The below submission was written by EFA chair John Pane.
EFA is significantly concerned by the rapid speed under which consultation on proposed doxxing laws is being conducted.
Doxxing has been a live issue well prior to the advent of Web 1.0 and 2.0, including the social media revolution starting in the early 2000s. This consultation is, to our mind, a knee jerk reaction by the government in response to, what we can reasonably infer, may be a vocal minority seeking to stifle and make lopsided public debate on the Israeli military action in Palestine. The problem of doxxing is broader, deeper, and more nuanced than it appears through this over simplified and reductionist lens.
The government is allowing a little over 2 weeks to collect feedback from Australian businesses, agencies, civil society organisations, academia and ordinary members of the public. Doxxing is an issue that is significant, complex and requires careful weighing, calibration, and consideration of a wide range of matters, some of which are conflicting. The implications of getting this law wrong are enormous.
EFA’s primary and overarching recommendations.
- Entask the Australian Law Reform Commission (“ALRC”) to lead a comprehensive review into doxxing. This would build upon work done in the ALRC Serious Invasions of Privacy in the Digital Era Report (ALRC Report 123), published in 2014 and made more contemporaneous from a technology, risk and harm perspective. Much has changed since 2014.
- Provide at least 3 months for full public consultation by the ALRC including townhall or roundtable style meetings.
- Provide a further 9 months for the ALRC to conduct its analysis, undertake further clarifying round tables and town halls and provide the final report to the Government.
EFA cautiously backs expanding privacy laws to tackle doxxing.
Like defamation law, EFA holds strong concerns as to the availability of a remedy for doxxing under the proposed privacy tort as access to this type of legal remedy is often the exclusive domain of well funded and resourced, high net wealth individuals. It would be difficult for the average Australian, let alone a disadvantaged Australian, to access this legal remedy.
No proposed changes to Privacy Act
Historically the Privacy Act 1988 (Cth) was designed to regulate the processing of personal information by Commonwealth agencies, ACT Government agencies and private sector organisations subject to a series of exceptions.
Arguably doxxing, if done by an APP entity, may constitute a potential breach of Australian Privacy Principle (‘APP’) as an unauthorised use or disclosure of personal information by that APP Entity. This breach and potential offence however lacks specificity and particularity, making enforcement difficult. In addition, and certainly more critically, an individual who engages in doxxing in connection with their own personal, domestic or household affairs would be specifically exempted from the application of the Privacy Act by virtue of Section 16 of the Privacy Act.
Amend the Criminal Code Act 1995 (Cth)
Under Section 474.17 of the Criminal Code 1995 (Cth) (“the Code”), a person commits an offence if they use a carriage service in a way that reasonable persons would regard as being, in all the circumstances, menacing, harassing or offensive.
Arguably, some but not all types of doxxing could be shoehorned into this provision but not without some difficulty, for example. “swatting”. Swatting is a criminal harassment act of deceiving an emergency service into sending a police or emergency service response team to another person’s address. To illustrate the point further , s474.17 also requires modification to deal with ‘deep fake’ and related AI imagery (which is often pornographic) and which are now being used to harass, intimidate, demean, and ridicule people — in particular women, who are frequently the target of this type of criminal behaviour. EFA therefore does not fully support continued reliance upon Section 474.17(1) as a remedy for doxxing as it does not cover all of the different forms of doxxing and related risks and harms that might arise.
A person’s reasonable expectation of privacy ought to be enjoyed by an individual beyond the current confines of the Privacy Act and Australian common law.
EFA believes it is possible that s474.17 of the Criminal Code may be used to deal with a doxxing complaint in certain, limited circumstances only. The better view, and one that both reflects current technological capabilities and online behaviours, is to introduce a new provision in the Criminal Code, rooted in s474 but standing alone from s474.17 and designed specifically for doxxing and other associated on-line harms mentioned in this submission.
To read Electronic Frontiers Australia’s doxxing submission in full (and all other submissions) head here.
(Image credit: Unsplash)