims would ultimately come from the University.

 This practice, known as “ghosting”, involves the unauthorised use of the name and security licence details of a security guard who is not working a shift to secure a financial benefit. The Commission finds that SNP employees Emir Balicevac, Daryl McCreadie, and Frank Lu engaged in serious corrupt conduct through this practice, which respectively netted them about $222,905, $27,283 and $244,091. The ICAC finds that SIG security guard George Boutros also engaged in serious corrupt conduct by engaging in the same practice between October 2016 and April 2018. However, as an SIG employee, it is difficult to differentiate between the rostered shifts he legitimately claimed, and the ghosting shifts he illegitimately claimed, so the precise amount he dishonestly claimed is unknown. 

The Commission finds that SIG director and CEO Taher Sirour engaged in serious corrupt conduct through facilitating payments to Mr Balicevac, Mr McCreadie, Mr Lu and Mr Boutros on the basis of the false timesheets to obtain a financial advantage from SNP at the cost of the University. He was aware that Mr Balicevac and Mr Lu were falsely claiming payments for ad hoc services that had not been provided. 

Mr Sirour further engaged in corrupt conduct by providing payment for accommodation in October 2015 at the Shangri-La Hotel Sydney, a meal at Wolfies restaurant, and a car and driver to and from the hotel to Dennis Smith, the University’s security operations manager, and his wife for their 30th wedding anniversary. This conduct, and payment for a further stay at the hotel in 2017 that was ultimately cancelled, and proposed tickets for an overseas trip in April 2018, were provided as an inducement or reward for Mr Smith to use his position at the University to favour, or influence him to favour, the interests of SIG and Mr Sirour. 

Mr Balicevac also engaged in serious corrupt conduct by providing a pinball machine at a cost of $10,650 to induce or reward Mr Smith to show favour to Mr Balicevac and SIG in relation to the provision of security guarding services to the University. Mr Balicevac arranged for Mr Lu to contribute $6,000 to the cost of the pinball machine (no finding is made against Mr Lu in relation to the pinball machine). 

Mr Smith engaged in serious corrupt conduct by accepting, or agreeing to accept, the above gifts, as an inducement or reward to use his position at the University to favour SIG’s interests.

Outcome? ICAC considers that the University’s tender process for the provision of security services and its lack of a robust contract management framework may have contributed to the occurrence of corrupt conduct. The ghosting at the University created the likelihood that campus safety was compromised. ICAC made 24 corruption prevention recommendations to assist the University to improve its systems.

 ICAC also indicates that consideration should be given to obtaining the advice of the Director of Public Prosecutions with respect to the prosecution of Balicevac, McCreadie, Lu, Boutros, Sirour and Smith for various offences.

AgGag and the Criminal Code Amendment (Agricultural Protection) Bill

The Criminal Code Amendment (Agricultural Protection) Bill 2019 (Cth) will presumably warm hearts among rural communities but feature provisions that when read in context with existing telecommunications/criminal law are redundant.

The Bill would amend the Criminal Code Act 1995 (Cth) (the Criminal Code) to introduce two new offences relating to the incitement of trespass or property offences on agricultural land. The Bill relies on the Commonwealth’s telecommunications power under the Australian Constitution, with the requirement in the offence that the relevant criminal conduct be engaged in using a carriage service.

.The first offence would apply where a person uses a carriage service to transmit, make available, publish or otherwise distribute material with the intent to incite another person to trespass on agricultural land. This offence would require that the person is reckless as to whether the other person’s trespass or related conduct could cause detriment to a primary production business being carried on on the land. A person found guilty of this offence could face up to 12 months’ imprisonment. 

The second offence would apply where a person uses a carriage service to transmit, make available, publish or otherwise distribute material with the intent to incite another person to unlawfully damage or destroy property, or commit theft, on agricultural land. A person found guilty of this offence could face up to five years’ imprisonment, to reflect the more serious nature of the incited conduct.

 ‘Agricultural land’ is a defined term in the Bill - land used for a primary production business. Primary production business is defined as including farming businesses, such as chicken farms and piggeries, as well as businesses operating an abattoir or an animal saleyard.

The Bill contains exemptions for journalists and those who are making lawful disclosures of information, including whistleblowers. Under the exemption for journalists, the offences would not apply to material relating to a news report or current affairs report which is in the public interest and is made by a person working in a professional capacity as a journalist.  Under the exemption for whistleblowers, the offences would not apply to conduct engaged in by a person if, as a result of the operation of a law of the Commonwealth, a State or a Territory, the person is not subject to civil or criminal liability for the conduct. For example, the offence would not apply to a person who makes a public interest disclosure in accordance with the Public Interest Disclosure Act 2013 (Cth), whistleblower protections under the Corporations Act 2001 (Cth), or in accordance with other Commonwealth, state or territory whistleblower or lawful disclosure regimes.

We should note that use of “a carriage service to menace, harass, or cause offence” is already punishable under section 474.17 of the Criminal Code. It is unlikely that the amendment will effectively address concerns evident in submissions by civil society and other advocates regarding state legislation such as that highlighted here.

The Explanatory Memorandum comments in relation to the ICCPR that

The Bill’s objective is to reduce the malicious use of carriage services to encourage trespass, property damage or theft on private property. The use of a carriage service by perpetrators to communicate or share material with the intention that criminal activity occur, has the potential to contaminate food safety, breach biosecurity protocols and cause distress to members of the community. The extent to which the Bill would restrain the rights provided by [ICCPR] article 17 is a necessary consequence of, and proportionate to, the pursuit of this legitimate objective. 

. The ready sharing of material intended to incite a crime is not the type of correspondence article 17 aims to protect. In its preamble, the ICCPR states that “the individual [has] duties to other individuals and to the community to which he belongs” and that “freedom from fear and want can only be achieved if conditions are created whereby everyone may enjoy his civil and political rights”. The unchecked transmission of materials intended to incite trespass, property damage and theft is incompatible with the goals of the ICCPR and all other international human rights instruments. ... . 

Criminalising the use of a carriage service to incite crimes against another’s property promotes the objectives of “freedom from fear” and fosters conditions “whereby everyone may enjoy his civil and political rights”.

Further

New sections 474.46 and 474.47, proposed in Schedule 1 to the Bill, would limit an individual’s right to freedom of expression. These sections would criminalise the use of a carriage service to transmit material with the intention of inciting trespass or property damage, destruction or theft, on agricultural land. 

. The offences in the Bill are intended to protect the rights of Australian farmers and prevent harm to public order and public health from property offences incited by the use of a carriage service. 

Incitement of property offences on agricultural land has the potential to affect the rights of Australian farmers to feel safe on their properties. It also risks harm to public health through the contamination of food, and the breach of biosecurity protocols. Criminalising the use of a carriage service to transmit materials, with the intention to incite trespass, damage property or commit theft on agricultural land is a reasonable and proportionate measure to uphold rights, and protect public health. 

In light of the above, the Bill is consistent with the right to freedom of expression. To the extent that the Bill impacts this right, that limitation is reasonable, necessary and proportionate to the objective of protecting public health and the rights of Australian farmers.

Abjection

'Regulating belonging: surveillance, inequality, and the cultural production of abjection' by Torin Monahan in (2017) 10(2) Journal of Cultural Economy 191-206 comments

 Conditions of abjection are increasingly viewed as problems to be managed with surveillance. Across disparate domains, bodies that challenge normalized constructions of responsible neoliberal citizenship are categorized, monitored, policed, and excluded in dehumanizing and often violent ways. This paper explores the role of surveillance in such processes. The registers covered include everyday abjection (welfare systems, battered women’s shelters, and homelessness), criminalized poverty (police targeting of the poor and emerging ‘poverty capitalism’ arrangements), and the radically adrift (the identification, tracking, and containment of refugees). In each of these cases, surveillance is yoked to structural inequalities and systems of oppression, but it also possesses a cultural dimension that thrusts marginalized and dehumanized subjectivities upon the abject Other. Therefore, I argue that in order to critique the gendered, racialized, and classed dimensions of contemporary surveillance, it is necessary to take seriously the mythologies that give meaning to surveillance practices and the subjectivities that are engendered by them.

Monahan argues

Although there has been renewed critical attention to surveillance in the realms of national security and corporate data gathering, especially in online contexts, the gendered and racialized dimensions of contemporary surveillance remain largely underexplored. This appears to be the case especially with regards to the treatment of poor and marginalized populations, where conditions of abjection are increasingly viewed as problems to be managed with surveillance. For instance, the poor on welfare submit to scrutiny of their purchases, as they are enmeshed in systems designed to detect transgressions and exclude or punish those who are found unworthy. People on probation, especially in the United States, yield to invasive electronic monitoring for minor infractions and are charged fees for this ‘service’, which is often outsourced to private companies that profit handsomely from this form of poverty capitalism. When seeking jobs, the unemployed encounter a battery of surveys, background checks, and drug tests, also frequently at their own expense, in order to qualify for the possibility of obtaining a job. Homeless people are treated as populations to be managed and tracked through electronic systems deployed at shelters, as their privacy is continuously eroded, their makeshift dwellings dismantled, and their fragile sense of stability undermined. Refugees fleeing the radical insecurity of civil war are scrutinized as potential health or terrorist threats and forced to provide biometric data for United Nations tracking systems, paradoxically categorizing refugees both as discrete individuals to be sorted and followed and as an undifferentiated mass to be contained in camps. 

Viewing these dynamics through the lens of surveillance can draw attention to the ways in which unequal control mechanisms define the operations of contemporary institutions and profoundly shape people’s experiences and life chances. As David Lyon explains, surveillance can be understood broadly as ‘the focused, systematic and routine attention to personal details for purposes of influence, management, protection or direction’ (Lyon 2007, p. 14). Thus, more than simply watching, surveillance practices exert influence and reproduce power relations through technological and non-technological means alike. Through the imposition of categories, processes, and differential forms of exposure, surveillance becomes a project of social ordering and world-making, even if its efficacy at achieving its primary intended goals (e.g. crime control) is limited or inconsistent (Coleman 2012). As deployed here, surveillance manifests as a multiplicity of techniques that conjure, coalesce around, and mediate the experiences of abject subjects. 

Abjection signifies not only extreme need or destitution, but also a kind of social exclusion wherein the existence of the individual is called into question. Abjection implies a fundamental lack of fit with existing social and spatial orders (Sibley 1995), rendering the abject subject unknowable and largely invisible, at least as a collective ethical responsibility (Kristeva 1982; Murphy 2006). Further, modern states are constituted in part through the paradox of the socially abject, or the ‘inclusive excluding’ of various outcasts within states, justifying the enforcement of border controls and legitimizing dominant mechanisms for the provision of order (Tyler 2013). As the examples above indicate, surveillance plays an important role in policing bodies and maintaining boundaries between inside and outside, self and other. Moments of unwanted visibility or presence – of the poor, the homeless, the refugee – seem to compel mechanisms of intensified control. Such control mechanisms delineate parameters of temporary existence for the compliant, while excluding those marked as dangerous or socially illegible. Therefore, through categorization and sorting, surveillance enacts forms of structural and symbolic violence against marginalized Others. 

Surveillance in this sense is about the maintenance of social order and the production of subjects. As Lisa Nakamura writes, compulsory forms of surveillance increasingly ‘serve two functions: to regulate, define, and control populations; and to create new gendered, racialized, and abled or disabled bodies through digital means’ (Nakamura 2015, p. 221). In the first instance, surveillance is a mode of ‘social sorting’, of categorizing populations according to perceived risk or value and treating those respective groups differently (Gandy 1993; Lyon 2003; Bigo 2006). Such surveillance is fundamental to how modern organizations operate: identifying, monitoring, analyzing, and sorting in frequently automated ways that are ambiguous to those affected by them (Giddens 1990; Thrift and French 2002; Graham and Wood 2003; Gilliom and Monahan 2013). In the second instance, surveillance fuses with existing cultural prejudices to coproduce unequal subjectivities and render them natural. Simone Browne describes this as a process of ‘digital epidermalization’, where surveillance systems ‘do the work of alienating the subject by producing a truth about the racial body and one’s identity (or identities) despite the subject’s claims’ (Browne 2015, p. 110). When interpellated by such exercises of power, individuals are prone to adapt their sense of self to the discriminatory classifications and treatments that characterize their lives. 

This paper explores the merging of these structural and cultural dimensions of surveillance for the regulation of abject bodies. The field of surveillance studies has been adept at theorizing structural forms of inequality that are reproduced through surveillance (e.g. Koskela 2000; Rule 2007; Gandy 2009; Staples 2014). Classification and social sorting are the primary ways that this occurs, as unequal power relations and political contingencies are masked by processes of technological abstraction and mediation (Haggerty and Ericson 2000; Currah and Moore 2009; Guzik 2009; Morozov 2013). A cultural turn, however, productively shifts the focus to the mythologies that give meaning to surveillance practices and the subjectivities that are engendered by them (e.g. Monahan 2010, 2011; Ball 2009; Andrejevic 2013; Browne 2015; Dubrofsky and Magnet 2015; Hall 2015). Such an emphasis is vital in trying to account for the ways that surveillance contributes to gendered, racialized, and classed violence. For instance, cultural narratives (e.g. about dangerousness or unworthiness) are often key drivers for the adoption of surveillance systems that in turn reify those discriminatory categories and subject positions (Coleman 2012; McCahill 2002). In combination, structural and cultural dimensions of surveillance synergize in destructive ways: on one hand, affording a seemingly apolitical objectification of the disadvantaged, and, on the other hand, providing a cultural script for the dehumanization and demonization of the Other. 

In the sections that follow, I analyze three different but overlapping registers of surveillance: everyday abjection of being on welfare, in battered women’s shelters, or homeless, subjected to the possibility of constant scrutiny and judgment; criminalized poverty, which pulls the poor into extractive and violent relationships, mediated by surveillance, while public and private institutions profit; and the radically adrift, where refugees seeking survival and stability are channeled into regimes of state surveillance and control. The concept I build upon for this analysis is that of marginalizing surveillance (Monahan 2010). Marginalizing surveillance means the production of conditions and subjectivities of marginality through the application of surveillance systems.1 For each register analyzed, cultural narratives – from politicians, the mainstream media, or threatened citizens – powerfully inflect the forms of marginalizing surveillance deployed and the treatment of those under the gaze. While structural and cultural dimensions of surveillance weave together to govern the abject and make them legible, they simultaneously reproduce forms of violence and exclusion.

Sidewalk panopticism

'Urbanism Under Google: Lessons from Sidewalk Toronto' by Ellen P. Goodman and Julia Powles in Fordham Law Review, Forthcoming) comments 

 Cities around the world are rapidly adopting digital technologies, data analytics, and the trappings of “smart” infrastructure. No company is more ambitious about exploring data flows and seeking to dominate networks of information than Google. In October 2017, Google affiliate Sidewalk Labs embarked on its first prototype smart city in Toronto, Canada, planning a new kind of data-driven urban environment: “the world’s first neighborhood built from the internet up.” Although the vision is for an urban district foregrounding progressive ideals of inclusivity, for the crucial first 18 months of the venture, many of the most consequential features of the project were hidden from view and unavailable for serious scrutiny. The players defied public accountability on questions about data collection and surveillance, governance, privacy, competition, and procurement. Even more basic questions about the use of public space went unanswered: privatized services, land ownership, infrastructure deployment and, in all cases, the question of who is in control. What was hidden in this first stage, and what was revealed, suggest that the imagined smart city may be incompatible with democratic processes, sustained public governance, and the public interest. 

This article analyzes the Sidewalk project in Toronto as it took shape in its first phase, prior to the release of the Master Innovation and Development Plan, exploring three major governance challenges posed by the imagined “city of the future”: privatization, platformization, and domination. The significance of this case study applies well beyond Toronto. Google and related companies are modeling future business growth embedded in cities and using projects like the one in Toronto as test beds. What happens in Toronto is designed to be replicated. We conclude with some lessons, highlighting the precarity of civic stewardship and public accountability when cities are confronted with tantalizing visions of privatized urban innovation.

UK Internet of Things Safety

The UK Government Department for Digital, Culture, Media and Sport (DCMS) has launched a consultation on 'Secure By Design' regulatory proposals regarding consumer Internet of Things (IoT) security, promoted as ensuring that 'millions of household items that are connected to the internet are better protected from cyber attacks.

The Government states

Options that the Government will be consulting on include a mandatory new labelling scheme. The label would tell consumers how secure their products such as ‘smart’ TVs, toys and appliances are. The move means that retailers will only be able to sell products with an Internet of Things (IoT) security label.

The Government will be consulting on options including a mandatory new labelling scheme. The label would tell consumers how secure their products such as ‘smart’ TVs, toys and appliances are. The move means retailers will only be able to sell items with an Internet of Things (IoT) security label. 

The consultation focuses on mandating the top three security requirements that are set out in the current ‘Secure by Design’ code of practice. These include that:

• IoT device passwords must be unique and not resettable to any universal factory setting. 

• Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy. 

• Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.

Following the consultation, the security label will initially be launched as a voluntary scheme to help consumers identify products that have basic security features and those that don’t.

The Consultation Document states

As the technological advances of the 21st century continue to accelerate, consumers are bringing more and more ‘smart’ devices (i.e. consumer IoT products) into their homes, such as smart TVs, internet connected toys, smart speakers and smart washing machines. The Internet of Things (IoT, also known as ‘internet-connected’ or ‘smart’ products) is already being used across a range of industries and it is delivering significant benefits to the lives of its users.

In the future, we expect an ever increasing number of more developed consumer Internet of Things products and services. These devices will be able to anticipate and meet their users’ needs and will be able to tailor information specifically to them across everything from home energy to security. This will offer users the opportunity to live more fulfilling lives; saving time, effort and money.

As with all new technologies, there are risks. Right now, there are a large number of consumer IoT devices sold to consumers that lack even basic cyber security provisions. This situation is untenable. Often these vulnerable devices become the weakest point in an individual’s network, and can undermine a user’s privacy and personal safety. Compromised devices at scale can also pose a risk for the wider economy through distributed denial of service (DDOS) attacks such as Mirai Botnet in October 2016.

The UK Government takes the issue of consumer IoT security very seriously. We recognise the urgent need to move the expectation away from consumers securing their own devices and instead ensure that strong cyber security is built into these products by design.

We have previously stated our preferred an approach whereby industry self-regulate to address these issues, but that we would consider regulation where necessary. In October 2018 we published a Code of Practice for IoT Security, alongside accompanying guidance, to help industry implement good security practices for consumer IoT.

Despite providing industry with these tools to help address these issues, we continue to see significant shortcomings in many products on the market.

We recognise that security is an important consideration for consumers. A recent survey of 6,482 consumers has shown that when purchasing a new consumer IoT product, ‘security’ is the third most important information category (higher than privacy or design) and among those who didn’t rank ‘security’ as a top-four consideration, 72% said that they expected security to already be built into devices that were already on the market1. It’s clear that there is currently a lack of transparency between what consumers think they are buying and what they are actually buying.

Our ambition is therefore to restore transparency within the market, and to ensure manufacturers are clear and transparent with consumers by sharing important information about the cyber security of a device, meaning users can make more informed purchasing decisions.

Having worked with stakeholders, experts and the National Cyber Security Centre (NCSC), we are now consulting on proposals for new mandatory industry requirements to ensure consumer smart devices adhere to a basic level of security. The proposals set out in this document seek to better protect consumers’ privacy and online security which can be put at risk by insecure devices.

We are mindful of the risk of dampening innovation and applying a strong burden on manufacturers of all shapes and sizes. This is why we have worked to define what baseline security looks like, in line with the ‘top three’ guidelines of the Code of Practice. Our ambition is for the following security requirements to be made mandatory in the UK. These are:

• All IoT device passwords shall be unique and shall not be resettable to any universal factory default value 

• The manufacturer shall provide a public point of contact as part of a vulnerability disclosure policy in order that security researchers and others are able to report issues 

• Manufacturers will explicitly state the minimum length of time for which the product will receive security updates.

Meeting these practical and implementable measures would protect consumers from the most significant risks (such as the Mirai attack in 2016). This would also restore transparency in the sector and allow consumers to identify products that will meet their needs over the lifespan of the product. In addition, mandating vulnerability disclosure policies will enable an effective feedback mechanism to operate, between the security research community and manufacturers.

One of the core aims of the consultation is to listen to feedback on the various implementation options we have developed in partnership with industry and stakeholders. These include the following three options:

● Option A: Mandate retailers to only sell consumer IoT products that have the IoT security label, with manufacturers to self declare and implement a security label on their consumer IoT products 

● Option B: Mandate retailers to only sell consumer IoT products that adhere to the top three guidelines, with the burden on manufacturers to self declare that their consumer IoT products adhere to the top three guidelines of the Code of Practice for IoT Security and the ETSI TS 103 645 

● Option C: Mandate that retailers only sell consumer IoT products with a label that evidences compliance with all 13 guidelines of the Code of Practice, with manufacturers expected to self declare and to ensure that the label is on the appropriate packaging

Later this year, the security label will initially be run on a voluntary basis until regulation comes into force and the government will make a decision on which measures to take forward into legislation following analysis of the responses received through this consultation. We recognise that any regulation will need to mature over time, and additional information for this approach is within the consultation stage impact assessment ‘mandating security requirements for consumer IoT products’

Spooks and secrets

'The Liberty to Spy' by Asaf Lubin in (2019) 61(1) Harvard International Law Journal comments

Many, if not most, international legal scholars share the ominous contention that espionage, as a legal field, is devoid of meaning. For them, any attempt to extrapolate the lex lata corpus of the International Law of Intelligence (ILI), let alone its lex scripta, would inevitably prove to be a failed attempt, as there is simply nothing to extrapolate. The notion that international law is moot as to the question of if, when, and how intelligence is to be collected, analyzed, and promulgated, has been repeated so many times that it has attained the status of a dogma. 

This paper offers a new and innovative legal framework for articulating the law and practice of interstate peacetime espionage operations, relying on a body of moral philosophy and intelligence ethics thus far ignored by legal thinkers. This framework adopts a diagnosis of the legality of covert intelligence, at three distinct temporal stages – before, during, and after. In doing so it follows the traditional paradigms of international law and the use of force, which themselves are grounded in the rich history of Just War Theory. Adopting the Jus Ad, Jus In, Jus Post model makes for an appropriate choice, given the unique symbiosis that exists between espionage and fundamental U.N. Charter principles. 

This paper, focuses on the first of these three paradigms, the Jus Ad Explorationem (JAE), a sovereign’s prerogative to engage in peacetime espionage and the right’s core limitations. Examining a plethora of international legal sources the paper exemplifies the myriad ways by which peacetime intelligence gathering has been already recognized as a necessary pre-requisite for the functioning of our global legal order. The paper then proceeds to discuss the nature of the JAE. It argues that that the right to spy is best understood as a privilege in Hohfeldian terms. It shows how understanding interstate intelligence operations as a weaker “liberty-right” that imposes no obligations on third parties to tolerate such behavior, helps capture the essence of the customary norms that form part of the practice. 

Recognizing the liberty right to spy opens the door for the doctrine of “abuse of rights” to play a role in constraining the practice. By identifying two sole justifications for peacetime espionage – advancing the national security interests of States and promoting an increase in international stability and cooperation – we are able to delimit what may constitute abusive spying (exploiting one’s right to spy not for the purposes for which it was intended). 

The paper thus concludes by introducing five categories of unlawful espionage: (1) spying as a means to advance personal interests; (2) spying as a means to commit internationally wrongful acts; (3) spying as a means to advance corporate interests; (4) spying as a means to facilitate a dictatorship; and (5) spying as a means to exploit post-colonial relationship.

The Law Council of Australia has condemned the Federal Government’s processes in appointing members to the Administrative Appeals Tribunal (AAT) as secretive with the potential to undermine public confidence.

The Council comments

At least 14 former state and federal MPs and staffers were among 86 appointments to the AAT, announced Thursday. Law Council President Arthur Moses SC said the legal profession is concerned and troubled by these developments. “The lack of transparency compromises community confidence in the independence of the tribunal and the quality of its decision making,” Mr Moses said. 

“The independence and integrity of the AAT depends on an apolitical, open and merit-based appointment system. 

“The Federal Government’s announcement of 34 new appointments to the AAT made without community consultation and 52 reappointments for existing members is concerning, as a number of members have been re-appointed before the expiration of their current terms. 

“There is a concern that reappointment of members well before the expiry of their current terms, in the context of an upcoming Federal election, may give rise to a reasonable apprehension that decisions are affected by political considerations and therefore compromises the reputation of the Tribunal. 

“The appearance of a conflict of interest can be just as damaging to the AAT’s integrity as an actual conflict. “Appointments should be made transparently and in consultation with the community, including the legal profession, to safeguard their quality and improve their diversity. 

“The AAT deals with a significant number of cases that directly impact on the lives of Australians. It is important those appointed have the necessary skills to discharge its functions according to law and community expectations. 

“An AAT that reflects the community it serves better enhances public confidence in the administration of justice, including respect for the rule of law,” Mr Moses said. 

The Law Council calls on the Federal Government to implement a transparent appointment process based on merit, similar to that recently announced by the Federal Opposition. Any lack of transparency impacts on the reputations of all members of the AAT, which is unfair.

Landowner Privacy

The report by the NSW Legislative Assembly Select Committee on Landowner Protection from Unauthorised Filming or Surveillance addresses the following Terms of Reference

 1. That a select committee be established to inquire into and report on the extent of protection for landowners from unauthorised filming or surveillance and in particular:

(a) the nature of protection for landholders from unauthorised filming or surveillance, including but not limited to installation, use and maintenance of optical surveillance devices without consent under the Surveillance Devices Act 2007, 

(b) the extent and appropriateness of penalties for unauthorised filming or surveillance, including but not limited to on-the-spot fines and/or relevant penalties under the Summary Offences Act 1988, 

(c) the implications with regard to self-incrimination of the request of disclosure by a person of any recordings made by that person, 

(d) the implications of rapidly changing media environment, including social media platforms such as Facebook Live, and 

(e) any other related matter. 

 I provided a submission on behalf of the Australian Privacy Foundation

The Committee chair states

Continual incursions by animal welfare activists on farms are having a detrimental impact, not only on farmers and their businesses, but also their families and employees, and the broader community and industry. To have your privacy breached is one thing, and understandably upsetting, but to have distorted footage of your farming business taken and published online is another. The damage this does to one's business and reputation, aside from the personal impacts, is both difficult to quantify and rectify.

While animal welfare activists believe that such incursions help to shine a light on systemic animal cruelty practices, what they fail to recognise is that these incursions themselves can cause considerable stress and injury to the animals they disturb.

Unfortunately though, this inquiry highlighted that there is no simple and easy answer to deal with these illegal activities. What became clear through this inquiry was that both sides of the debate – farmers and animal welfare activists – are concerned with animal welfare. Given this, improving the transparency of animal industries may assist in building public confidence, which is why we have recommended that the NSW Government investigate schemes to increase transparency about food production and animal husbandry practices.

Ensuring that the RSPCA can act effectively to investigate and address animal cruelty is also important. This too may reduce the perceived need for animal activists to trespass on landholder's properties and install unauthorised surveillance devices.

These measures, however, are unlikely to prevent all farm incursions from occurring. Unfortunately there is a cohort of animal welfare activists who have a strong philosophical objection to the killing of animals for human benefit, which is why the laws need to be strengthened to ensure trespass and unauthorised surveillance offences are duly investigated and prosecuted as a particularly serious offence.

As it currently stands, the law is not adequately dealing with these issues, which is why we urge the NSW Government to review the existing legislative framework, in order to identify barriers to enforcement and successful prosecutions. The government needs to focus on how it can enforce the existing laws to make it easy for famers to continue their business in an economic way without continual interruption from animal welfare activists.

The report features the following Recommendations

 1 23 That the NSW Government review the resources and powers of the RSPCA in regard to the monitoring and enforcement of animal welfare measures, and consider means by which the RSPCA and the NSW Police can work together more effectively to protect animals from mistreatment.

2 23 That the NSW Government encourage animal industries to be proactive in engaging with the community, and collaborate with animal industries to investigate schemes to increase transparency about food production and animal husbandry practices. 

3 24 That the NSW Government review the Surveillance Devices Act 2007 to consider whether to insert a public interest exemption for unauthorised filming or surveillance. 

4 35 That the NSW Government establish a whole of government working group to review the current legislative framework around unauthorised filming and surveillance and identify barriers to enforcement and successful prosecutions. 

5 35 That the NSW Government review the laws and penalties of trespass and unauthorised surveillance to consider the responsibility of those planning illegal activities and whether the offences of trespass and unauthorised surveillance should be extended to office bearers of organisations planning and financing these illegal activities.   

6 36 That the NSW Government, through the Council of Australian Governments, raise the need for a comprehensive approach to the regulation of drones across state and federal jurisdictions, with particular regard to the potential privacy and security impacts of the increasing use of drone technology

CCTV Security and Privacy in Victoria

The Victorian Auditor General's report Security and Privacy of Surveillance Technologies in Public Places comments

 Local councils are using advances in surveillance technology legitimately to collect information about people’s daily activities. In parallel, they need to fulfil their responsibility to respect individuals’ right to privacy, by managing these systems well and in compliance with privacy requirements. 

Council’s CCTV surveillance systems fall into two main categories: Systems installed in public spaces for use by Victoria Police Systems installed in and around council facilities for use by council staff. In this audit, we assessed whether councils keep secure the information they collect from these CCTV surveillance systems and whether they protect the privacy of individuals. 

Specifically, we assessed the management and use of surveillance devices in public places by five councils to see whether they adhere to relevant privacy laws and appropriate use policies and whether they protect the information they collect from unauthorised disclosure. 

The councils we audited were: the

• City of Melbourne 

• Whitehorse City Council 

• Hume City Council 

• East Gippsland Shire Council 

• Horsham Rural City Council.

Between them, these councils have more than 1 100 CCTV cameras and they are increasing their use of surveillance devices.

We made 11 recommendations—nine for all audited councils, one for Whitehorse City Council and one for Horsham Rural City Council.

The report states -

Across the public and private sectors, organisations use a range of technologies to observe or monitor individuals or groups, such as closed-circuit television (CCTV) surveillance systems. Some Victorian local councils, use CCTV for public safety and protecting council staff and assets. 

Councils' CCTV surveillance systems fall into two main categories: 

Public safety CCTV systems—councils install these systems to discourage and detect antisocial and criminal behaviour in public places. Victoria Police has direct access to monitor and review footage from these systems. The initial purchase costs are usually funded by grants from the state or Commonwealth governments, with councils funding ongoing maintenance and replacement costs.

Corporate CCTV systems—councils fund the installation of these systems and use them to monitor facilities that include public spaces, such as council offices, pools, libraries, performing arts centres and waste management facilities. These systems are typically managed onsite by council employees or contractors.

Surveillance systems in public places impact on the privacy of individuals, so it is important that councils can demonstrate to their communities that they are managing these systems well and in compliance with privacy requirements. If councils cannot demonstrate this, they risk losing public confidence. 

The Privacy and Data Protection Act 2014 (PDPA) sets out Information Privacy Principles that apply when public sector agencies, including councils, collect personal information that enables individuals to be identified, such as the images captured by CCTV systems. The Office of the Victorian Information Commissioner (OVIC), formerly the Commissioner for Privacy and Data Protection (CPDP), has a key role in implementing and supporting compliance with PDPA. Before OVIC was established, CPDP issued Guidelines to surveillance and privacy in the Victorian public sector in May 2017. We used this and other comprehensive guidance material on the use of CCTV in public places as criteria for our audit.

Local councils are using advances in surveillance technology legitimately to collect information about people's daily activities. In parallel, they need to fulfil their responsibility to respect individuals' right to privacy, by ensuring that the information from their surveillance devices is securely collected, stored and transmitted. The absence of community objections to surveillance in public places does not diminish this responsibility, and councils need to demonstrate organisational leadership through robust policies, strong management and controls, and effective oversight.

In this audit, we assessed whether councils keep secure the information they collect from their CCTV systems and whether they protect the privacy of individuals. Specifically, we assessed the management and use of surveillance devices in public places by five councils to see whether they adhere to relevant privacy laws and appropriate use policies, and whether they protect the information they collect from unauthorised disclosure.

The councils we audited were the City of Melbourne (Melbourne), Whitehorse City Council (Whitehorse), Hume City Council (Hume), East Gippsland Shire Council (East Gippsland) and Horsham Rural City Council (Horsham) . Between them, these councils have more than 1 100 CCTV cameras and they are increasing their use of surveillance devices.

Victoria Police was not included in our audit scope. However, as it is the key user of public safety CCTV systems, we examined council-owned CCTV systems in police stations and spoke to police officers involved in using these systems.

Conclusion

The councils we examined in this audit could not demonstrate that they are consistently meeting their commitments to the community to ensure the protection of private information collected through CCTV systems.

The audited councils advised that they have never found an incident of inappropriate use of surveillance systems or footage, and OVIC advised that it has never received a complaint about such use. However, given the weaknesses that we identified in security and access controls, and the lack of review of how CCTV systems are being used, the absence of evidence of inappropriate use of council CCTV doesn't provide strong assurance that no such incidents have occurred.

Gaps in councils' CCTV system signage, management and oversight mean the councils are unable to demonstrate that their CCTV activities adhere to the requirements of PDPA, including appropriate use and sufficient protection of the information collected from unauthorised disclosure. Where councils do undertake monitoring and assurance activities, they are largely restricted to public safety CCTV systems. This means that councils are not adequately scrutinising the operation and use of most of their CCTV systems.

Councils can improve the security of the personal information they gather through their CCTV systems to better protect the privacy of individuals.

Improving physical security and access controls will better enable councils to ensure that access to and use of these systems is appropriate and that the information collected from their surveillance activities in public places is protected from unauthorised disclosure. 

Findings 

Management and Oversight 

Except for Horsham, all the audited councils have a policy to guide their management of CCTV systems. However, in most cases, these policies focus on public safety CCTV systems, and councils do not have robust, documented operating procedures to support the sound management of their corporate CCTV systems.

Only East Gippsland could demonstrate that decisions to install new CCTV cameras in public places are informed by consideration of privacy impacts, and there was also only limited evidence of community consultation about new cameras at any of the councils. Apart from Melbourne, none of the councils have adequately used their agreements with Victoria Police to ensure proper oversight of and accountability for the use of public safety CCTV systems. The agreements between police and councils require the councils to establish a steering committee and an audit committee to oversee and review these systems. These oversight committees varied in their effectiveness—typically, they meet rarely and when they do they focus on operational issues such as camera location and functionality rather than privacy and data security.

Corporate CCTV systems arguably pose greater privacy and data security risks than public safety systems because they are dispersed across many locations and are subject to local operating practices that are not guided by robust procedures. Only Melbourne and East Gippsland had sufficient senior management involvement in the use of corporate CCTV systems, and none of the audited councils reported regularly on these systems.

In addition, none of the councils had formal committees or assurance processes to oversee the management and use of their corporate CCTV systems. As a result, senior management and councillors lack adequate assurance that their CCTV systems are managed appropriately.

Where formal monitoring and assurance activities do occur, they are largely restricted to public safety CCTV systems which typically make up 20 per cent or less of council CCTV systems. Councils do not routinely scrutinise the operation and use of their corporate CCTV systems. Regular reporting on key metrics for all corporate CCTV systems—such as the number of times council staff reviewed CCTV footage, saved or copied CCTV footage, and provided copies of footage to external parties—would make senior management aware of these surveillance activities, support a culture of appropriate use, and promote more active management.

Melbourne and East Gippsland are the only councils to provide regular public reporting on the use and management of their CCTV systems. However, even these councils report only on public safety CCTV systems rather than all their CCTV systems. 

Privacy and Data Security

It is positive that the audited councils have not found any instances of inappropriate use of surveillance systems or footage. We found that councils have good awareness of the privacy issues associated with the use of CCTV systems.

However, all five councils can improve the security of the personal information they gather through their CCTV systems to better protect the privacy of individuals. Key areas to address include improving physical security and access controls for corporate CCTV systems and regularly assessing whether those controls are working.

All of the audited councils use generic user logins for corporate CCTV systems, and some do not use system activity logs to track usage. These practices increase the risk of inappropriate use occurring and going undetected. There are similar issues with public safety CCTV systems.

Improving physical security and access controls will better enable the councils to protect information collected from council surveillance activity from unauthorised disclosure.

In addition, we found at least one site at each council where they operate CCTV in public spaces without adequate public signage. 

Recommendations 

We recommend that the City of Melbourne, Whitehorse City Council, Hume City Council, East Gippsland Shire Council and Horsham Rural City Council:

1. review and update their CCTV policies to address the requirements of the Privacy and Data Protection Act 2014 (see Section 2.2) 

2. assess all CCTV systems installed prior to the approval of a CCTV policy to ensure they comply with the policy (see Section 2.2) 

3. assess the privacy impacts of proposals to install new or additional CCTV surveillance devices in public places (see Section 2.3) 

4. develop site-specific operating procedures for their corporate CCTV systems to reflect the requirements of the Privacy and Data Protection Act 2014 and their policies (see Section 2.2) 

5. allocate responsibility for overseeing the operation of CCTV systems to an appropriate senior manager and implement regular reporting on key aspects of CCTV system use (see Section 2.4)

6. include a periodic audit of CCTV system use and data security in their forward internal audit programs (see Section 2.7)

7. review and update the content and position of all signage in locations with corporate CCTV systems to reflect better practice (see Section 3.2) 

8. review and address access control and data security weaknesses for corporate CCTV systems (see Section 3.3) 

9. ensure regular audits and evaluations of public safety CCTV systems and hold the oversight committees for these systems to account for meeting their responsibilities under agreements with Victoria Police (see Sections 2.5 and 2.6).

We recommend that the Horsham Rural City Council:\ 

10. establish and implement a policy to cover all council CCTV systems (see Section 2.2). 

We recommend that the Whitehorse City Council:

11. establish an agreement with Victoria Police for the public safety CCTV system at the Box Hill mall and laneways (see Section 2.5). 

Responses to recommendations 

We have consulted with the Melbourne, Whitehorse, Hume, East Gippsland and Horsham councils, and we considered their views when reaching our audit conclusions. As required by section 16(3) of the Audit Act 1994, we gave a draft copy of this report to those agencies and asked for their submissions or comments. We also provided a copy of the report to the Department of Premier and Cabinet. The following is a summary of those responses. 

The full responses are included in Appendix A.

All councils accepted the recommendations.

Melbourne, East Gippsland and Horsham provided action plans noting their intended actions and timelines for addressing each recommendation. Whitehorse and Hume did not provide an action plan addressing each specific recommendation but provided information on how they will approach addressing the audit recommendations and the timelines for this work.are

Crypto and the Cth Telco 'Assistance and Access' Bill

The Australian Government has released the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth) "to secure critical assistance from the communications industry and enable law enforcement to effectively investigate serious crimes in the digital era", significantly extending the Telecommunications (Interception and Access) Act 1979 (Cth).

The Bill provides national security and law enforcement agencies with powers to respond to the challenges posed by the increasing use of encrypted communications and devices. The proposed changes are designed to help agencies access intelligible communications through a range of measures, including improved computer access warrants and enhanced obligations for industry to assist agencies in prescribed circumstances. This includes accessing communications at points where it is not encrypted. The safeguards and limitations in the Bill will ensure that communications providers cannot be compelled to build systemic weaknesses or vulnerabilities into their products that undermine the security of communications. Providers cannot be required to hand over telecommunications content and data.

The Bill seeks to amend the Telecommunications Act 1997 (Cth), Australian Security Intelligence Organisation Act 1979 (Cth), Mutual Assistance in Criminal Matters Act 1987 (Cth), Surveillance Devices Act 2004 (Cth), Telecommunications Act 1997 (Cth), Telecommunications (Interception and Access) Act 1979 (Cth), International Criminal Court Act 2002 (Cth), International War Crimes Tribunals Act 1995 (Cth), Crimes Act 1914 (Cth), and Customs Act 1901 (Cth).

The 167 page background document states

... encrypted devices and applications are eroding the ability of our law enforcement and security agencies to access the intelligible data necessary to conduct investigations and gather evidence. 95 per cent of the Australian Security Intelligence Organisation's (ASIO) most dangerous counter-terrorism targets actively use encrypted messages to conceal their communications. 

In many instances encryption is incapable of being overcome, limiting possible avenues for agencies to gain important information. However, in some instances, law enforcement agencies may access data by employing specialist techniques to decrypt data, or access data at points where it is not encrypted. This can take considerable time. In order to do this more effectively, Australia’s agencies need assistance from companies and individuals involved in the supply of communications services and devices in Australia. Globalisation and the advent of the internet have significantly increased the volume of communications that cross national borders and crucial services and products are increasingly being sourced from offshore providers. The purpose of the Bill is to allow agencies to seek help from providers, both domestic and offshore, in the execution of their functions. The Bill also provides agencies with alternative-collection powers, allowing them, under warrant, to access devices. The Bill explicitly provides that the new industry assistance powers cannot be used to compel communications providers to build weaknesses into their products. Cyber security will be ensured and privacy will be protected through robust safeguards in the Bill and the existing warrant regime for access to telecommunications content. ... 

The Bill introduces a suite of measures that will improve the ability of agencies to access intelligible communications content and data. Three distinct reforms will help achieve this purpose:

1. Enhancing the obligations of domestic providers to give reasonable assistance to Australia’s key law enforcement and security agencies and, for the first time, extending assistance obligations to offshore providers supplying communications services and devices in Australia. 

2. Introducing new computer access warrants for law enforcement that will enable them to covertly obtain evidence directly from a device. 

3. Strengthening the ability of law enforcement and security authorities to overtly access data through the existing search and seizure warrants.

It goes on to state -

Under section 313 of the Telecommunications Act 1997 (Telecommunications Act), domestic carriers and carriage service providers are required to provide ‘such help as is reasonably necessary’ to law enforcement and national security agencies. 

Schedule 1 of the Bill will enhance industry-agency cooperation by introducing a new framework for industry assistance, to operate alongside section 313. The Bill introduces new powers for agencies to secure assistance from the full range of companies in the communications supply chain both within and outside Australia. In consultation with industry, national security and law enforcement agencies and the Attorney-General will be able to specify what assistance or capability is required. 

Specifically, the Bill inserts a new Part 15 into the Telecommunications Act. This Part will:

• Provide a legal basis on which a ‘designated communications provider’ can provide voluntary assistance under a technical assistance request to assist ASIO, the Australian Secret Intelligence Service (ASIS) and the Australian Signals Directorate (ASD) and interception agencies in the performance of their functions relating to Australia’s national interests, the safeguarding of national security and the enforcement of the law. 

• Allow the Director-General of Security, or the head of an interception agency, to issue a technical assistance notice requiring a designated communications provider to give assistance they are already capable of providing that is reasonable, proportionate, practicable and technically feasible. This will give agencies the flexibility to seek decryption in appropriate circumstances where providers have existing means to decrypt. This may be the case where a provider holds the encryption key to communications themselves (i.e. where communications are not end-to-end encrypted). 

• Allow the Attorney-General to issue a technical capability notice, requiring a designated communications provider to build a new capability that will enable them to give assistance as specified in the legislation to ASIO and interception agencies. A technical capability notice cannot require a provider to build or implement a capability to remove electronic protection, such as encryption. The Attorney-General must be satisfied that any requirements are reasonable, proportionate, practicable and technically feasible. The Attorney-General must also consult with the affected provider prior to issuing a notice, and may also determine procedures and arrangements relating to requests for technical capability notices. ...

 The type of assistance that may be requested or required under the above powers include (amongst other things):

• Removing a form of electronic protection applied by the provider, if the provider has an existing capability to remove this protection. 

• Providing technical information like the design specifications of a device or the characteristics of a service. 

• Installing, maintaining, testing or using software or equipment given to a provider by an agency. 

• Formatting information obtained under a warrant. 

• Facilitating access to devices or services. 

• Helping agencies test or develop their own systems and capabilities. 

• Notifying agencies of major changes to their systems, productions or services that are relevant to the effective execution of a warrant or authorisation. 

• Modifying or substituting a target service. 

• Concealing the fact that agencies have undertaken a covert operation.

Assistance is expected to be provided on a no-profit, no-loss basis and immunities from civil liability are available for help given. The Bill maintains the default position that providers assisting Government should not absorb the cost of that assistance nor be subject to civil suit for things done in accordance with requests from Government. 

The new industry assistance framework is designed to incentivise cooperation from industry, providing a regime for the Australian Government and providers to work together to safeguard the public interest and protect national security. However, in the unlikely event that enforcement action is required, the Commonwealth can apply for enforcement remedies, like civil penalties, injunctions or enforceable undertakings. Enforcement of notices for carriers and carriage service providers will continue to be regulated by the Telecommunications Act. 

What are the limitations and safeguards? 

The new industry assistance framework has several important limitations and robust safeguards to protect the privacy of Australians, maintain the security of digital systems and ensure agency powers are utilised only where necessary for core law enforcement and security functions. Reasonable, proportionate, practicable and technically feasible. In every case, the decision-maker must be satisfied that requirements in a technical assistance notice and technical capability notice are reasonable and proportionate and compliance with the notice is practicable and technically feasible. This means the decision-maker must evaluate the individual circumstances of each notice. In deciding whether a notice is reasonable and proportionate it is necessary for the decision-maker to consider both the interests of the agency and the interests of the provider. This includes the objectives of the agency, the availability of other means to reach those objectives, the likely benefits to an investigation and the likely business impact on the provider. The decision-maker must also consider wider public interests, such as any impact on privacy, cyber security and innocent third parties. In deciding whether compliance with the notice is practicable and technically feasible, the decision-maker must consider the systems utilised by a provider and provider expertise. 

Agencies still need an underlying warrant or authorisation. The new framework is designed to facilitate industry assistance – not serve as an independent channel to obtain private communications. Importantly, Schedule 1 does not change the existing mechanisms that agencies use to lawfully access telecommunications content and data for investigations (see process diagram on page 12). New technical assistance notices and technical capability notices cannot require that providers hand over telecommunications content and data without an underlying warrant or authorisation. Access to this material will still require a warrant or authorisation under the Telecommunications (Interception and Access) Act 1979 (TIA Act). The TIA Act has strict statutory thresholds that must be met. For example, a judge or Administrative Appeals Tribunal (AAT) member can only issue a warrant authorising the interception of communications where he or she is satisfied that the intercepted information would assist in the investigation of a serious offence (generally offences punishable by at least 7 years – see section 5D of the TIA Act). The judge or AAT member must have regard to the nature and extent of interference with the person’s privacy, the gravity of the conduct constituting the offence, the extent to which information gathered under the warrant would be likely to assist an investigation, and other available methods of investigation. The TIA Act also has prohibitions on communicating, using and making records of communications. 

Systemic weaknesses or vulnerabilities cannot be implemented or built into products or services. 

The Bill expressly prohibits technical assistance notices or technical capability notices from requiring a provider to build or implement a systemic weakness or systemic vulnerability into a form of electronic protection. This includes systemic weaknesses that would render methods of authentication or encryption less effective. The Australian Government has no interest in undermining systems that protect the fundamental security of communications. The new powers will have no effect to the extent that requirements would reasonably make electronic services, devices or software vulnerable to interference by malicious actors. Importantly, a technical capability notice cannot require a provider to build a capability to remove electronic protection and puts beyond doubt that these notices cannot require the construction of decryption capabilities. 

Notices must be revoked if requirements cease to be reasonable. Decision-makers must revoke a technical assistance notice or technical capability notice if satisfied that any ongoing requirements are no longer reasonable, proportionate, practical or technically feasible. Accordingly, notices that have become obsolete or excessively burdensome must be discontinued. These same notices may be varied to account for changing commercial and operational circumstances. 

Agencies cannot prevent providers from fixing existing systemic weaknesses. Notices cannot prevent a provider from fixing a security flaw in their products and services that may be being exploited by law enforcement and security agencies. Providers can, and should, continue to update their products to ensure customers enjoy the most secure services available. 

Core interception and data retention will not be extended. The powers cannot be used to impose data retention capability or interception capability obligations. These will remain subject to existing legislative arrangements in the TIA Act. 

Assistance that may be requested is defined. The types of things a provider may be required to do under a technical assistance notice is listed in the Bill. While this list is not exhaustive, as it relates to technical assistance notices, anything specified in these notices must be consistent with the matters specified in the legislation. In the case of technical capability notices, new capabilities can only be developed to ensure that a provider is capable of giving help as specified (exhaustively) in the Bill. 

The scope of agency notices is limited to core functions. Things specified in notices must be for the purpose of helping an agency perform its core functions conferred under law, as they specifically relate to:

• enforcing the criminal law and laws imposing pecuniary penalties, or 

• assisting the enforcement of the criminal laws in force in a foreign country, or 

• protecting the public revenue, or 

• safeguarding national security.

This will ensure that the scope of the powers is consistent with the purposes for which agencies currently seek assistance from domestic carriers and carriage service providers under section 313 of the Telecommunications Act.

Further

Schedule 2 of the Bill provides an additional power for Commonwealth, State and Territory law enforcement agencies to apply, in certain circumstances, for computer access warrants under the Surveillance Devices Act 2004, similar to those available to ASIO in section 25A of the ASIO Act. An eligible judge or AAT member must approve the warrant and authorise the activities that can be done under the warrant. 

A computer access warrant will enable law enforcement officers to search electronic devices and access content on those devices. These warrants are distinct from surveillance device warrants, which enable agencies to use software to monitor inputs and outputs from computers and other devices. 

The things that may be specified in a warrant include:

• entering premises for the purposes of executing the warrant 

• using the target computer, a telecommunications facility, electronic equipment or data storage device in order to access data to determine whether it is relevant and covered by the warrant 

• adding, copying, deleting or altering data if necessary to access the data to determine whether it is relevant and covered by the warrant 

• using any other computer if necessary to access the data (and adding, copying, deleting or altering data on that computer if necessary) 

• removing a computer from premises for the purposes of executing the warrant 

• copying data which has been obtained that is relevant and covered by the warrant 

• intercepting a communication in order to execute the warrant 

• any other thing reasonably incidental to the above things. 

A computer access warrant will also authorise the doing of anything reasonably necessary to conceal the fact that anything has been done in relation to a computer under a computer access warrant. Concealment activities may occur at any time while the warrant is in force, or within 28 days after it ceases to be in force, or at the earliest time after this period at which it is reasonably practicable to do so. 

Where a computer access warrant is in place, a law enforcement officer may apply to a judge or AAT member for an order requiring a person with knowledge of the device to provide reasonable and necessary assistance. This provision is similar to section 3LA of the Crimes Act, which allows a constable to apply to a magistrate for an order requiring a person to provide assistance where a search warrant is in place. This ensures that law enforcement agencies that have a warrant for computer access will be able to compel assistance in accessing devices.