Electronic Frontiers Australia

Australia leads in disability access, thanks to copyright changes

Braille display. Image: Sebastien.delorme. CC-BY-SA

Australians with a disability will have some of the strongest rights to access content in the world, thanks to changes to Australia’s copyright laws passed this week.

Copyright peak body the Australian Digital Alliance elatedly welcomed the new laws. Executive Officer, Jessica Coates said: "This is a great step forward for all the Australians who have struggled to get content in the formats they need, whether that be large print, braille or other accessible formats. These amendments ensure that copyright law no longer prevents Australians with a vision impairment or other disability from accessing the books, websites and other essential information others take for granted."

The legislation, which passed the Senate this week, will finally implement Australia’s obligations under the Marrakesh Treaty to Facilitate Access to Published Works for Persons Who Are Blind, Visually Impaired or Otherwise Print Disabled.

"Australia took a leadership role in bringing about this treaty, and it is great to see us continuing to lead the world in its implementation" said Ms Coates.

This article is by the Australian Digital Alliance and is republished here under a Creative Commons Attribution (CC-BY) licence. It has been edited slightly for context. See the original article.

Under the Copyright Amendment (Disability Access and Other Measures) Act 2017, whenever content - be it a book, film, online resource or government publication - is not accessible to a person with a disability because it is not available in the format they need, they or someone on acting on their behalf will be able to convert the work into the required format. The amendments remove the redundant bureaucratic hoops that currently consume disability organisations’ time and money, and promise access to the vast libraries of accessible materials that are available overseas.

The legislation also brings significant benefits to Australia’s libraries, archives, schools and universities. It fixes the previously broken and outdated preservation exceptions, ensuring cultural works will be there for future generations. It also frees schools and universities from unnecessary and costly bureaucracy and increases their ability to use the latest technologies to reach students wherever they are.

Perhaps most excitingly, as a result of these changes, on 1 January 2019 millions of unpublished works that have until now remained locked behind outdated and unjustifiable perpetual copyright laws will become free for all to use.

"From celebrity letters and war diaries, to recipe scrapbooks and theses, all of these items will be able to be digitised and shared online by our cultural and educational institutions. This will provide a major new resource for all Australians who appreciate the value of history - be they artists, researchers, teachers or innovators" said Ms Coates.

Many other changes are still needed in Australia’s copyright law to ensure that these new rights can be fully effective, and that our laws remain fit for purpose in a digital age. However, these new laws are a positive start, and will be world-changing for many Australians. The government and all who have worked hard over many years to bring them to pass are to be congratulated.

Related Items:

Copyright Amendment Bill passes: onwards to Fair Use

Electronic Frontiers Australia – the country’s leading digital rights advocacy organisation –welcomes today’s passage of important updates to Australia’s Copyright Act and calls for urgent progress towards more comprehensive reform that will make Australia’s copyright system fit for purpose in the digital age.

The Copyright Amendment (Disability Access and Other Measures) Bill contains a number of important changes that will benefit Australia’s schools, universities, libraries, galleries and museums. These changes will:

  • streamline the process of negotiating statutory licences for the education sector;
  • remove absurd restrictions which have prevented libraries, galleries and museums from protecting their collections for the future; and
  • finally allow millions of unpublished works, such as diaries and personal correspondence to be made available.

The Bill also implements Australia’s obligations under the Marrakesh Treaty for the Blind and Vision Impaired, a global treaty which addresses equity of access to content by removing impediments to the creation of accessible format versions.

EFA is pleased to note that the Bill allows for the creation of accessible format versions of content to address any form of disability and therefore exceeds the obligations set out in the Treaty.

EFA is however disappointed that the simple fix to the copyright safe harbour scheme that would extend it beyond carriage service providers was left out of the Bill, but understands that the government is leading good faith negotiations which are proceeding towards a resolution of this issue in the near term.

Extending the copyright safe harbour scheme will provide legal certainty for all Australian organisations that provide online services, from schools and universities to technology start-ups and service platforms, while delivering low-cost mechanisms for rights-holders to request for infringing content to be removed, and ensuring that Australian consumers will have recourse against frivolous and erroneous takedown requests.

The Copyright Amendment (Disability Access and Other Measures) Bill therefore provides important but only incremental steps towards a copyright system that is fit for purpose in the digital age.

What is now required is the introduction of a broad, flexible fair use exception into Australia's Copyright Act.

As EFA Chair David Cake said today, “while the amendments passed today are both welcome and important, if Australia is to fully realise the social, economic, artistic and educational benefits offered by digital technology, then we must introduce fair use into our copyright system. Fair use strikes an appropriate balance between the legitimate rights of all parties, providing space for creative acts, technological and service innovation, social interaction and political speech, while protecting the interests of copyright-holders.”

Such an exception has now been recommended by no less than six separate inquiries over the last two decades, most recently by the Australian Law Reform Commission in 2014 and the Productivity Commission in December 2016.

EFA therefore calls on the government to introduce legislation to implement a broad flexible fair use exception into Australia’s Copyright Act without further delay.

Fair Copyright for Australia Campaign

In partnership with the Australian Digital Alliance, EFA is running the Fair Copyright for Australia campaign.

If you support the introduction of fair use in Australia, please get behind the campaign. You can:


Related Items:

Reincorporation project

Members should be aware that a project is underway to reincorporate EFA as a Company Limited by Guarantee.

As part of this process, a consultation period on a new Draft Constitution is now underway.

Members are encouraged to review the Draft Constitution, along with detailed explanatory notes and the answers to questions already submitted on our New Constitution page.

Related Items:

When is 'not a backdoor' just a backdoor? Australia's struggle with encryption

Image: Luis (Flickr). CC-BY-NC

The Australian government wants the ability to read messages kept secret by encryption in the name of aiding criminal investigations. But just how it proposes to do this is unclear.

As Australian Attorney-General George Brandis recently told Fairfax:

At one point or more of that process, access to the encrypted communication is essential for intelligence and law enforcement.

In an interview with Sky News, he spoke favourably of controversial UK legal powers that seek to impose on device makers and social media companies “a greater obligation to work with authorities where a notice is given to them to assist in ‘breaking’ a communication”.

Brandis has insisted the government doesn’t want a “backdoor” in secure messaging apps. How, then, he expects companies to “break” them is unclear.

As many have pointed out, it’s hard to see any tool that gives law enforcement privileged access to otherwise encrypted messages as anything else but a “backdoor”.

This article is by Robert Merkel, Lecturer in Software Engineering at Monash University and was originally published in The Conversation. It is republished here under a Creative Commons Attribution Share-Alike (CC-BY-SA). See the original article.

How end-to-end encryption works

Backdoor or not, it’s worth being sceptical of any mechanism aimed at accessing encrypted messages on platforms like WhatsApp. To explain why, you need to understand how end-to-end encrypted messaging services work.

Encrypted messaging servers scramble the original message, the “plaintext”, into something that looks like random gibberish, the “cyphertext”.

Translating it back to plaintext on the receiver’s phone depends on a “key” – a short string of text or numbers. Without access to the key, it isn’t feasible to get the plaintext back.

Image: Elya/joshbressers/The Noun Project composite. CC-BY

Keys are generated in pairs, a public key and a private key, of which only the private key must be kept secure. The sender of the secure message has the receiver’s public key, which is used to encrypt the plaintext. The public key cannot be used to unscramble the cyphertext, nor does possessing the public key help in obtaining the private key.

End-to-end encryption simply keeps the private key securely stored on the phones themselves, and converts the cyphertext to plaintext directly on the phone. Neither the private keys nor the plaintext are ever available to the operator of the messaging service.

Compromising security

An encrypted messaging app could hypothetically be modified in a number of ways to make it easier for authorities to access.

One would be to restrict the range of keys that the app can generate. That would make it possible for the government to check all possibilities.

The US government, which imposed regulations to this effect for a brief period in the 1990s, may have once had computing resources far in excess of any other entity, but this is no longer the case. In fact, these old rules are themselves still causing security problems, as some applications can be tricked into reverting to the insecure “export mode” encryption that is trivially crackable today.

Other national governments and well-funded private bodies would find “brute force” checking of all the possible keys well within their capabilities, compromising the security of legitimate users.

And while governments might believe they can keep their “backdoor” secure, such secrets have a nasty habit of leaking out, as did hacking techniques used by the CIA and NSA.

George Brandis: in the UK, authorities are able to impose obligations on device makers to cooperate on encryption. https://t.co/dlBhjeL3yh pic.twitter.com/EagLjgockT

— Sky News Australia (@SkyNewsAust) June 10, 2017

Nor can governments simply make possessing encryption software a criminal offence.

Take the application Pretty Good Privacy (PGP) – or, more precisely, its open-source equivalent GNU Privacy Guard (GPG).

Once used for securing email messages, it’s now more often used to ensure software updates on Linux systems are from the original authors and have not been tampered with. For instance, the system update tool in Ubuntu Linux uses the GPG machinery for this. Without it, the Linux servers that run much of the internet would become much more vulnerable to hackers.

Similar mechanisms are used in Windows, iOS and Android to prevent tampered applications from being installed. As such, banning or undermining end-to-end encryption would seriously affect internet security.

Endless workarounds

In any case, creating backdoors in end-to-end encrypted messaging services would not achieve its goals. Once messaging app backdoors became known, savvy users would simply switch to another service, or make their own.

Most popular secure messaging apps, such as WhatsApp and Facebook’s secure messaging mode, use a system originally developed by Open Whisper Systems for the Signal secure messaging app. Anyone can download the source code and set up their own version.

But let us assume for a moment that the Australian government somehow forces users to use messaging apps that give the government access. While this would impose a minor inconvenience on those wishing to communicate securely, it would do little more.

It would be possible to develop a separate encryption app that encrypts the message. Using digital steganography, the encrypted message could be hidden within a photo or video file; this could then be sent as an attachment. The government’s access to the messaging app would then be moot.

While they may – with some effort – be able to discover the existence of the hidden messages in media file attachments, they would still be unable to decrypt the message.

To date, the ideas floated by the Australian and British governments on end-to-end encryption could most charitably be described as vague.

They would be wise to consult experts to come up with proposals grounded in technical reality if they wish to be taken seriously by the technology industry.

Related Items:

Open Rights Group: The London Attacks

Open Rights Group condemns the appalling attack at London Bridge; this is not only a violent assault on individual lives but an attack against the freedom and security we enjoy in the UK.

It is disappointing that in the aftermath of this attack, the Government’s response appears to focus on the regulation of the Internet and encryption.

This could be a very risky approach. If successful, Theresa May could push these vile networks into even darker corners of the web, where they will be even harder to observe.

But we should not be distracted: the Internet and companies like Facebook are not a cause of this hatred and violence, but tools that can be abused. While governments and companies should take sensible measures to stop abuse, attempts to control the Internet is not the simple solution that Theresa May is claiming.

Real solutions—as we were forced to state only two weeks ago—will require attempts to address the actual causes of extremism. For instance, both Jeremy Corbyn and Theresa May have drawn attention to the importance of finding solutions to the drivers of terrorism in countries including Syria, Iraq and Libya.

Debating controls on the Internet risks distracting from these very hard and vital questions.

This article is by Jim Killock, Executive Director of the UK's leading digital rights advocacy organisation, Open Rights Group. It is republished here under a Creative Commons Attribution-ShareAlike (CC-BY-SA) licence. See the original article. We have chosen to republish this article, and their previous statement about the Manchester attack to emphasise EFA's support for ORG's position. As we've also said in the past, EFA firmly rejects any law, policy, or mandate that would undermine digital security.

Related Items:

The Future of Ransomware

Ransomware isn't new, but it's increasingly popular and profitable.

The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step-by-step instructions on how to pay, sometimes even offering a help line for victims unsure how to buy bitcoin. The price is designed to be cheap enough for people to pay instead of giving up: a few hundred dollars in many cases. Those who design these systems know their market, and it's a profitable one.

The ransomware that has affected systems in more than 150 countries recently, WannaCry, made press headlines last week, but it doesn't seem to be more virulent or more expensive than other ransomware. This one has a particularly interesting pedigree: It's based on a vulnerability developed by the National Security Agency that can be used against many versions of the Windows operating system. The NSA's code was, in turn, stolen by an unknown hacker group called Shadow Brokers ­widely believed by the security community to be the Russians­ in 2014 and released to the public in April.

Microsoft patched the vulnerability a month earlier, presumably after being alerted by the NSA that the leak was imminent. But the vulnerability affected older versions of Windows that Microsoft no longer supports, and there are still many people and organizations that don't regularly patch their systems. This allowed whoever wrote WannaCry ­-- it could be anyone from a lone individual to an organized crime syndicate -- to use it to infect computers and extort users.

The lessons for users are obvious: Keep your system patches up to date and regularly backup your data. This isn't just good advice to defend against ransomware, but good advice in general. But it's becoming obsolete.

This article is by internationally-renowned security technologist Bruce Schneier and this excerpt is published here with permission. Read the full article at Bruce's Schneier on Security blog.


Related Items:

Open Rights Group: The Manchester attack

Open Rights Group wishes to express its sympathy for the victims of the vile and brutal attack in Manchester. We condemn these violent attacks, which seem even more abhorrent when deliberately targeted at children and young people.

We hope that law enforcement and intelligence agencies will help to bring those involved in these attacks to justice and we support their work combating terrorism. We believe that these agencies need powers of surveillance to do this.

However, we also believe that there must be limits to these powers in order to preserve the democratic values of freedom and liberty - the same values that terrorists want to undermine. This is the central challenge of the moment, in our view.

This article is by Jim Killock, Executive Director of the UK's leading digital rights advocacy organisation, Open Rights Group. It is republished here under a Creative Commons Attribution-ShareAlike (CC-BY-SA) licence. Emphasis has been added. See the original article.

There are many emotions and reactions that flow from this event. Solidarity, the need to comfort as best possible; the value we place in our communities and the human aid that people have given to help people directly affected. But there is also fear, hatred and a desire to do anything that could prevent such an attack from happening again.

The political response to this attack is complicated by the fact that it is has taken place in the middle of an election. Campaigning has been put on hold but politicians cannot help but be aware that their response will affect the outcome of the election - and this could see policies that exploit public fears.

The traditional response in the UK is to first commit to British values, and say that terrorists will never remove these; and then to try to reassert a sense of security and control by showing that security measures will be stepped up.

Often these attempts are highly misleading. Security measures can be helpful, but building a security state will never be enough to stop terrorism. Terrorism needs to be dealt with at source, through changes in politics and society. As long as we have failed states in Libya, Syria and elsewhere, we will not be safe. We do not wish to gloss over the complexity and difficulty of tackling these issues, but changes there are the first step to reducing the threats of terrorism.

Meanwhile, surveillance including mass surveillance appears to be leading to more information than can be effectively processed, with known individuals escaping investigation because they are too numerous for the authorities to pursue them all. In this case, even human resources may face limits, as expansion of staff numbers can lead to bureaucratisation and new bottlenecks. Terrorists can also adapt their behaviour to avoid surveillance technologies, by changing their tech, avoiding it altogether, or simplifying their operations to make them less visible.

This does not mean we should give up, nor does it mean that technology can play no role in surveillance. It does however mean that we should not assume that claims of resources and powers will necessarily result in security.

ORG is concerned that the Government’s use of investigatory powers to ostensibly keep us safe can themselves be exploited by criminals and terrorists.

It is worrying to hear that in the wake of these attacks, the Home Office wants to push ahead with proposals to force companies to weaken the security of their products and services through “Technical Capability Notices” (TCNs). These are notices that can be issued to a company to force them to modify their products and services so that the security agencies can use them to access a target’s communications.

The Government already has these powers on the statute book, as they were outlined in the Investigatory Powers Act, passed last December. To make the powers active, they must pass a regulation that gives more detail about how TCNs could be used.

Recently, the Home Office held a ‘targeted’ consultation about the new regulations. The draft was only sent to a few companies for their response, even though, these powers could affect the digital security of people in the UK and beyond.

As a result, ORG leaked the proposals so that affected businesses and individuals could raise their concerns with the Home Office. Over 1,400 ORG supporters sent their comments to the Home Office and ORG also submitted a response that we published here.

Our core concern is that using TCNs to force companies to limit or bypass encryption or otherwise weaken the security of their products will put all of us at greater risk. Criminals could exploit the same weaknesses. Changes to technology at companies merely need to be ‘feasible’ rather than ‘safe’ or ‘sensible’ for users or providers.

The recent #WannaCry hack demonstrated how a vulnerability discovered by the National Security Agency (NSA) to access their target’s communications was then used by criminals. These are powers involving different technologies but the principle remains the same: Governments should be doing all they can to protect our digital security.

Another concern is that TCNs may be served on companies overseas, including WhatsApp, owned by Facebook. These have assets in the UK and can easily be targeted for compliance. Others such as WhisperSystems who produce Signal have no UK assets. The UK appears to be deliberately walking into an international dispute, where much of the legal debate will be entirely hidden from view, as the notices are served in secret, and it is not clear what appeal routes to public courts really exist. Other governments, from Turkey to China, will take note.

Powers must be proportionate, and agencies should not be given a blank cheque. Justification for and oversight of the use of TCNs and vulnerabilities is inadequate, so the risks cannot be properly assessed in the current legal frameworks. There is no regime for assessing the use of vulnerabilities including ‘zero days’.

We urge politicians to take a detailed and considered look at TCNs and the use of vulnerabilities, to ensure that the consequences of their use can be properly evaluated and challenged.

These will seem like narrow issues compared with Tuesday’s events. And that is true. The wider issue, however, is that we as a society do not react to these events by emulating our enemies, by treating all citizens as a threat, and gradually removing British values such as the rule of law, due process and personal privacy.


Related Items:

After the 'Facebook Files', the social media giant must be more transparent

Most people on Facebook have probably seen something they wish they hadn’t, whether it be violent pictures or racist comments.

How the social media giant decides what is and isn’t acceptable is often a mystery. Internal content guidelines, recently published in The Guardian, offer new insight into the mechanics of Facebook content moderation.

The slides show the rules can be arbitrary, but that shouldn’t be surprising. Social media platforms like Facebook and Twitter have been around for less than two decades, and there is little regulatory guidance from government regarding how they should police what people post.

This article is by Nicolas Suzor from Queensland University of Technology and was originally published on The Conversation. See the original article.

In fact, the company faces a significant challenge in trying to keep up with the volume of posted content and often conflicting demands from users, advertisers and civil society organisations.

It’s certainly cathartic to blame Facebook for its decisions, but the true challenge is to work out how we want our online social spaces to be governed.

Before we can have that conversation, we need to know much more about how platforms like Facebook make decisions in practice.

The secret work of policing the internet

Apparently weighing in at thousands of slides, the newly published guidelines give some more detail to the vague community standards Facebook shares with its users.

Most of the documents are training material for Facebook’s army of content moderators who are responsible for deciding what content should go.

Some of the distinctions seem odd, and some are downright offensive. According to the documents, direct threats of violence against Donald Trump will be removed (“someone shoot Trump”), but misogynistic instructions for harming women may not be (“to snap a bitch’s neck, make sure to apply all your pressure to the middle of her throat”).

The Guardian’s Facebook Files explainer video.

The rules appear to reflect the scars of legal and public relations battles Facebook and other social media platforms have fought over the last decade.

The blanket rule against images of nude children had to be changed after Facebook controversially banned the famous image of Kim Phuc fleeing napalm bombing during the Vietnam War. After years of controversy, a specific procedure now exists so people can request the removal of intimate images posted without their consent.

Because these rules develop over time, their complexity is not surprising. But this points to a bigger problem: without good data about how Facebook makes such decisions, we can’t have informed conversations about what type of content we’re comfortable with as a society.

The need for transparency

The core problem is that social media platforms like Facebook make most decisions about what constitutes acceptable speech behind closed doors. This makes it hard to have a genuine public debate about what people believe should be allowable to post online.

As the United Nations’ cultural organisation UNESCO has pointed out, there are real threats to freedom of expression when companies like Facebook have to play this role.

When governments make decisions about what content is allowed in the public domain, there are often court processes and avenues of appeal. When a social media platform makes such decisions, users are often left in the dark about why their content has been removed (or why their complaint has been ignored).

Challenging these decisions is often extremely difficult. Facebook allows users to appeal if their profile or page is removed, but it’s hard to appeal the moderation of a particular post.

OnlineCensorship.org provides guidance to users about how to appeal content moderation decisions.

To tackle the issue of offensive and violent content on the platform, Facebook says it will add 3,000 people to its community operations team, on top of its current 4,500.

“Keeping people on Facebook safe is the most important thing we do,” Monika Bickert, head of global policy management at Facebook, said in a statement. “We work hard to make Facebook as safe as possible while enabling free speech. This requires a lot of thought into detailed and often difficult questions, and getting it right is something we take very seriously”.

But without good data, there is no way to understand how well Facebook’s system is working overall – it is impossible to test its error rates or potential biases.

Civil society groups and projects including Ranking Digital Rights, Article 19 and the Electronic Frontier Foundation’s OnlineCensorship.org have been advocating for more transparency in these systems.

Facebook and other social media companies must start listening, and give the public real insight and input into how decisions are made.


Related Items:

Copyright for Australia that makes sense. That’s fair.

Volunteer Wikipedians in Australia are highlighting the need for the introduction of fair use in Australia. You can visit FairCopyrightOz to learn about how Wikipedia does, and Australia could, benefit from it.

Imagine a land in which everything was outlawed,
except for the things that were specifically allowed.
Our laws are based on principles rather than prescriptions.
Except for copyright. – Peter Martin

Have you ever done one or more of these?

  • Shared photos you didn’t take on social media?
  • Re-posted or create memes?
  • Backed-up your DVDs?
  • Forwarded an email?
  • Photographed graffiti or a mural?
  • Quoted from an article or book on your blog?

All these actions copy other people’s copyright material. In Australia, none of these common practices are allowed under copyright law without permission.

With this in mind, volunteer Wikipedians in Australia are highlighting the need for the introduction of fair use in Australia through a banner on the English Wikipedia. In doing so, they add their voices to six government reports since 1998 which have recommended introducing fair use to bring balance to copyright rules. You can visit FairCopyrightOz to learn about how Wikipedia does, and Australia could, benefit from fair use.

In Australia all copying requires permission unless you are only using an insubstantial part of a copyrighted work (which is typically very hard to judge), or the Copyright Act provides a specific exception. The most important exceptions, the fair dealing exceptions, cover research, study, criticism, review, parody, satire, reporting the news, and professional advice as long as the use is “fair”. Any use not for one of these purposes will be illegal, no matter how fair or reasonable it is, unless the government introduces a specific exception for it. This means Australian copyright law cannot keep pace with change, as every new technology or activity requires its own new exception. This takes time and a lot of advocacy. Using a VCR at home to tape television programs was illegal until the legislation was amended in 2006, over 30 years after their invention.

Fair use would fix this. The United States’ fair use law judges each instance on whether it is fair, guided by four fairness factors:

  • purpose and character of the use;
  • nature of the copyright material;
  • amount and substantiality of the part used; and
  • effect upon the potential market for, or value of, the copyright material.

In concentrating on what is fair, it adds flexibility to the law, allowing it to keep up with changes in technology and society. Any Wikipedian who has ever uploaded a fair use file will be familiar with the “fairness” test and the thorough analysis it requires.

Without fair use, Australian copyright law will always lag behind common practice. The lack of flexibility to allow socially beneficial uses—like non-commercial private uses or incidental and technical uses—greatly limits people’s ability to interact with their own culture. The difficulty, or often impossibility, of getting permission means that groups like schools, libraries, archives and technology companies are limited in what they can do, even when their activities aren’t harming copyright owners. It also means Australian schools end up paying millions of dollars each year to use publicly accessible online content on websites that you use at home for free. No one is asking to be paid for using these websites, and the money rarely makes it to the copyright owner. Just as importantly, the use is transformative and socially beneficial. But because the Act doesn’t say such uses are allowed, payment still has to be made.

Wikipedia is one place where Australians regularly notice the benefits of fair use. Around 10% of Wikipedia pages in English have some form of fair use content—that’s over 500,000 articles quoting from a book or an article; showing a company or sports team logo that contains an artistic work; including an audio-sample or album cover; or referencing a book or film title image.

Imagine reading the Wikipedia article on Australian Markus Zusak’s classic The Book Thief, without seeing its front cover, or reading about the classic song Land Down Under by Men At Work without hearing a short clip from it. That’s what Australians would have if Wikipedia’s users could not upload files under the principles of fair use. On the English Wikipedia, copyright rules are based on US fair use guidelines that support the values of the free culture movement. Australian users in Australia should have the benefit of the same principles.

Starting this week, banners will appear to Australians accessing English language Wikipedia articles over the next few weeks. It is rare for Wikipedia editors to place banners across articles. It is even rarer to draw attention to a legislative issue. Wikipedia prides itself on its neutral point of view, after all. However, in a discussion among Australian editors on whether to take action in support of the recent Productivity Commission report, two things became abundantly clear.

  1. Australian Wikipedians strongly felt that it was important to our mission of public education—that the general public should know that we, as volunteers, are already benefitting every day from fair use in Wikipedia articles. Consequently, Wikipedia’s readers do too.
  2. There are misconceptions about what fair use means in practice which we are in a position to dispel. Some Australian Wikipedians commented that they thought Fair Use already is Australian law, which goes to show just how far common practice differs from the law.

Allowing fair use images in Wikipedia is a matter of editorial policy determined by each language community. Wikipedia editors take great care to ensure that all content is free for other people to use in as many circumstances as possible. We want other people to improve and share Wikipedia’s educational resources far and wide. The inclusion of fair use material in Wikipedia reduces the ability for it to be re-used by those who live in countries without this exception. However, Wikipedians for the English-language Wikipedia have determined that the benefits of having these materials available outweigh the concerns that fair use might not be open enough.

The Australian Digital Alliance (ADA) and Electronic Frontiers Australia (EFA) have long championed fair use for Australia and were happy to help support Wikipedians in raising awareness of this issue. Parallel to the Wikipedia banner campaign, on Monday they launched faircopyright.org.au where citizens can learn more, and take action by writing to their member of Parliament—encouraging the government to accept the fair use recommendation made by the recent Productivity Commission Report and other enquiries. As Peter Martin has written in his article about this fair use campaign, this is a first for the Australian Wikipedia community. Wikipedians have also written a new article on the History of fair use proposals in Australia to help increase the level of verifiable and neutral information available to the public on this matter of public policy.

To learn more, visit FairCopyrightOz on Meta-Wiki, or visit the campaign site set up by the ADA/EFA: faircopyright.org.au.

This article is by Liam Wyatt, Wikimedia community member and Stephen LaPorte, Senior Legal Counsel, Wikimedia Foundation. It was originally published on Wikimedia's blog. See the original article.


Related Items:

Data retention has always been about a lot more than 'national security'

Attorney-General George Brandis told us in ­November 2014 the data retention regime ­“applies only to the most ­serious crime, to terrorism, to international and transnational organised crime, to paedophilia, where the use of metadata has been particularly useful as an investigative tool, … only to crime and only to the highest levels of crime”.

The mandatory data retention legislation was duly rushed through the parliament in March 2015 at a time of “heightened national security concern”.

Remember all those flags?

Image: Alex Ellinghausen

But the claim that it was all about national security and child predators, was, of course, far from the complete truth. Telecommunications data — more commonly, metadata — is also extremely useful in identifying the source of government leaks and for tracking down whistleblowers.

It’s been regularly accessed for this purpose, including by ASIO, and it was just such an attempt to identify the source of a leak to the press that got the Australian Federal Police into such dramatic trouble last week.

So, let’s be clear, data retention is, and has always been, about a whole lot more than identifying jihadists and child predators.

It was only last-minute pressure from the journalists’ union — the MEAA — and a number of news organisations that resulted in the addition of a requirement for any access to the retained data of a journalist to require a warrant.

At the time much was said about the critical role of journalists in the democratic purpose, including from then-communications minister (and one-time journo himself) Malcolm Turnbull, who explained, “the work journalists do is just as important in our democracy as the work that we do as legislators”.

Yet, curiously, politicians were not given the same level of protection (it’s pretty clear most of them are yet to realise this). Nor were lawyers, doctors or counsellors. Or, for that matter, the rest of us mere citizens and residents of Australia.

As Friday’s mea culpa from the AFP demonstrates, the practical ­reality is that it’s impossible to provide special protection to any subset of the population in the context of an indiscriminate data retention scheme.

In defending his decision not to take any action against the officers who illegally accessed the phone records of an as-yet-unidentified journalist, AFP Commissioner Andrew Colvin said they “did not realise they were required to obtain a warrant to access the journalist’s metadata … There was no ill will or malice or bad intent by the officers involved who breached the Act. But simply it was a mistake”.

This suggestion the “investigating officers” were unaware of the requirement for a warrant is ludicrous. First, this requirement has existed for 18 months (since October 2015). Second, these are “Professional Standards” ­officers (or what is known as Internal Affairs in TV land). They’re the cops who investigate the cops. Presumably, they’re supposed to know the rules better than anyone. And we know the AFP conducted training because Freedom of Information requests by The Guardian have produced the slides.

All the officers had to ­remember were the words “journalist” and “warrant”.

But even if it were inadvertent it is a clear demonstration of just how ineffective it is having an extra level of protection for one subset of society.

And it is a very long-established principle in criminal law that ignorance of the law is no defence.

It’s also worth noting there are a number of criminal sanctions defined in the data retention legislation that carry a two-year jail term, including the disclosure of “the existence or non-existence of such a warrant”.

I see no reason why the same penalty shouldn’t also apply to unauthorised access to this data.

The telcos/ISPs that receive these data access requests have no way of knowing which of their customers are journalists. So they’ll dutifully process them as they would the other 99 per cent of requests that don’t require a warrant.

The only way to achieve meaningful protection from malicious or inadvertent access to this data is to introduce a warrant requirement for ALL requests for access to data.

But critics will argue that “would make law enforcement grind to a halt”. Would it? Really? Most EU countries already require some form of independent authorisation for access to telecommunications data.

It’s clear that law enforcement in this country has grown used to using telecommunications data in almost all investigations for the simple reason that it’s been available to them without any meaningful controls, ­regardless of whether it’s useful or not. It’s time that we introduced some meaningful controls.

The only effective protection for anyone is protection for everyone.

The government must therefore legislate to extend the warrant ­requirement for access to retained telecommunications data to the ­entire population without delay.

This opinion piece by EFA' Executive Officer Jon Lawrence was originally published as "National security? Data laws misused to spy" in The Daily Telegraph on Thursday 4th May 2017.


If you agree that warrants should be required for all access to retained telecommunications data ('metadata') then please sign our petition.
Related Items:

Data retention: universal warrant requirement is only effective protection

Last week’s revelation by the Australian Federal Police that they illegally accessed the retained telecommunications data (‘metadata’) of a journalist without first obtaining a warrant demonstrates the complete lack of effective protection provided by the current legislation.

AFP Commissioner Andrew Colvin asserted that ‘the police officers investigating the leak did not realise they were required to obtain a warrant to access the journalist's metadata.’ The requirement to obtain a warrant to access the data of journalists came into effect on 13th October 2015. It is therefore inexcusable for the officers involved to be unaware of this requirement. In addition, of course, ignorance of the law is no defence.

As journalist Paul Farrell told ABC’s The Drum, this incident is “a systemic, structural failure of the AFP’s internal policies and the law”.

EFA has warned in the past that a warrant requirement limited to one group provides no effective protection whatsoever in the context of an indiscriminate, society-wide mandatory data retention scheme.

EFA Executive Officer Jon Lawrence said, “A whole range of relationships are no less deserving of independent protection than are journalist’s communications with their sources, including lawyers and their clients, doctors and their patients, and any other relationship where privacy is critical. The only effective means to achieve such protection is to have a universal warrant requirement for access to retained telecommunications data.

“Without a universal warrant requirement we will continue to see instances of unauthorised access to data, regardless of whether such access is inadvertent or malicious.

“A majority of European Union member states have some form of independent, judicial authorisation required for access to telecommunications data. Such arrangements are therefore clearly workable and Australians are no less deserving of the same protection.”

EFA therefore calls for the immediate introduction of a universal warrant requirement for all access to retained telecommunications data.

Support this campaign, by:


Related Items:

Government says NO to expanding data retention to civil cases

Just before Easter, the government announced that it will not be expanding access to telecommunications data ('metadata') to civil litigants.

This is an important victory.

Had the government allowed even a limited expansion of access, it would almost certainly have been just the first of a number of such expansions.

It's also heartening to see that, despite running over the Christmas-New Year period, the government's consultation received 262 submissions, including 217 from individuals.

All but "a small number" of these submissions were opposed to any expansion in access.

This is a significant number of submissions to a consultation that was clearly intended to slip under the radar. We hope that the guidance we published helped some of those people with their submissions.

You can read here the report of this review that was tabled in parliament.

But, the fight against warrantless mass surveillance is far from over.

There is nothing to stop this or any future government deciding to give civil litigants access to data that is only retained for the purposes of the data retention scheme in the future.

Any such expansion could open up whole new troves of data for all sorts of civil actions including copyright enforcement cases, divorce/property settlements and employment disputes.

We're lobbying federal MPs and Senators to bring forward the review of the data retention legislation - it's currently due to be commenced in April 2019. As part of that, we're also pushing for:

  • a universal warrant requirement for access to data (currently warrants are only required when a journalist's data is requested);
  • no expansion in the restricted list of 22 agencies that are currently able to request data; and,
  • a reduction in the retention period for data from the current two years to no more than six months.
Like our work? We need your support

We rely on donations and membership subscriptions to continue our work. Effective lobbying requires travel and Canberra gets pretty expensive to get to and stay in when parliament is sitting.

Your support will help us continue our work on data retention and other digital rights issues.

If you can, please contribute today with:

Or, get actively involved:


Related Items:

Get a VPN today!

From today, 13th April 2017, all Australian telecommunication providers are now required to collect a whole range of your telecommunications data ('metadata') and retain it for two full years, so that it can be requested by government agencies.

This data includes information about your phone usage (including texts and your location) and about your Internet connection. This information allows very detailed conclusions to be made about many aspects of your life and there are almost no protections against investigative "fishing expeditions" or systemic abuse of power.

With the exception of journalists' data, no warrants are required for access to this data, and there is little effective oversight. The data retention scheme therefore represents a genuine threat to the privacy of all Australians.

That’s why we’re supporting today as a national day of action – we’re calling on Australians to educate themselves about the scale of this surveillance and take appropriate precautions.

So, we're declaring today, Thursday 13 April as 'National Get A VPN Day'.
1. What is a VPN and why do I need one?

A Virtual Private Network (VPN) is an online service that creates an encrypted 'tunnel' from your computer to a remote Internet gateway, which will often be in a different country. The encryption means that your Internet Service Provider (ISP) will not know which sites you are visiting - they will only see that you are communicating with a single address, that of your VPN.

Image: RapidVPN

Let's say you're active with an environmental group that the government is interested in, and the government has obtained access to the list of addresses that have visited that group's website. If you're using a VPN, they will not be able to identify you as having visited that site as they'll only have the address of the external gateway of your VPN.

Simply put, using a VPN breaks the identifying links between your computer and the websites you visit, thereby protecting you from government surveillance.

Because they encrypt your traffic, VPNs also provide protection from eavesdropping. If your traffic is ever directly intercepted, the encryption means it will be unreadable. This is particularly important if you're using a public wi-fi service.

For more information, here are good overviews from LifeHacker and from Wired.

2: Which VPN should I choose?

Different VPN services vary significantly in terms of quality, and particularly in terms of how much privacy protection they include.

For a better understanding of how VPNs can (and sometimes can’t) be trusted to protect your anonymity, see this article from Brian Krebs.

Some things to think about include:

  • What data does the VPN record? Is the VPN retaining web logs? Does the VPN know your IP address and the times that you connect to their servers? Also, what kind of advertising data does the VPN service store and does it hand that data over to third parties?
  • How long does the VPN store data? Nearly all VPNs will store some data in order to troubleshoot network issues. However, the duration of that storage plays a key role in terms of the privacy protection afforded to users. After all, if the data has been deleted, then it cannot be accessed by a third party. Ideally, a VPN should be wiping user data within hours of it being recorded. If a VPN is storing data for anything more than a few days then beware.
  • Read the privacy policy carefully. If you don't find the answers to your questions in their privacy policy then ask them directly, or steer clear.
  • What country are they based in? For example, you may want to avoid services based in Australia, UK, US, New Zealand or Canada (the so-called 'Five Eyes' countries, which have comprehensive intelligence-sharing arrangements in place). You may also want to avoid services based in countries with authoritarian governments.
  • What payment methods do they support? Using BitCoin &or other digital currencies will provide you with an extra layer of anonymity

Here are some good reviews and guides that will help you find the right VPN provider for you:

Or, you can, if you're technically-minded, roll-your-own. Here’s a handy guide for creating your own VPN service from Crypto Australia.

3: Help spread the word - tell your friends to #GetaVPN

Once you've got yourself sorted, don't forget about your friends, family and work colleagues.

  • Send them a link to this page
  • Retweet our link on Twitter, using the #GetaVPN hashtag
  • Share our Facebook post
  • Write to your local newspaper - letters to the editor can be an effective way to highlight an issue. See the contact section on your chosen media outlet. Keep it short and to the point.
4: Tell your MP and Senators what you think of mandatory data retention

We've been lobbying MPs and Senators over the last few years about the dangers of mandatory data retention, but adding your voice will help us to achieve the review of this legislation that we're seeking.

See our guidance on lobbying parliamentarians for ideas on how to be most effective, and for links to find your local MP and Senators from your state.

You may want to mention the following points when you contact them:

  • All access to this data should require a warrant - not just for journalists' data. A majority of European Union countries require some form of independent, judicial authorisation for access to this sort of data, so there's no reason why Australians shouldn't enjoy the same protection.
  • It's important that additional agencies aren't added to the list that are allowed access to this data. The one good part of the data retention legislation is that it reduced the number of agencies able to access this data from literally hundreds to less than two dozen (Police and anti-corruption bodies mainly).
  • The two year retention period is unjustifiably long and must be reduced to at most six months.

You can see which MPs and Senators voted for and against mandatory data retention on the excellent They Vote For You site.

You can also see which MPs and Senators voted for and against a universal warrant requirement for access to this data.

Related Items:

Bytes & Rights 2017 - Perth

The Bytes and Rights 2017 conference is being held as part of the Festival of the Web, an 8-day series of international conferences in early April in Perth.

See the full program of Festival of the Web events.

Bytes and Rights is a conference focused on the many issues around how society responds to changing technology, especially technology related to the Internet.

We will discuss legal, policy, regulatory and social responses to issues such as human rights, intellectual property enforcement, security and harassment. We aim to bring together experts including academics, lawyers, commercial practitioners, technologists, and civil society groups in a open dialog that cuts across specific disciplines.


Monday 3rd & Tuesday 4th April 2017


A variety of passes are available for just Bytes & Rights, or the entire Festival of the Web.

Please visit our registration page for more details and to register.

Related Items: