The Surveillance State Is Here
Nation First warns that while nobody is reading your messages yet, a system that could, is already built, and Canberra is about to extend it.
Dear friend,
Australia has spent years building laws that reach into private messages, emails, and stored files, and most Australians were never properly told what was happening.
Surveillance powers have expanded steadily since 2018.
Current rules cover messaging, email and cloud storage.
Encrypted services are being pushed to detect content they cannot normally read.
Unelected regulators write much of the detail after Parliament has moved on.
The proposed Digital Duty of Care could drive far more monitoring and censorship.
Most Australians still believe a private message is private. They send something to the family group chat, email the accountant, upload a passport scan or medical document to the cloud, then carry on with the day.
Why wouldn’t they? We were raised to believe the government needed a proper reason, a warrant, and some evidence before it could intrude into private correspondence.
That old expectation is being hollowed out.
Over the past eight years, Australia has put together a legal system that can compel technology companies to assist authorities and pressure online services to inspect what Australians say, send, and store. There was no single announcement. No prime minister stood before the country and admitted that a mass surveillance structure was being assembled.
It came in pieces, which is how Canberra prefers to do these things. One law. Then a set of standards. Then another broad proposal. Each part wrapped in words that make disagreement sound indecent: national security, child protection, online safety.
Those causes matter. Child predators are monsters. Terrorists should be found and stopped. But the ugliness of those crimes does not give the state an unlimited right to build systems capable of watching everybody else.
That is where the public debate has been rigged from the beginning. The government names the worst people imaginable, asks for more power, and then looks sideways at anyone who wants to read the fine print.
The first big step came in 2018 with the Telecommunications and Other Legislation Amendment (Assistance and Access) Act, usually called TOLA. It was widely described around the world as the first law of its kind anywhere: no other nation had yet legislated to conscript technology companies against encryption. Australia was not following the world in surveillance. We were leading it.
TOLA gave police and intelligence agencies broad powers to demand help from technology companies. A company can be required to use a capability it already has. In some circumstances, it can also be ordered to build a new capability to help authorities access data.
That should make people stop and think. The government can direct a private company to create a technical ability that did not exist before.
The assistance order itself does not need prior approval from a judge. A separate warrant may still be required for the actual interception or surveillance, but the demand made of the company comes from the executive arm of government.
Australians are supposed to find comfort in a clause that says companies cannot be forced to create a “systemic weakness” in encryption. It sounds reassuring until you discover that lawyers, technology companies, and independent reviewers have spent years arguing over what those words mean.
A weakness affecting every user may be prohibited. A capability aimed at one person may still be allowed. That is a fairly thin safeguard for anyone who thought encryption meant outsiders could not get in.
The Independent National Security Legislation Monitor reviewed TOLA in 2020 and made 33 recommendations. One of the most important was that compulsory notice powers should be taken away from agency heads and ministers and handed to an independent authority.
No government has implemented it. Not the Liberals that passed the law, and not the Labor Party that criticised it from opposition.
Another parliamentary review came later. Concerns were recorded, reports were tabled, and the basic structure stayed exactly where it was.
This is the Canberra routine. Push through a surveillance law, promise safeguards, hold a review after the fact, and leave the power in place. The review becomes the proof that somebody was watching the watchers, even though very little changes.
Surveillance powers in Australia are examined far more often than they are surrendered.
The next expansion arrived through the online safety system.
Two industry standards were registered in June 2024 and came into force on 22 December that year. They cover messaging, chat, email, dating services, online games, websites, apps, and file storage.
“File storage” sounds harmless and technical. In ordinary life, it means the cloud account holding your family photos, passport scans, tax documents, medical records, business files, and legal papers. The things people once kept in a locked drawer or filing cabinet now sit inside services subject to proactive detection rules.
Higher-risk services are required to use systems and technology to detect known child sexual abuse material and pro-terror content. That material is vile. Nobody needs convincing of that.
The real fight is over the machinery built to find it.
Industry groups originally drafted codes that did not impose proactive detection requirements on private messaging and storage services. The eSafety Commissioner, an unelected federal regulator, rejected those drafts, declaring that detection requirements were “non-negotiable,” wrote stronger standards, and imposed them. Her office proudly calls the regime “world-first.” There it is again. Other governments are copying us.
Parliament had already handed over the power. Neither house cast an affirmative vote approving the final standards. They became binding because Parliament did not disallow them.
That is not a minor procedural quirk. It tells you how this system works.
Politicians pass a broad law, pose for the announcement, and assure the public that everyone is safer. The detailed obligations are written later by a regulator. Most voters never see them debated, never hear them explained, and never get a direct say through their elected representatives.
By the time anybody notices, the rules are already operating.
Encryption is where the whole thing becomes especially disturbing.
A genuine end-to-end encrypted service cannot read the messages passing through it. Only the sender and recipient can see them. That is the point of using encryption in the first place.
A service ordered to detect content that it cannot read faces an obvious problem.
One possible workaround is client-side scanning. The material is inspected on the user’s phone or computer before encryption takes place. The message may travel in encrypted form, but the inspection has already happened.
So your own device can become part of the screening system.
The phone in your pocket, the one you paid for and use for private conversations, can become the place where those conversations are checked before they are protected. People should be furious about that possibility, because it turns a personal device into a checkpoint sitting inside your own home.
Digital rights groups and security researchers warned about this in 2023. They raised the risk of false positives, fresh security holes, abuse by criminals or foreign governments, and the ease with which a system built to search for one kind of material can later be told to search for something else. Building the scanning system is the difficult part. Once it exists, expanding the list of things it looks for may only require a change in law, policy, or regulatory instruction.
The eSafety Commissioner’s own position statement had already discussed scanning before encryption.
Officials keep saying the standards do not require companies to break encryption. That line avoids the practical issue. A company cannot inspect content it cannot read. If the law still expects detection, the pressure moves somewhere else, most likely to the device before encryption does its job.
The government can insist encryption remains untouched. Australians should look at what is being built around it.
Now the government is preparing a broader Digital Duty of Care, and this one is on a timetable.
An independent review of the Online Safety Act recommended it. In April this year, the government responded, committing to implement or further consider 64 of the review’s 67 recommendations. A design paper followed in May. Draft legislation is expected before the end of the year, with penalties for serious breaches reported at up to $100 million.
The proposal would require online services to identify, assess, and reduce risks of harm before harm occurs. The wording is soft and reassuring. It sounds like something drawn from a workplace safety manual.
Applied to online speech and private communication, it becomes something else entirely.
“Harm” can stretch a very long way. Give the term a broad definition, add nine-figure penalties, and tell companies they must prevent problems before they happen. The corporate response is predictable. Platforms will monitor more closely, remove more material, and take fewer risks with controversial speech.
No board wants to be dragged before a regulator. No company lawyer will recommend leaving something online when deletion is the safer legal option.
So material disappears early. Accounts get restricted. Private communications face more scrutiny. Anything that might upset a regulator becomes a commercial risk.
A minister does not need to order the censorship of a particular opinion. The law creates incentives, and companies do the dirty work themselves.
A factory can meet a safety duty by putting a guard over a machine. An online platform carries messages, videos, documents, political arguments, and private conversations. Its available tools are monitoring, filtering, restricting, and deleting.
The language of “duty of care” gives this a friendly face. It should not fool anyone. And here is a detail worth filing away: the government’s own consultation material promised that public input would help ensure the framework “protects freedom of expression.” Governments do not promise to protect things that their schemes do not threaten. That sentence is an admission, in Canberra’s own words, that free speech is on the table.
The proposed duty would also rely heavily on mandatory codes written beneath the main legislation. Parliament may debate the headline Bill, but many of the rules governing what Australians can say, send, and store could be filled in later by the regulator.
We have already watched that happen with the scanning standards.
Britain and the European Union are running the same play, and our government openly points to their systems as models, as though copying foreign surveillance schemes somehow makes them safe. But do not mistake the direction of traffic. On encryption powers and on compelled scanning standards, Australia got there first. The schemes now being cited back to us as international best practice were partly built on our example.
In July 2026, a majority of European Parliament members voting opposed an extension of the European Union’s so-called Chat Control arrangements. The vote was 314 to 276.
The extension survived because the procedure required 361 votes to block it.
More members voted against the measure than for it, and it still remained alive.
Keep that in mind when somebody tells you parliamentary procedure is all the safeguard Australians need.
The method is no longer difficult to recognise. Governments begin with crimes so revolting that few people are willing to question the response. Detection systems are built. Legal duties expand. Regulators receive more room to decide what the rules mean in practice.
A few years later, the extraordinary power is treated as normal administration. Anyone objecting is accused of being paranoid, even though every stage happened in public documents.
Supporters of this system say innocent people have nothing to fear. They mock the concern and point out that no public servant is sitting at a desk reading every family group chat.
That is a dishonest caricature of the argument.
The danger is the legal and technical capacity being created. Once a system can inspect private communications across a large population, every future government inherits it, and the people controlling it later may have different enemies, broader definitions, and far less patience for dissent. Crises arrive, public fear spikes, and laws are rewritten in a hurry. A category that looks narrow today can be widened after the next terrorist attack, health emergency, scandal, or political panic.
Anyone who has spent time watching Canberra knows what happens to government power. It accumulates. It finds new uses. It rarely comes back.
The crimes used to justify mass scanning are horrific. The people committing them should be found, prosecuted, and jailed. Police should have strong powers to investigate genuine suspects.
Millions of innocent Australians should not be treated as data waiting to be searched.
Australia Post carries evidence of crime every day, yet police do not steam open every letter moving through the country in the hope of finding something illegal. They investigate suspects, gather evidence, and obtain warrants.
That is how the presumption of innocence is supposed to work.
Digital communication deserves the same protection. Computers make mass inspection easier, but ease does not make it acceptable.
Privacy is not a luxury for crooks and people with dark secrets. Ordinary Australians need it to talk about their health, marriages, children, legal troubles, money problems, politics, faith, and the private mess that comes with being human.
People change how they speak when they think someone may be listening. They become cautious. They leave things unsaid. Some stop speaking honestly altogether.
That damage begins long before anybody is arrested.
Encryption protects private conversations. It also protects bank details, commercial information, legal advice, and sensitive government records. Any scanning system or weakness built for official use becomes a target for criminals, hackers, and hostile states.
They will not care that the law was passed with good intentions.
Australians can demand ruthless action against predators and terrorists without handing the privacy of the whole population to governments, regulators, and technology companies. A competent government should be able to target criminals without turning every phone and cloud account into part of a national screening network.
The government will keep repeating words such as safety, care, and responsibility. Read the laws sitting underneath those words.
Watch the Digital Duty of Care. Pay attention to the regulations and mandatory codes. Contact federal MPs and senators before the Bill lands, because once it passes, the details will be written where you cannot see them.
Private communication should remain private unless a proper warrant says otherwise. That was once an ordinary Australian expectation.
It should never have become something we need to fight for.
Until next time, God bless you, your family and nation.
Take care,
George Christensen
George Christensen is a former Australian politician, a Christian, freedom lover, conservative, blogger, podcaster, journalist and theologian. He has been feted by the Epoch Times as a “champion of human rights” and his writings have been praised by Infowars’ Alex Jones as “excellent and informative”.
George believes Nation First will be an essential part of the ongoing fight for freedom:
“The time is now for every proud patriot to step to the fore and fight for our freedom, sovereignty and way of life. Information is a key tool in any battle and the Nation First newsletter will be a valuable tool in the battle for the future of the West.”
— George Christensen.
Find more about George at his www.georgechristensen.com.au website.
NOTE: Due to the large volume of emails I receive, it is not possible to email me and ask to be unsubscribed from this newsletter. You must do it yourself by following the simple processes listed below:






