18 July 2014

Disaster Resilience

The Australian Business Roundtable for Disaster Resilience & Safer Communities has released  Building an Open Platform for Natural Disaster Resilience Decisions [PDF], a report that "provides an overview of natural disaster data and research in Australia" and claims to identify strengths and weaknesses of Australia's approach to natural disaster data and research and examine best-practice examples from around the world and from other Australian sectors.
It states that
The financial and emotional burden of natural disasters in Australia has been great and the costs of extreme weather events continue to rise.
To help make better, more informed decisions regarding safety from and resilience to natural disasters, it is imperative that communities, businesses and governments can access the latest research founded on accurate data.
The stakes are high
This report builds on previous work commissioned by the Australian Business Roundtable for Disaster Resilience and Safer Communities, which analysed the opportunities for Australia to design a more sustainable and comprehensive national approach to making communities safer and more resilient.
‘Building our Nation’s Resilience to Natural Disasters’ demonstrated that the economic cost of natural disasters to Australian communities amounts to an average of $6.3 billion per year, with $700 million of that borne by all levels of government, the majority of which is spent on post disaster relief and recovery. By 2050, this is forecast to rise to $23 billion per year, with a total government budget impact of around $2.3 billion annually in present value terms.
Carefully targeted disaster mitigation investments can reduce these costs. For example, an annual investment of $250 million over the period to 2050 could generate government savings of around $12.2 billion, in present value terms, if carefully targeted to achieve an overall benefit-cost ratio of 1.25.
Providing wider access to accurate, relevant natural disaster data and research could increase government savings by between $500m and $2.4 billion in present value terms, over the period to 2050. Data and research which facilitates targeted and prioritised investment has the potential to deliver higher overall benefit-cost ratios of between 1.3 and 1.5. Based on this, total savings to government could rise to anywhere between $12.7 and $14.6 billion in present value terms, over the period to 2050.
However, without access to critical data and research, communities, businesses and governments cannot make informed decisions on how to target these investments to achieve the greatest impact.
This report investigates the decision-making challenge and identifies the strengths and weaknesses of Australia’s approach to natural disaster data and research. It recommends a way forward to support Australia as it designs a more sustainable and comprehensive national approach to making communities safer and more resilient. Notably, the effectiveness and sustainability of Australia’s natural disaster funding arrangements is currently the subject of a Productivity Commission Inquiry. The purpose of the Inquiry is to identify reforms to achieve a balance between recovery and mitigation to help communities better prepare for disasters.
The Roundtable argues that
Accurate data and research is fundamental to better understanding natural disasters and their impact on communities, businesses and governments. It is essential to supporting better decision-making and prioritising mitigation investments to build a safer Australia. Optimal decisions on resilience investments require access to high quality data and research.
However, the process of linking data and research to end users for optimal decision-making is a challenge faced by many countries. Natural disaster resilience is an interdisciplinary issue. Multiple agencies are involved in collecting data and undertaking research. This results in numerous platforms to access and utilise the range of necessary information, increased search costs and complexity and disparity in understanding. ... [T]he key set of inputs required by end users consists of:
  • Foundational data – data that provides the basic layers of locational information. This includes information on the characteristics of assets at risk, community demographics, topography and weather, and is also used for a range of other purposes. 
  • Hazard data – hazard specific information on the risks of different disaster types, providing contextual data about the history of events and the risk profile for Australian locations. 
  • Impact data – data on the potential and actual impacts associated with natural disasters, including information on historical costs and damage, and the current and predicted future value at risk. 
  • Research activities – activities that draw on data and seek to answer specific research questions across a range of areas. There is often also feedback from research to data, where research outputs build on the existing stock of data that is available.
The information needs of end users across communities, businesses and governments vary significantly. In order to increase the safety, resilience and productivity of Australian communities, it is imperative that data and research is accessible in consistent formats and is fit for a variety of purposes.
The report notes that
Australian and state government policies recognise the importance of providing access to information and in supporting research activities to drive resilience and productivity. For instance, through the 2010 Declaration of Open Government, the Australian Government publically committed to providing public sector information that is useable and accessible (Department of Finance, 2010).
This is consistent with experiences in international jurisdictions and other sectors in Australia, such as the US Open Government Initiative, the National Observatory for Natural Hazards in France, and the approach to the curation and supply of financial data undertaken by the Australian not-for-profit company, Sirca.
In practice, a large number of stakeholders across Australia are making valuable contributions to the body of knowledge on natural disasters and resilience, combining expertise from numerous disciplines, including earth science, psychology, health, engineering, construction, economics and information technology. This encompasses at least seven Australian Government departments and agencies, all eight state and territory governments, many local councils, six major research institutions, 24 universities and numerous private sector firms and agencies.
While the total costs of data collection are uncertain, this review has identified over $283 million in public funding for natural disaster research activities in Australia between 2009 to 2021. Over 40% of this investment is directed towards disaster risk reduction research efforts, with the remaining 60% allocated to research on disaster response and recovery.
Notably, significant barriers remain that restrict optimal decision-making that is dependent on and informed by data and research. This limits our progress towards a more resilient Australia.
Gaps and barriers to optimal decision-making
The approach to data and research into natural disasters in Australia has no comprehensive mechanisms to ensure that these inputs are available in a consistent and appropriate format for the spectrum of end users involved in decisionmaking. This review highlights some of the key barriers and gaps in the data and research systems, respectively.
Data
There is evidence of gaps in the critical data inputs required to inform resilience investments. This significantly limits the ability of various stakeholders to understand the exposure of different communities and the true extent of losses that might arise should a natural disaster occur. These issues are compounded by barriers which restrict access by end users to critical data. These barriers include:
• Reluctance to share data – for example, the potential legal implications from data sharing are an issue of particular concern for local government • Restrictive licensing arrangements which prevent wider distribution and use of data • High costs of collection which encourages a piecemeal approach to the development of critical data inputs • A lack of co-ordination and standardisation, which impedes the ability of end users to pull together data from different sources on a consistent basis • High cost of providing accessibility and transparency which weakens incentives for data sharing where the broader range of benefits are unclear. These barriers lead to duplication of data collection, higher transaction costs of using data and restricted access for end users.
To the extent that the benefits for the full range of end users exceed the costs of providing data, the current arrangement is inefficient, and fails to deliver the best outcome for Australian communities and taxpayers.
Research
From the evidence of research activities identified by this review, it has been found that less funding is directed towards understanding the effect of mitigation, value at risk and the process of coping with natural disasters compared with other areas of research such as risk management, vulnerability, hazard detection, policy and decision support. This limits the ability of decisionmakers to understand the baseline costs associated with exposure to natural disasters, as well as the benefits that could be achieved through mitigation.
Furthermore, while it is evident that there are strong networks among Australian researchers, from an end user perspective it is difficult to identify what relevant research activities are being undertaken, and to leverage research findings to better inform decision-making on resilience investments. While projects undertaken by the newly established Bushfire and Natural Hazards Cooperative Research Centre (BNHCRC) explicitly involve end users, this practice should be adopted more broadly. This could be supported through better transparency and evaluation of the outcomes of research activities.
The Roundtable's recommendations are
Consistent with the recommendation of ‘Building our Nation’s Resilience to Natural Disasters’, a National Resilience Advisor within the Department of Prime Minister and Cabinet would be well placed to address these issues. Developing resilient communities should be elevated to the centre of government decision-making to deliver effective and efficient co-ordination of activities across all levels of government, business and communities. Specifically, there is a need for continuous involvement of the full spectrum of end users in the development and application of natural disaster data and research, to unlock the full potential of Australia’s data and research capabilities.
This should be directly supported by a Business and Community Advisory Group to facilitate a more co-ordinated response and ensure that business and the not-for-profit sector are represented at the highest levels of policy development and decision-making.
More specifically, there are  three recommendations for an enhanced approach to natural disaster information.
The recommendations focus on the benefits possible through optimal end user decisions around data and research:
Efficient and open - deliver a national platform for foundational data Given that foundational data is used for a broad range of purposes, beyond the scope of natural disaster issues, the Australian Government should provide a single point of access for all Australians. While weather information and data on community demographics is consistently provided by the Bureau of Meteorology and the Australian Bureau of Statistics respectively, allocation of responsibility for consistent topography and geocoded asset data at the national level is required. A national platform for this broader key data would facilitate prioritisation across local government and state borders in the national interest.
Transparent and available - remove barriers to accessibility of data and research Access to data and research is restricted. Greater transparency across the system is required to identify the full range of end users and allow for the development of a system of optimal access which weighs up overall costs and benefits. There is a need for clear delegation of responsibility for hazard and impact data (such as hazard mapping) and a stronger approach for involving end users in research. This should also address concerns with legal liability, unnecessarily restrictive licensing and ensure standardisation across jurisdictions.
Enabling effective decision-making - establish a prioritisation framework A national prioritisation framework for investment in resilience should be established, consistent with the approach adopted by Infrastructure Australia1. This will enable best practice use of natural hazard data and research to be collected and disseminated and ensure an optimal outcome from investment in resilience for Australia, through focus on consistent, evidence-based cost-benefit analyses. This approach would build a common understanding of the nation’s areas of highest risk and also the most effective measures to reduce that risk and assist in prioritising the research agenda.

17 July 2014

UN HRC Privacy Report

The United Nations High Commissioner for Human Rights has released a short and formulaic report [PDF] on The right to privacy in the digital age
In its resolution 68/167, the General Assembly requested the United Nations High Commissioner for Human Rights to submit a report on the protection and promotion of the right to privacy in the context of domestic and extraterritorial surveillance and/or the interception of digital communications and the collection of personal data, including on a mass scale, to the Human Rights Council at its twenty-seventh session and to the General Assembly at its sixty-ninth session, with views and recommendations, to be considered by Member States. 
The Council, international relations being what they are, is an entity that on occasion has featured nations such as Iran and Syria that are guilty of egregious human rights abuses.

The Commissioner states
Deep concerns have been expressed as policies and practices that exploit the vulnerability of digital communications technologies to electronic surveillance and interception in countries across the globe have been exposed. Examples of overt and covert digital surveillance in jurisdictions around the world have proliferated, with governmental mass surveillance emerging as a dangerous habit rather than an exceptional measure. Governments reportedly have threatened to ban the services of telecommunication and wireless equipment companies unless given direct access to communication traffic, tapped fibre-optic cables for surveillance purposes, and required companies systematically to disclose bulk information on customers and employees. Furthermore, some have reportedly made use of surveillance of telecommunications networks to target political opposition members and/or political dissidents. There are reports that authorities in some States routinely record all phone calls and retain them for analysis, while the monitoring by host Governments of communications at global events has been reported. Authorities in one State reportedly require all personal computers sold in the country to be equipped with filtering software that may have other surveillance capabilities. Even non-State groups are now reportedly developing sophisticated digital surveillance capabilities. Mass surveillance technologies are now entering the global market, raising the risk that digital surveillance will escape governmental controls. 
Concerns have been amplified following revelations in 2013 and 2014 that suggested that, together, the National Security Agency in the United States of America and General Communications Headquarters in the United Kingdom of Great Britain and Northern Ireland have developed technologies allowing access to much global internet traffic, calling records in the United States, individuals’ electronic address books and huge volumes of other digital communications content. These technologies have reportedly been deployed through a transnational network comprising strategic intelligence relationships between Governments, regulatory control of private companies and commercial contracts.
The report's conclusions are
International human rights law provides a clear and universal framework for the promotion and protection of the right to privacy, including in the context of domestic and extraterritorial surveillance, the interception of digital communications and the collection of personal data. Practices in many States have, however, revealed a lack of adequate national legislation and/or enforcement, weak procedural safeguards, and ineffective oversight, all of which have contributed to a lack of accountability for arbitrary or unlawful interference in the right to privacy. 
In addressing the significant gaps in implementation of the right to privacy, two observations are warranted. The first is that information relating to domestic and extraterritorial surveillance policies and practices continues to emerge. Inquiries are ongoing with a view to gather information on electronic surveillance and the collection and storage of personal data, as well as to assess its impact on human rights. Courts at the national and regional levels are engaged in examining the legality of electronic surveillance policies and measures. Any assessment of surveillance policies and practices against international human rights law must necessarily be tempered against the evolving nature of the issue. A second and related observation concerns the disturbing lack of governmental transparency associated with surveillance policies, laws and practices, which hinders any effort to assess their coherence with international human rights law and to ensure accountability. 
Effectively addressing the challenges related to the right to privacy in the context of modern communications technology will require an ongoing, concerted multi-stakeholder engagement. This process should include a dialogue involving all interested stakeholders, including Member States, civil society, scientific and technical communities, the business sector, academics and human rights experts. As communication technologies continue to evolve, leadership will be critical to ensuring that these technologies are used to deliver on their potential towards the improved enjoyment of the human rights enshrined in the international legal framework. 
Bearing the above observations in mind, there is a clear and pressing need for vigilance in ensuring the compliance of any surveillance policy or practice with international human rights law, including the right to privacy, through the development of effective safeguards against abuses. As an immediate measure, States should review their own national laws, policies and practices to ensure full conformity with international human rights law. Where there are shortcomings, States should take steps to address them, including through the adoption of a clear, precise, accessible, comprehensive and non-discriminatory legislative framework. Steps should be taken to ensure that effective and independent oversight regimes and practices are in place, with attention to the right of victims to an effective remedy. 
There are a number of important practical challenges to the promotion and protection of the right to privacy in the digital age. Building upon the initial exploration of some of these issues in the present report, there is a need for further discussion and in-depth study of issues relating to the effective protection of the law, procedural safeguards, effective oversight, and remedies. An in-depth analysis of these issues would help to provide further practical guidance, grounded in international human rights law, on the principles of necessity, proportionality and legitimacy in relation to surveillance practices; on measures for effective, independent and impartial oversight; and on remedial measures. Further analysis also would assist business entities in meeting their responsibility to respect human rights, including due diligence and risk management safeguards, as well as on their role in providing effective remedies. 

16 July 2014

Post-Snowden changes to Aust National Security Law

The National Security Legislation Amendment Bill (No. 1) 2014 (Cth) introduced in the Australian Parliament today is intended to "modernise and improve the legislative framework that governs the activities of the Australian Intelligence Community", primarily the Australian Security Intelligence Organisation Act 1979 (Cth) and the Intelligence Services Act 2001 (Cth).

It is of particular interest as a response to Wikileaks and Snowden and for a more permissive approach to device/network access by national security agencies.

It reflects the 2013 Potential Reforms of Australia’s National Security Legislation report by the Parliamentary Joint Committee on Intelligence and Security, along with "some additional measures to update and strengthen the secrecy offences in the ASIO Act and the IS Act in relation to the intentional unauthorised communication, handling or treatment of intelligence-related information".

The Government states that
The Bill enhances the capability of our intelligence agencies in seven key areas:
  • Modernising ASIO’s statutory employment framework (Schedule 1) 
  • Modernising and streamlining ASIO’s warrant-based intelligence collection powers (Schedule 2) 
  • Strengthening ASIO’s capability to conduct covert intelligence operations, with appropriate safeguards and oversight (Schedule 3) 
  • Clarifying and improving the statutory framework for ASIO’s co-operative and information-sharing activities (Schedule 4) 
  • Enhancing the capabilities of IS Act agencies (Schedule 5) 
  • Improving protection of intelligence-related information (Schedule 6), and 
  • Renaming of Defence agencies to better reflect their roles (Schedule 7). 
Schedule 1 modernises ASIO Act employment provisions to more closely align them with Australian Public Service (APS) standards, streamlines and simplifies terminology used to describe employment and other relationships and makes consequential amendments to a range of other Acts

Schedule 2 modernises and streamlines ASIO's warrant based intelligence collection powers, including in relation to computer access warrants, surveillance devices and warrants against an identified person of security concern

Schedule 3 provides ASIO employees and ASIO affiliates with limited protection from criminal and civil liability in authorised covert intelligence operations (referred to as 'special intelligence operations')

Schedule 4 clarifies the ability of ASIO to co-operate with the private sector and enables breaches of section 92 of the ASIO Act, related to non-disclosure of identity obligations, to be referred to law enforcement agencies for investigation

Schedule 5 amends the IS Act to
enable Australian Secret Intelligence Service (ASIS) to undertake a new function of co-operating with ASIO in relation to the production of intelligence on Australian persons in limited circumstances, will create a new ground of Ministerial authorisation enabling ASIS to protect its operational security and will allow ASIS to train certain individuals in use of weapons and self-defence techniques. It will also extend immunity for IS Act agencies for actions taken in relation to an overseas activity of the agency, provide a limited exception for use of a weapon or self-defence technique in a controlled environment and clarify the authority of the Defence Imagery & Geospatial Organisation (DIGO) to provide assistance 
Schedule 6 relates to the protection of intelligence-related information by creating two new offence provisions and updating existing offence provisions, including by increasing penalties in the IS Act and ASIO Act.

Schedule 7 provides for the formal renaming of DIGO as the Australian Geospatial Intelligence Organisation (AGO) and the Defence Signals Directorate (DSD) as the Australian Signals Directorate (ASD).

The legislation is expected to update ASIO Act employment provisions to more closely align them with the APS standards, providing for the secondment of staff to and from ASIO and facilitating the transfer of ASIO employees to APS agencies while protecting their identity.

The Bill also seeks to enhance ASIO’s intelligence-collection powers by:
  • enabling it to obtain intelligence from a number of computers (including a computer network) under a single computer access warrant, including computers at a specified location or those which are associated with a specified person 
  • amending the current limitation on disruption of a target computer 
  • allowing ASIO to use third party computers and communications in transit to gain access to a target computer under a computer access warrant 
  • modernising provisions related to surveillance devices to better align them with the Surveillance Devices Act 2004 and improving their functionality and operation 
  • establishing an identified person warrant for ASIO to utilise multiple warrant powers against an identified person of security concern 
  • enabling warrants to be varied by the Attorney-General where minor changes in circumstances or administrative errors are identified 
  • facilitating the Director-General of Security to authorise a class of persons able to execute warrants rather than listing individuals 
  • clarifying that the search warrant, computer access, surveillance devices and identified person warrant provisions authorise access to third party premises to execute a warrant, and 
  • clarifying that force which is necessary and reasonable to do things specified in the warrant may be used at any time during the execution of a warrant, not just on entry 
The Bill seeks to introduce an evidentiary certificate regime in relation to special intelligence operations and specific classes of warrants issued under Division 2 of Part III of the ASIO Act to protect the identity of employees, sources and sensitive operational capabilities. The legislation is intended to
  • provide limited protection from criminal and civil liability for ASIO employees and affiliates, in relation to authorised special intelligence operations, subject to appropriate safeguards and accountability arrangements 
  • confirm ASIO’s ability to co-operate with the private sector 
  • enable breaches of section 92 of the ASIO Act (publishing the identity of an ASIO employee or affiliate) to be referred to law enforcement for investigation when it is not otherwise relevant to security 
  • enable the Minister responsible for ASIS to authorise the production of intelligence on an Australian person who is, or is likely to be, involved in activities that pose a risk to, or are likely to pose a risk to, the operational security of ASIS
  • enhance the ability of ASIS, without a Ministerial authorisation, to co-operate with ASIO when undertaking less intrusive activities to collect intelligence relevant to ASIO’s functions on an Australian person or persons overseas in accordance with ASIO’s requirements
  • enhance the ability for ASIS to train staff members of a limited number of approved agencies that are authorised to carry weapons in the use of weapons and self-defence and ensuring that ASIS is not restricted in limited circumstances from using a weapon or self-defence technique in a controlled environment (such as a gun club or rifle range or martial arts club) 
  • clarify the DIGO’s authority to provide assistance to Commonwealth, State and Territory authorities (and certain non-government bodies and foreign governments approved by the Minister for Defence) 
  • extend the protection available to a person who does an act preparatory to, in support of, or otherwise directly connected with, an overseas activity of an IS Act agency to an act done outside Australia, and 
  • enhance protections for information and records acquired or prepared by or for an intelligence agency in connection with the performance of its functions
That post-Snowden and post-Wikileaks enhancement involves -
  • updating sections 39, 39A and 40 in the IS Act, and increasing the penalties for existing unauthorised communication of information offences in the ASIO Act and the IS Act from two to ten years, to better reflect the culpability inherent in such wrongful conduct 
  • extending the existing unauthorised communication offences in the IS Act to the Defence Intelligence Organisation (DIO) and the Office of National Assessments (ONA) 
  • creating a new offence in the ASIO Act and the IS Act, punishable by a maximum of three years imprisonment, where a person intentionally deals with a record in an unauthorised way (for example, by copying, transcription, retention or removal), and 
  • creating a new offence in the ASIO Act and the IS Act, punishable by a maximum of three years’ imprisonment, in relation to persons who intentionally make a new record of information or matter without authorisation.

US Data Breach Metrics

The 24 page Information Exposed: Historical Examination of Data Breaches in New York State report [PDF] from the state Attorney General's office drew on mandatory reporting in offering some metrics on data breaches in the US.

A corresponding tabulation and analysis by government in Australia would be welcome.

The Attorney General comments that
the number of reported data security breaches in New York more than tripled between 2006 and 2013. As a result, in just eight years, the number of victims in New York has exploded. Over 22 million personal records have been exposed since 2006, jeopardizing the financial health and well-being of countless New Yorkers and costing the public and private sectors in New York — and around the world — billions of dollars. … 
Nearly 5,000 individual data breaches were reported to the NYAG by businesses, nonprofits, and government entities between 2006 and 2013. Together, these breaches exposed 22.8 million personal records of New Yorkers. The number of data security breaches reported annually to the NYAG more than tripled between 2006 and 2013 – and 2013 was a record-setting year, during which 7.3 million records of New Yorkers were exposed. So-called mega-breaches are also becoming increasingly common: Five of the ten largest breaches reported to the NYAG have occurred since 2011. 
In 2013, data breaches cost entities conducting business in New York upward of $1.37 billion. The overall cost of data security breaches is nothing short of staggering: In 2013 alone, breaches are estimated to have cost organizations doing business in New York State over $1.37 billion. Hacking intrusions – in which third parties gain unauthorized access to data stored on a computer system – were the leading cause of data security breaches among organizations conducting business in New York State, accounting for roughly 40 percent of all breaches between 2006 and 2013. Hacking attacks are driven primarily by the black-market value of personal information, which can fetch up to $45 per record. Reports of insider wrongdoing and inadvertent exposure have increased over the past eight years, with incidents of insider wrongdoing reaching their highest level in 2013. Although instances of lost or stolen equipment/documentation declined in recent years, these incidents are responsible for a significant portion of data breaches and personal record loss since 2006
Among other statistics the report claims that the 'retail services' sector was most likely to experience (or report?) a data breach, with estimated exposure as follows
Retail Services (54 reported breaches) - 163,319 people 
Financial Services (31) 624,000 
Health Care (29) 1,012,269 
Banking (27) 560,208 
Insurance (20) 72,138 
Professional Services (16) 788,280 
Educational Inst. (15) 103,787 
Government Agency (14) 86,548 
Loan Services (9) 133,866 
Hospitality (8) 16,091 
Technology (7) 13,195 
Telecommunications (4) 80,963 
Credit Reporting (3) 3,120 
Credit Card Company (2) 237,296 
Nonprofit (1) 507 
Public Utility (1) 50,456

15 July 2014

Medical Indemnity Claims Data

The Australian Institute of Health & Welfare has released a 175 page report [PDF] on Medical Indemnity Claims 2012-2013.

The report offers data on Australia’s public sector medical indemnity claims, and public and private sector claims combined, from 2008–09 to 2012–13. (There is an exclusion regarding public sector claims for Western Australia, which did not report claims data for 2010–11 to 2012–13.)

The AIHW comments that
Claims arise from allegations of negligence or breach of duty of care by health-care practitioners during the delivery of health services. A new claim is created when a reserve amount is placed against the costs expected to arise in closing the claim. A claim is closed after being finalised through a court decision, a negotiated settlement between claimant and insurer, or discontinuation (either by the insurer, or the claimant’s withdrawing the claim). 
Claim numbers 
The number of new public sector claims was less in 2012–13 (about 950) than any of the previous 4 years (1,200–1,400) while the number of closed public sector claims was higher (about 1,500) compared with the previous 4 years (1,100–1,400). 
The number of new private sector claims remained steady at 3,200 to 3,300 per year from 2010–11 to 2012–13. This was higher than the 2,300–2,500 new private sector claims in 2008–09 and 2009–10.  The number of closed private sector claims increased each year, from 2,400 to 3,800. 
There were about 14,000 public and private sector claims open at some stage during the year for the 2010–11 to 2012–13 years, compared with 12,500 for 2008–09 and 2009–10. 
New claims 
The proportion of new public and private sector claims (combined) against general practitioners was less in 2012–13 (23%) than any of the previous 4 years (28–32%). 
The proportion of new claims against Obstetrics and gynaecology specialists decreased from 12% in 2008–09 to 8% in 2012–13. The proportion of new claims allegedly associated with Digestive, metabolic and endocrine systems increased from 10% to 24% between 2008–09 and 2012–13. 
Closed claims 
Between 2008–09 and 2012–13, there was a decrease in the proportion of public sector claims closed for less than $10,000 and a corresponding increase in the proportion closed for $100,000 to less than $500,000. For public and private sector claims combined, there was little change over the years in the claim size category proportions, including the 63–65% closed for less than $10,000. 
Between 2008–09 and 2012–13 there was a trend towards 2 features associated with less costly claims: a higher proportion of claims associated with a mild rather than a severe extent of harm to the patient, and a shift towards more claims connected with a private medical clinic rather than a public hospital/day surgery. 
Length of time between health-care incident and claim closure 
With public sector claims, the length of time between health-care incident and when a claim was opened was on average about 2 years, and 3 to 4 years between the incident and when a claim was closed. 
The proportion of claims closed within 5 years of the incident fluctuated between 70% and 78% of claims with incident years between 2001–02 and 2007–08.

Recognition

The Joint Select Committee on Constitutional Recognition of Aboriginal and Torres Strait Islander Peoples has released its interim report.

The Committee was established to inquire into and report on steps that can be taken to progress towards a successful referendum on Indigenous constitutional recognition, with the resolution stating
 a Joint Select Committee on Constitutional Recognition of Aboriginal and Torres Strait Islander Peoples be appointed to inquire into and report on steps that can be taken to progress towards a successful referendum on Indigenous constitutional recognition, and in conducting the inquiry, the committee:
  • work to build a secure strong multi-partisan parliamentary consensus around the timing, specific content and wording of referendum proposals for Indigenous constitutional recognition; and 
  • consider:
  • the creation of an advisory group whose membership includes representatives of Aboriginal and Torres Strait Islander people to assist the work of the committee; 
  • the recommendations of the Expert Panel on Constitutional Recognition of Indigenous Australians; and 
  • mechanisms to build further engagement and support for the constitutional recognition of Aboriginal and Torres Strait Islander peoples across all sectors of the community, and taking into account and complementing the existing work being undertaken by Recognise.
The Expert Panel advising the Committee made the following recommendations:
Recommendations for changes to the Constitution 
That section 25 be repealed. That section 51(xxvi) be repealed. 
That a new ‘section 51A’ be inserted, along the following lines:
Section 51A Recognition of Aboriginal and Torres Strait Islander peoples 
Recognising that the continent and its islands now known as Australia were first occupied by Aboriginal and Torres Strait Islander peoples; 
Acknowledging the continuing relationship of Aboriginal and Torres Strait Islander peoples with their traditional lands and waters; 
Respecting the continuing cultures, languages and heritage of Aboriginal and Torres Strait Islander peoples; 
Acknowledging the need to secure the advancement of Aboriginal and Torres Strait Islander peoples; 
the Parliament shall, subject to this Constitution, have power to make laws for the peace, order and good government of the Commonwealth with respect to Aboriginal and Torres Strait Islander peoples.
The Panel further recommends that the repeal of section 51(xxvi) and the insertion of the new ‘section 51A’ be proposed together. 
That a new ‘section 116A’ be inserted, along the following lines:
Section 116A Prohibition of racial discrimination 
The Commonwealth, a State or a Territory shall not discriminate on the grounds of race, colour or ethnic or national origin. Subsection (1) does not preclude the making of laws or measures for the purpose of overcoming disadvantage, ameliorating the effects of past discrimination, or protecting the cultures, languages or heritage of any group.
That a new ‘section 127A’ be inserted, along the following lines:
Section 127A Recognition of languages 
The national language of the Commonwealth of Australia is English. The Aboriginal and Torres Strait Islander languages are the original Australian languages, a part of our national heritage. 
Recommendations on the process for the referendum 
In the interests of simplicity, there should be a single referendum question in relation to the package of proposals on constitutional recognition of Aboriginal and Torres Strait Islander peoples set out in the draft Bill (Chapter 11). 
Before making a decision to proceed to a referendum, the Government should consult with the Opposition, the Greens and the independent members of Parliament, and with State and Territory governments and oppositions, in relation to the timing of the referendum and the content of the proposals. 
The referendum should only proceed when it is likely to be supported by all major political parties, and a majority of State governments. 
The referendum should not be held at the same time as a referendum on constitutional recognition of local government. 
Before the referendum is held, there should be a properly resourced public education and awareness program. If necessary, legislative change should occur to allow adequate funding of such a program. 
The Government should take steps, including through commitment of adequate financial resources, to maintain the momentum for recognition, including the widespread public support established through the YouMeUnity website, and to educate Australians about the Constitution and the importance of constitutional recognition of Aboriginal and Torres Strait Islander peoples. Reconciliation Australia could be involved in this process. 
If the Government decides to put to referendum a proposal for constitutional recognition of Aboriginal and Torres Strait Islander peoples other than the proposals recommended by the Panel, it should consult further with Aboriginal and Torres Strait Islander peoples and their representative organisations to ascertain their views in relation to any such alternative proposal. 
Immediately after the Panel’s report is presented to the Prime Minister, copies should be made available to the leader of the Opposition, the leader of the Greens, and the independent members of Parliament. The report should be released publicly as soon as practicable after it is presented to the Prime Minister.

Hohfeld and property

'How to Do Things with Hohfeld' (University of Colorado Law Legal Studies Research Paper No. 14-4) by Pierre Schlag comments
 Wesley Newcomb Hohfeld’s 1913 article, Fundamental Legal Conceptions as Applied in Judicial Reasoning, is widely viewed as brilliant. A thrilling read, it is not. More like chewing on sawdust. The arguments are dense, the examples unfriendly, and the prose turgid. 
“How to Do Things With Hohfeld” is an effort to provide an accessible and sawdust-free account of Hohfeld’s article, as well as to show how and why his analysis of “legal relations” (e.g., right/duty, etc.) matters. Perhaps the principal reason is that the analysis furnishes a discriminating platform to discern the economic and political import of legal rules and legal regimes.
My project here is to offer a forward-leaning interpretation of Hohfeld — to show how and why his insights remain highly relevant today. The article engages with the jural relations, decomposition and recomposition, the bundle of relations, the critique of reification, and recent discussions in property theory as well as the “New Private Law.” I am keen on protecting Hohfeld’s platform from some (legal realist) over-extensions as well as showing how the views of the “Hohfeld critics” are in many ways consonant with Hohfeld’s own thinking. The article closes with some questions about the limitations of Hofheld’s approach.
'Liberalism and the Private Law of Property' by Hanoch Dagan in (2014) 1(2) Critical Analysis of Law reviews
Alan Brudner’s neo-Hegelian theory of property. It critically analyzes Brudner’s conceptualization of the moral significance of property for private sovereignty, his understanding of the relationship between individual independence and self-determination, and his account of what makes private law private. I argue that Brudner is wrong on all three fronts and, furthermore, criticize his account of the market’s putative legitimation of property and public law’s alleged amelioration of the injustices entailed by a private law libertarian scheme. 
Notwithstanding these failures, I salute Brudner’s ambitious and provocative project not only due to its many insights, but also because it helpfully elucidates the main strands of justification that property law must face. Indeed, a credible theory of property-for-self-determination must begin by remedying Brudner’s errors as per the moral significance of property for private sovereignty, the relationship between independence and self-determination, and the distinctive nature of private law. This Essay provides preliminary suggestions on all three fronts

14 July 2014

House of Representatives Committee report on Drones

The House of Representatives Standing Committee on Social Policy and Legal Affairs has released its 'Eyes in the sky: Inquiry into drones and the regulation of air safety and privacy' report [PDF].

The report reflects reference in the 2012-13 Annual Report of the Office of the Australian Information Commissioner to the regulation of Unmanned Aerial Vehicles (UAVs) and wearables such as GoogleGlass.

The Committee makes the following recommendations
Safety in the air 
R 1 The Committee recommends that the Australian Government, through the Civil Aviation Safety Authority, broaden future consultation processes it undertakes in relation to remotely piloted aircraft regulations so as to include industry and recreational users from a non- aviation background. Future consultation processes should identify and seek comment from peak bodies in industries where remotely piloted aircraft use is likely to expand such as real estate, photography, media, and agriculture, amongst others. 
Drones and privacy
R 2 The Committee recommends that the Australian Government, through the Civil Aviation Safety Authority (CASA), include information on Australia’s privacy laws with the safety pamphlet CASA currently distributes to vendors of remotely piloted aircraft. The pamphlet should highlight remotely piloted aircraft users’ responsibility not to monitor, record or disclose individuals’ private activities without their consent and provide links to further information on Australia’s privacy laws. 
R 3 The Committee recommends that the Australian Government consider introducing legislation by July 2015 which provides protection against privacy-invasive technologies (including remotely piloted aircraft), with particular emphasis on protecting against intrusions on a person’s seclusion or private affairs. 
The Committee recommends that in considering the type and extent of protection to be afforded, the Government consider giving effect to the Australian Law Reform Commission’s proposal for the creation of a tort of serious invasion of privacy, or include alternate measures to achieve similar outcomes, with respect to invasive technologies including remotely piloted aircraft. 
R 4 The Committee recommends that, at the late-2014 meeting of COAG’s Law, Crime and Community Safety Council, the Australian Government initiate action to simplify Australia’s privacy regime by introducing harmonised Australia-wide surveillance laws that cover the use of:
  • listening devices 
  • optical surveillance devices 
  • data surveillance devices, and 
  • tracking devices 
The unified regime should contain technology neutral definitions of the kinds of surveillance devices, and should not provide fewer protections in any state or territory than presently exist. 
R 5 The Committee recommends that the Australian Government consider the measures operating to regulate the use or potential use of RPAs by Commonwealth law enforcement agencies for surveillance purposes in circumstances where that use may give rise to issues regarding a person's seclusion or private affairs. This consideration should involve both assessment of the adequacy of presently existing internal practices and procedures of relevant Commonwealth law enforcement agencies, as well as the adequacy of relevant provisions of the Surveillance Devices Act 2004 (Cth) relating but not limited to warrant provisions. 
Further, the Committee recommends that the Australian Government initiate action at COAG’s Law, Crime and Community Safety Council to harmonise what may be determined to be an appropriate and approved use of RPAs by law enforcement agencies across jurisdictions. 
R 6 The Committee recommends that the Australian Government coordinate with the Civil Aviation Safety Authority and the Australian Privacy Commissioner to review the adequacy of the privacy and air safety regimes in relation to remotely piloted aircraft, highlighting any regulatory issues and future areas of action. This review should be publicly released by June 2016.
In discussing privacy aspects the Committee comments
Remotely piloted aircraft (RPAs) have the potential to pose a serious threat to Australians’ privacy. They can intrude on a person’s or a business’s private activities either intentionally, as in the case of deliberate surveillance, or inadvertently in the course of other activities like aerial photography, traffic monitoring or search and rescue. As RPAs become cheaper and more capable, and as the instruments they carry become more sensitive, they will provide governments, companies and individuals with the cost-effective capability to observe and collect information on Australians, potentially without their knowledge or consent. 
This chapter will examine Australia’s existing regulatory environment in relation to RPAs and privacy and examine issues to be taken into consideration to ensure that Australian privacy laws adequately address the risks posed by RPAs. 
A ‘fractured landscape’ – RPAs and privacy laws 
Australia’s privacy regime is complex. There is a range of Commonwealth, State and Territory statutes and common law principles. However, the laws are complex, at times outdated by emerging technology, and significant variations exist between jurisdictions. The Committee has heard Australia’s privacy regime variously described as a ‘fractured landscape’, or a ‘patchwork of laws’. The following section provides a brief overview of the legal principles relevant to RPAs and privacy. 
Just as it is critical to ensure that RPA use does not compromise public safety, so RPA use should not compromise the privacy of individuals or businesses. The capacity of RPAs to enter private property, to travel unnoticed, and to record images and sounds which can be streamed live create significant opportunities for privacy breaches. 
Research by the Australian Privacy Commissioner shows that Australians’ concern for their privacy has remained high in an environment where there are a growing number of ways in which it can be breached. Mr Timothy Pilgrim, the Privacy Commissioner, told the Committee that:
our community research, that we undertake every three to four years, consistently shows that the community remains concerned about what is happening with their personal information. The community is concerned to make sure that there are protections in place for that personal information. So rather than seeing it becoming an issue that is dying, as some commentators have said in the past, it is actually a constant within the community.
Like any new technology, RPAs have both positive and negative applications. In considering how to address the potential privacy issues RPA use might raise, Mr Pilgrim said: With such a new technology, the question comes down to how its use is going to be regulated. What are the ways in which it can be regulated so that we can still achieve the benefits that the technology can bring, at the same time as making sure that people have a right of recourse or a remedy if they believe their privacy has been invaded by misuse of those technologies? 
The Commonwealth Privacy Act 1988 (the Privacy Act) provides a number of privacy protections to the Australian public. It is intended to ensure Australians are provided with information on, and some degree of choice about, the collection and use of their personal information by governments and large businesses. 
The Privacy Act sets out thirteen privacy principles which govern how organisations should collect information, how they should manage it, and the circumstances under which it can be disclosed. The Office of the Australian Information Commissioner described the Act as ‘a set of principles that focuses on transparency in the way in which personal information is collected’. 
The Privacy Commissioner, Mr Pilgrim, told the Committee that: 
The federal Privacy Act applies to most Australian government agencies at the federal level and many private sector organisations. It does set an overarching set of principles that those entities must comply with in how they collect, use, disclose, provide access to and secure personal information as part of their roles. 
However, the Privacy Act does not provide Australians with comprehensive privacy protections. As Mr Andrew Walter from the Attorney-General’s Department (AGD) noted ‘[t]he Privacy Act does not apply to the collection and use of personal information by private citizens and does not provide overarching privacy protection for the individual’.6 
The Act contains exemptions for a number of groups. As such, the Privacy Commissioner noted that small businesses (with an annual turnover of less than $3 million), political organisations, media organisations, and individual citizens acting in the course of their personal, family or household affairs are not subject to the privacy principles. 
In addition to the limitations to the Privacy Act created by its exemptions, the Act is not intended to protect against intrusions into Australians’ private seclusion. Dr Roger Clark from the Australian Privacy Foundation said:
we identify privacy of personal behaviour ... as the interest that people have in not being intruded upon by undue observation or interference with their activities, whether or not data is collected— after which it would then move into another space. When we look at the Privacy Act ... it is all but irrelevant to behavioural privacy protection. It was designed that way; it was designed to deal with data protection only.
Therefore the Privacy Act offers substantial privacy protections in certain circumstances, but there are a number of situations in which it may not protect Australians against the invasive use of RPAs. 
 Mr Pilgrim noted that many States and Territories have privacy laws of their own, but that most of these are limited in much the same way as the Federal Act: there are a series of privacy laws within a number of the states and territories. These generally apply to the activities of state and territory government agencies as well, and tend to be limited to those entities. 
There are a range of additional laws that may protect against invasive or inappropriate use of RPAs. For example, each State and Territory has legislation that may make it illegal in certain circumstances to use a surveillance device to record or monitor private activities or conversations via listening devices, cameras, data surveillance devices or tracking devices. 
The Commonwealth Surveillance Devices Act 2004 regulates the lawful use of surveillance devices by Federal law enforcement agencies but, according to Ms Catherine Smith from AGD, ‘does not contain prohibitions on the use of surveillance devices’. Those prohibitions are found in the relevant State and Territory statutes, which, according to AGD, are inconsistent: These prohibitions on surveillance devices are found in the laws of the states and territories. We understand that the states and territories approach their surveillance devices prohibition laws differently. Also, the committee has heard that not all states have prohibited the use of all kinds of surveillance devices. 
The Committee has heard that, in addition to varying between jurisdictions, in some cases these laws are outdated. According to Professor Des Butler:
There are four of our jurisdictions that have surveillance devices laws [Listening Devices Act 1992 (ACT); Surveillance Devices Act 2007 (NSW); Surveillance Devices Act (NT); Invasion of Privacy Act 1971 (Qld); Listening and Surveillance Devices Act 1972 (SA); Listening Devices Act 1991 (Tas); Surveillance Devices Act 1999 (Vic); Surveillance Devices Act 1998 (WA).] Four of our jurisdictions have listening devices statutes that are simply not appropriate for the 21st century, and they really do need to have a look at what they are doing. Even within the surveillance devices statutes they are inconsistent. 
AGD informed the Committee that the use of RPAs as surveillance devices is already regulated, since they fall within the definition of ‘optical surveillance device’ or ‘listening device’ in the Commonwealth Surveillance Devices Act. However, Ms Catherine Smith from AGD noted that the Surveillance Devices Act was written to cover the use of surveillance devices physically attached to property, and did not envisage the use of mobile surveillance systems like RPAs. Ms Smith said that ‘it would be of benefit’ to review this legislation ‘in the future as technology develops’. 
In addition to surveillance laws, some States and Territories have laws which make photography for indecent purposes a criminal offence, or which prohibit observing or filming a person in a private place or when that person is engaging in a private act. These laws, though they were introduced with the intention of protecting against child abuse or voyeurism, may nonetheless provide limited privacy protection against invasive RPA use. 
There are also a range of State and Territory stalking and harassment statutes that may be used to protect against privacy breaches caused by RPA users, though again these are not consistent across jurisdictions. 
Finally, there are a number of common law torts which may also be relevant to RPA use. For example the torts of trespass, nuisance or breach of confidence may be available to people whose privacy has been invaded by RPAs, depending on the circumstances. 
However, given that these principles emerged well before the development of RPA technology and in response to substantially different circumstances, they do not provide reliable protection against inappropriate RPA use.
Possible shortcomings of the current privacy regime 
The previous section briefly outlined the range and complexity of the privacy laws that may apply in relation to RPAs. The Committee heard that this complexity has a number of unfortunate effects – in particular that: it may hinder access to remedies for breaches of privacy; RPA operators may face difficulties in complying with the law; and gaps in the law may exist which could need to be addressed. The following section discusses these concerns. 
Uncertainty and access to remedies 
The complexity of privacy laws generates considerable uncertainty as to the law’s scope and effect. Evidence suggested that Australia’s current privacy laws may not be sufficient to cope with the explosion of technologies that can be used to observe, record and broadcast potentially private behaviour. The Privacy Commissioner told the Committee that: there are a number of laws that, in one form or another, do regulate the handling of personal information. First of all, what I do not think we do have—and I would be the first to admit this from my position—is a completely clear understanding of whether those laws as they currently exist are going to do the job, or whether, because of the patchwork nature of some of those laws, there are going to be gaps which need to be filled when we take into account how these new technologies can be used within the community. 
In addition, Professor McDonald from the ALRC argued that lack of uniform laws negatively affects Australians’ privacy protections: In terms of the surveillance laws, that has been a very common response we have had from people—that uniformity across state boundaries is very highly valued. At the moment the lack of uniformity means that there is insufficient protection of people’s privacy, because people do not know what is against the law and what is not. 
In the same vein, Professor Des Butler noted that the lack of clarity in the law makes it more difficult for people who feel their privacy has been invaded to complain:
when you look at these various laws, it is a complex and messy thing anywhere ... That needs to be addressed and then, in addition, people need to be able to have some understandable means of complaint—easy means of complaint—when these things start to take off, so to speak.
Simple and clear ways to seek redress are particularly important in relation to privacy, since the very nature of privacy breaches may make people reluctant to seek remedies. As Professor Butler noted: part of the problem with any sort of breach of privacy is that a person who then seeks to get some sort of reparation for breach of privacy in fact breaches their own privacy again. So people may be reluctant to complain simply because it reignites the whole deal. 
While these issues are not specific to RPAs, the capability and increased use of RPAs test the privacy regime by increasing the likelihood of privacy breaches. 
Burden on industry 
In addition to the difficulties individuals may face in seeking remedies for inappropriate RPA use, Australia’s complex privacy environment may also cause problems for RPA operators. Dr Reece Clothier, speaking for the Australian Association of Unmanned Systems, argued that in addition to privacy protections being inadequate industry faces a substantial regulatory burden: we believe there is not much protection for the rights of the individual in terms of privacy in this country at the moment and that there is a patchwork of legislation across this country that is very difficult to navigate from the perspective of industry. 
Professor McDonald noted the difficulties faced in particular by media organisations: it is also insufficient protection for organisations like those in the media, because they find it difficult to know what they are doing, and if they operate—as all media now do—across state boundaries, they can be breaking the law in one state and cross  over a boundary and they are not breaking the law. So that clearly makes law much more complex. 
Journalist Mark Corcoran likewise highlighted the difficulties faced by media organisations as a result of Australia’s privacy patchwork:
There is a whole range of different laws in different states. That is where I think some of the media lawyers get sent grey before their time, trying to figure that out on a state-by-state basis.
In this environment, the Committee heard that some RPA businesses and industry groups have adopted voluntary privacy policies. Insitu Pacific, which as a Boeing subsidiary is one of Australia’s largest RPA companies, has done so. Mr Damen O’Brien, Insitu’s Senior Contracts Manager, said that:
Insitu Pacific understands and gets that there is a real concern out there about privacy ... we have a privacy policy. It is a set of principles which align very closely with the privacy act and which deal with what we understand privacy to be. 
Mr Brad Mason from the Australian Certified UAV Operators Association (ACUO) said that ACUO was in the process of developing a privacy policy. Mr Mason said that many of ACUO’s members already have privacy policies in place:
A lot of our members already adopt a privacy policy. If it is deemed that privacy may be an issue, then we will approach the people who may be affected and at least give them an opportunity to have their say, or voice their concerns or opinions before we actually put an aircraft in the air. 
The implementation of voluntary codes of conduct and privacy policies by commercial RPA operators is a commendable response to public concern about the potential for invasive RPA use. However, regulatory change may ultimately be necessary to address the issue of privacy-invasive technologies. 
Gaps in the law 
Existing laws may not be sufficient to cope with the specific privacy issues widespread RPA use might raise. For example, many State surveillance acts may not provide for inadvertent recording of private behaviour. This could create uncertainty for RPA operators in a range of contexts – for example aerial photography, survey or emergency management. 
In relation to this Mr Rodney Alder, representing the Australasian Fire and Emergency Service Authorities Council, said that:
my understanding at least with some of the state legislation ... [is] that the offence is actually committed at the time of the recording ... One of the most probable applications for UAVs is rapid damage assessments. So immediately after a fire or some other incident, it is a niche UASs can clearly operate in. There is a potential for inadvertent privacy breaches in that situation.
In addition, the Committee notes that Australia’s existing surveillance laws were written before the development of current RPA technology. While in some cases they are written in technology neutral language, and therefore may still apply to the use of RPAs, widespread RPA use and their developing capabilities may nonetheless require a reassessment of current laws. 
For example, while the use of listening devices is tightly regulated, according to the Commonwealth Surveillance Devices Act 2004, police may use RPAs as optical surveillance devices without a warrant so long as they do not enter onto premises without permission, or interfere with any vehicle or thing without permission. 
As such, it was suggested that law enforcement agencies could deploy cheap and widespread aerial surveillance capability without requiring a warrant. The Committee notes that both the AFP and the Queensland Police have indicated that at present they have no plans to use RPAs for surveillance purposes. While these responses are reassuring, the regulatory gap remains a concern. This is an issue where technology appears to have surpassed situations envisaged when the relevant regulations were drafted, and confirms the need for regulatory review. 
Private surveillance 
While many of the issues raised by roundtable participants highlight problems that may arise in the future, the Committee notes that RPA use by animal rights groups has already brought the complexities of RPA use and privacy into focus. At its first roundtable, the Committee heard debate about the extent to which Australia’s privacy laws should protect farmers from unauthorised use of RPAs to monitor farming facilities. 
The Committee is aware of media reports that animal protection groups have used RPAs to monitor agricultural facilities without their owners’ consent, with the intention of exposing animal cruelty or evidence of inaccurate claims about farms’ free-range status. Some farming groups do not consider the use of RPAs by activist groups to be appropriate. Ms Deborah Kerr of Australian Pork Limited said that:
our view would be that it is not the role of activist organisations to actually undertake those activities. We would prefer to see the appropriate regulators who are accorded the relevant authority to investigate those matters actually able to undertake those activities. We certainly would not be supporting activists to be undertaking drone activities above our producers’ properties.
Ms Kerr noted that that many farmers consider their production facilities to be private spaces: In fact, many of them would feel similar to what homeowners feel if they had been burgled: they would feel that they had been traumatised and that they had been invaded; they would feel dirty and that their staff had been put at risk. So dealing with the issue of privacy is a high priority. 
Voiceless, an Australian think tank which aims to raise awareness of animal cruelty, told the Committee that undercover investigations have revealed animal neglect, cruelty and illegal activity on some farms in the past. RPA surveillance could help reduce that activity: surveillance assists with reducing the rate of contravention of animal welfare regulations in our view, and it can be used not only by animal protection groups but also by enforcement arms like the  police or the RSPCA in each state or territory, or the Animal Welfare League in New South Wales, to monitor and therefore enforce animal protection legislation. 
Academic Mr Geoff Holland noted that surveillance of factory farming facilities has been effective in exposing illegal activity in the past: A number of prosecutions of farms where there has either been mistreatment of animals or prosecutions under the Australian Consumer Law, the Trade Practices Act, has arisen because of information obtained either through static cameras that have been installed or, more recently, through the use of drones, particularly in the areas with the ACCC taking action for farmers or producers of both meat and eggs that are claiming that they were free range, or raised under certain conditions, and yet the surveillance showed that that was false. 
The potential of RPAs to unobtrusively gain footage of illegal activities is enormous, and their use is obviously attractive to certain lobby groups. However, as with enforcement agencies, the unfettered use of RPAs to undertake surveillance operations and monitor the activities of an individual or a company is not consistent with the intent of privacy laws. 
If technology has now enabled situations not considered when aspects of privacy and surveillance laws were drafted, then there is a pressing need to review the current regime and its adequacy to respond to RPA use. 
Prospects for reform 
The issues outlined above illustrate that RPAs can give rise to significant privacy concerns. However, roundtable participants emphasised that RPAs are just one of many emerging technologies that have the potential to seriously affect privacy in Australia. Any reform of Australia’s privacy laws, they argued, should address the issue of privacy without focusing on specific technologies. 
In the first place, the use of RPAs is likely to prove extremely difficult to regulate. CASA’s Mr John McCormick noted that if and when large numbers of Australians begin purchasing consumer-level RPAs, CASA is unlikely to be able to regulate their use: 
From CASA’s point of view, if we now try to do something to say that you cannot operate a lightweight UAV unless you tell us— leaving aside the grey area of the model aircraft—when it becomes something that is commercially viable I would be in a situation of writing of regulation that I know I cannot enforce. That is bad law.
Further, RPAs are one among a large number of new technologies that may impact on Australians’ privacy. Journalist Mr Mark Corcoran noted that while RPAs provide ‘phenomenal capability’ to media organisations, other new technologies exist which might be used to invade people’s privacy: this is absolutely a surveillance technology, but I would argue that there are an equal number of other new technologies available that are equally invasive. 
Similarly, Dr Reece Clothier argued that, instead of focusing on the privacy threats posed by RPA use, it is necessary to take a broader view of how privacy is affected by technological advances:
We need to step away from this idea that it is a specific piece of technology or a specific device and say, ‘Let’s protect the interests of privacy’ ... Google Glass is a much more invasive technology that every person is going to be wearing in the next five years. So whether it is drones, Google Glass or the fact that I can collect metadata on your Facebook account and marry that up with your LinkedIn and actually track your movements, it is your personal information ... it is an issue much broader than unmanned aircraft. 
The Australian Privacy Foundation argued that, while RPAs give rise to some unique policy and legal problems, they highlight the inadequacies of Australia’s current privacy and surveillance laws:
the biggest problem is not drones per se; drones exacerbate existing massive deficiencies in surveillance law in Australia and ... we need to separate out those issues and solve the problems where the problems are. 
Dr Clothier also argued that any reform undertaken to address the privacy issues caused by RPAs should be carried out carefully:
I would hate to see legislation put in place that hamstrings the many beneficial applications of this emerging aviation industry and its flow-on effects for mining, agriculture, surf-lifesaving— everything—through a piece of legislation that is chasing the 0.0003 per cent of people or organisations that will misuse it. 
A tort of privacy 
The Committee notes that the Australian Law Reform Commission (ALRC) is conducting an inquiry into serious invasions of privacy in the digital era and has proposed that the Australian Government create a tort for serious invasion of privacy. Such a tort may serve to address some of the gaps and limitations in Australia’s existing privacy law. 
The Commission began its inquiry in June 2013 after a referral from then Attorney-General the Hon Mark Dreyfus QC MP. The inquiry’s terms of reference require the ALRC to consider the prevention of, and remedies for, serious invasions of privacy in the digital era. The ALRC’s inquiry was undertaken in response to: the rapidly expanded technological capacity of organisations not only to collect, store and use personal information, but also to track the physical location of individuals, to keep the activities of individuals under surveillance, to collect and use information posted on social media, to intercept and interpret the details of telecommunications and emails, and to aggregate, analyse and sell data from many sources. 
The ALRC released an issues paper on 8 October 2013 and invited submissions from interested parties. After a first round of submissions, the Commission released a discussion paper at the end of March 2014 which contained proposed recommendations. Further submissions, to a total of more than 120, have since been received. The Commission’s inquiry has been of considerable breadth and depth. 
In its discussion paper, the ALRC proposed the creation of an action in tort for serious invasion of privacy. The proposed tort would be created by a Commonwealth Act and would define two types of fault – intrusion upon a person’s seclusion or private affairs, and misuse or disclosure of private information. The tort would be confined to intentional or reckless invasions of privacy, and would only apply where a person had a reasonable expectation of privacy. 
The ALRC further proposed that the cause of action should only be available where the invasion of privacy is determined to be serious, and that the courts should balance a person’s right to privacy against competing principles – including freedom of expression (especially freedom of political communication), press freedom, open justice, public health and safety, and national security. 
The ALRC has also proposed that the various pieces of Australian surveillance and workplace surveillance legislation should be harmonised. These changes, if enacted, would address a number of issues with Australia’s privacy regime which have been identified in the course of this inquiry . 
The ALRC is required to present its report to the Attorney-General, Senator the Hon George Brandis QC, by 30 June 2014. The Attorney- General has 15 sitting days in which to table the report in Parliament. This would require the report to be released by September 2014. A timetable for a Government response to the ALRC has not been established. 
Committee comment 
 RPA use raises serious privacy issues for Australians, and the problem will deepen as RPAs become cheaper and the cameras and sensors they carry become more sensitive. Given the ease with which RPAs can be bought locally, or imported, it will be very difficult to enforce regulatory compliance. Media reports indicate that RPAs are already being put to unsafe and potentially invasive uses. 
Given the complexity of Australia’s privacy regime, it is likely that the majority of RPA users are unaware of the specific circumstances in which  their RPA use may breach someone’s privacy. The Committee takes the view that steps should be taken to better inform the breadth of RPA users about possible privacy breaches and the need to operate RPAs responsibly. 
Recommendation 2 
The Committee recommends that the Australian Government, through the Civil Aviation Safety Authority (CASA), include information on Australia’s privacy laws with the safety pamphlet CASA currently distributes to vendors of remotely piloted aircraft. The pamphlet should highlight remotely piloted aircraft users’ responsibility not to monitor, record or disclose individuals’ private activities without their consent and provide links to further information on Australia’s privacy laws. 
While it is difficult to prevent the misuse of new technologies, it may be possible to give people who have been the victims of that misuse easier access to justice. The current complexity of Australian privacy law is a burden to these individuals that should be addressed. 
The Committee emphasises that while RPAs pose specific privacy problems, they are just one of many emerging technologies that have privacy implications. Addressing the issues RPA use raises should be part of a broader effort to update Australian privacy law to deal with the gamut of invasive technologies. 
The Committee notes that the ALRC’s inquiry into serious invasions of privacy in the digital era is nearing completion. The Committee notes from its discussion paper that the ALRC may recommend the creation of a tort of serious invasion of privacy, and that it may recommend the standardisation of surveillance and harassment laws across jurisdictions. There is a clear need for reforms of this type.  
Recommendation 3 
The Committee recommends that the Australian Government consider introducing legislation by July 2015 which provides protection against privacy-invasive technologies (including remotely piloted aircraft), with particular emphasis on protecting against intrusions on a person’s seclusion or private affairs. The Committee recommends that in considering the type and extent of protection to be afforded, the Government consider giving effect to the Australian Law Reform Commission’s proposal for the creation of a tort of serious invasion of privacy, or include alternate measures to achieve similar outcomes, with respect to invasive technologies including remotely piloted aircraft. 
Recommendation 4 
The Committee recommends that, at the late-2014 meeting of COAG’s Law, Crime and Community Safety Council, the Australian Government initiate action to simplify Australia’s privacy regime by introducing harmonised Australia-wide surveillance laws that cover the use of:
  • listening devices 
  • optical surveillance devices 
  • data surveillance devices, and 
  • tracking devices
The unified regime should contain technology neutral definitions of the kinds of surveillance devices, and should not provide fewer protections in any state or territory than presently exist. 
The Committee notes that law enforcement agencies have stated that at present they have no plans to use RPAs in a surveillance capability. However it is apparent that, given the rate at which RPA technology is developing, Australia’s law enforcement agencies will soon have access to cost-effective mass surveillance technology. 
Moreover, evidence to this inquiry has indicated that the Commonwealth Surveillance Devices Act is no impediment to the deployment of that capability by law enforcement agencies. Australia’s surveillance laws were not designed with this capability in mind and, in order to protect Australian citizens’ rights and freedoms, the Committee is of the view that the use of RPAs for surveillance should be subject to a rigorous approval process. 
Recommendation 5 
The Committee recommends that the Australian Government consider the measures operating to regulate the use or potential use of RPAs by Commonwealth law enforcement agencies for surveillance purposes in circumstances where that use may give rise to issues regarding a person's seclusion or private affairs. This consideration should involve both assessment of the adequacy of presently existing internal practices and procedures of relevant Commonwealth law enforcement agencies, as well as the adequacy of relevant provisions of the Surveillance Devices Act 2004 (Cth) relating but not limited to warrant provisions. Further, the Committee recommends that the Australian Government initiate action at COAG’s Law, Crime and Community Safety Council to harmonise what may be determined to be an appropriate and approved use of RPAs by law enforcement agencies across jurisdictions. 
RPAs have introduced privacy and safety issues not conceived of a decade ago. The Committee is aware that the technology of RPAs a decade from now may exceed what we can currently imagine. Given the seriousness of both privacy and air safety and the expected surge in the use of low cost RPAs, the Committee considers it imperative that a forward plan is in place to monitor RPA use and regulation. 
While the current work of CASA and the ALRC is appropriately addressing current issues, a more coordinated approach for the future is required. Further, given the diversity of users and rapid technological change, there must be better coordination in the review and development of privacy and air safety regulation relating to RPAs.
Recommendation 6 
The Committee recommends that the Australian Government coordinate with the Civil Aviation Safety Authority and the Australian Privacy Commissioner to review the adequacy of the privacy and air safety regimes in relation to remotely piloted aircraft, highlighting any regulatory issues and future areas of action. This review should be publicly released by June 2016.