Boing Boing reports
The exceptionally broad new surveillance bill lets the government do nearly unlimited warrantless mass surveillance, even of lawyer-client privileged communications, and bans warrant canaries, making it an offense to "disclose information about the existence or non-existence" of a warrant to spy on journalists.
Despite that move away from retaining communications metadata by the EU and continuing concerns in the US about the National Security Agency's bulk phone metadata spying program, the Australian government was able to push through the amendments implementing data retention thanks to the support of the main opposition party. Labor agreed to vote in favor of the Bill once a requirement to use special "journalist information warrants" was introduced for access to journalists' metadata, with a view to shielding their sources. No warrant is required for obtaining the metadata of other classes of users, not even privileged communications between lawyers and their clients. Even for journalists, the extra protection is weak, and the definition of what constitutes a journalist is rather narrow--bloggers and occasional writers are probably not covered.
Warrant canaries can't be used in this context either. Section 182A of the new law says that a person commits an offense if he or she discloses or uses information about "the existence or non-existence of such a [journalist information] warrant." The penalty upon conviction is two years imprisonment.
During the relatively quick passage of the amendments, the Australian government made the usual argument that metadata needs to be retained for long periods in order to fight terrorism and serious crime--even though the German experience is that, in practice, data retention does not help. Toward the end of the debate, when concerns about journalist sources were raised, one senior member of the Australian government adopted a more unusual approach to calming people's fears.
(Score: 1, Insightful) by Anonymous Coward on Tuesday April 07 2015, @02:31PM
There's only one solution: Make sure that when you get a gag order, you do not possess any useful information that you might hand over, or the ability to gain that information in any way. Then you don't need a warrant canary, since a gag order doesn't do any harm.
This especially means: Do not produce/ask for any information that you do not absolutely need. If your users store data on your site, make sure their data is encrypted, that only they possess the encryption key, and don't provide them with proprietary software to access their data; make all your access software FOSS, and use only open standards for encryption/communication, ideally standards where several independent implementations exist. Make the service you provide as little as possible reliant on your servers. Provide open source software for your servers, so that anyone can set up a replacement server should the need arise (or appear to arise). Make it easy for users to get their data out of your system, and to delete their data from your system.
(Score: 2) by Reziac on Tuesday April 07 2015, @06:37PM
What about storing any necessary data on a 3rd party site in some other country?
And there is no Alkibiades to come back and save us from ourselves.