A review of Australia’s Privacy Act 1988 was never going to be easy. It has tentacles across every area of internet-connected life and electronic safety, including the pyrophoric issue of how to define what exactly is “in the public interest”.
When Scott Morrison’s Coalition government announced a review, Labor welcomed it, agreeing to a majority of its suggested changes.
The newly-elected Labor could have finished the job and ushered the changes through a mostly agreeable parliament. But, soon after it released its formal response to the Privacy Act Review on September 28, Hamas attacked Israel and Israel retaliated with what the International Court of Justice believes could constitute a genocide.
As the world shivers in the lengthening shadow of Benjamin Netanyahu’s attacks on Gaza, university protests across Australia continue and, each week, thousands take to the streets in solidarity with Palestinians.
Amid growing condemnation of the number of people, particularly women and children, being killed, the conversations from a WhatsApp group of 600 Jewish lawyers, academics and journalists were allegedly leaked by pro-Palestinian activists in early February.
It didn’t take long for Prime Minister Anthony Albanese to tell Radio 2GB it was “completely unacceptable” and that no one should be targeted “because of their religion”.
Albanese told 2GB he had asked Attorney-General Mark Dreyfus to bring forward the doxxing laws “as soon as possible”.
Doxing laws
Doxxing is defined as “the act of publicly releasing personally identifiable information about an individual or organisation without their consent, usually via the internet”.
Whether it is good practice to outlaw such an act is a political and legislative minefield.
Facing a future of artificial intelligence (AI) robots, self-aware algorithms and deep fake revenge porn, it quickly becomes an ethical and legal nightmare.
The government’s anti-doxxing proposal covers: de-anonymising doxxing — revealing someone’s identity; targeting doxxing — revealing specific information which allows someone to be contacted or located, or their online security to be breached (e.g. phone number, home address, account username and password); and de-legitimising doxxing — revealing sensitive or intimate information about someone that could damage their credibility or reputation (e.g. private medical or legal records, or personal messages and photos usually kept private).
Such actions can destroy victims’ lives. But they are already an offence under federal and state laws, which prohibit using a carriage service to “menace, harass or offend”.
One of the original privacy reforms supported by Labor already included consultations on criminalising “malicious re-identification of de-identified information where there is an intention to harm another or obtain an illegitimate benefit”.
Laws must be crystal clear that revelations that are in the public interest are indeed a “legitimate benefit”, especially when it concerns the integrity of government processes.
Albanese’s knee-jerk reaction to the WhatsApp leak in February is a perfect demonstration of why.
Rushed bills
Attorney-General Mark Dreyfus announced on March 11 that anti-doxxing provisions would be added to the Privacy Act Review. Advocates and legal experts were blindsided by Dreyfus’ decision for a short public consultation period, from March 11–28.
The hurried announcement and apparent lack of consultation raises serious questions about the integrity of the entire process.
Crikey revealed on March 20 that the anti-doxxing legislation was so hastily included in the Privacy Review that the PM had not even consulted with his own departments.
Crikey’s FOI’s revealed there had been no external legal advice, no consultation with Cabinet, with even the e-Safety Commissioner seemingly caught completely by surprise.
It seems the very people paid to provide expert impartial advice on the legislative ramifications were bypassed in what appears to be the PM’s push for pro-Israel PR.
User-pays accountability
The lack of consultation ensured the government’s discussion paper was torn apart by critics.
David Shoebridge, NSW Greens Senator for Justice and Digital Rights spokesperson, criticised the proposal over concerns that, like defamation law before it, flawed definitions may allow it to be used by the rich and powerful to silence legitimate complaint.
“These doxxing laws appear to be a knee jerk reaction rather than a serious attempt to identify where doxxing is really occurring and causing harm to individuals,” Shoebridge said.
Shoebridge called the current proposal “confused and unhelpful,” amid concerns it may also be used by governments to silence independent journalists and whistleblowers who release previously protected information to force public accountability in the public interest.
Digital Rights Watch Australia (DRWA) also questioned its veracity, backing up Shoebridge’s concerns about its potential to be weaponised by powerful people.
It said, via email: “The thing is, sometimes when a person’s wrongdoing is revealed, that can affect their credibility or reputation. That’s accountability, baby!”
After campaigning for years for democratic privacy reform, DRWA was alarmed at the rushed inclusion of doxxing.
“While a statutory tort might cover some kinds of doxxing, we think the purpose of this reform is much bigger, and we see some dangers in seeking to shoehorn in other issues at this late stage.”
DRWA says it remains engaged in the process to ensure laws don’t pave the way for abuse, or derail crucial privacy reform completely.
It would be unfortunate if what could have been a bipartisan reform — which could have particularly helped women, who the government’s own e-Safety Commissioner reports are too often targeted for doxxing and internet abuse — has been undermined by the prime minister prioritising a PR punch over policy integrity.
The reforms are scheduled to be tabled in August.
[Suzanne James has a background in writing policy, governance, risk management and regulatory compliance frameworks and in legislative compliance application.]