Elise Thomas, The Guardian:
Nathan Hague, a 46-year-old software developer, was detained apparently at random for 90 minutes while the officers took his phone and password-protected laptop into a back room.
Hague said the officers refused to tell him what would be done with his devices, why they were being inspected or whether his digital data was being copied and stored.
“I don’t have anything to hide, but I value my privacy,” Hague said. “So I asked them, if you’re OK to do the bomb inspection in front of me, you’re OK to go through my bags in front of me, why do you have to take my devices out of my sight? What are you going to do with them?”
Professor Katina Michael, of the University of Wollongong’s school of computing and information technology, said the ABF’s electronic search powers were “highly invasive”.
“If sensitive information is leaked, say in the case of a lawyer or doctor who is travelling across regions, then there are major concerns for privacy.”
Greens senator Jordon Steele-John said overreach on data collection is “happening all the time.”
Under new legislation, proposed last week, the ABF would be given additional search powers and the penalties for individuals refusing to provide access to the ABF to evidence held in a device – for example, refusing to share their password to unlock a device – would be up to five years’ imprisonment, or 10 for serious offences.
An exposure draft of the bill revealed the obligation to assist police and other agencies in unlocking devices, including by de-encrypting data, would extend to tech giants such as Facebook, Apple and Google.
Steele-John and other privacy advocates have raised concerns over the new legislation.
“The scope and overreach of the new Border Force powers is terrifying, and has much broader consequences and implications than just individual privacy, in the context of this incident which occurred at Sydney airport.”
…that advice is of little comfort to Hague, who said the actions of the ABF officers had put his business in breach of Europe’s tough new GDPR data privacy laws and he would now need to give privacy breach notifications to his clients.
“I’m getting messages from fellow business owners that they’re re-thinking their choice to come to Australia to do business over here, they’d rather just do it remotely. They expect that in America, but they don’t expect that behaviour here in Australia.”