Like many people around Australia, I found a "Postal Vote Application Form" recently through my letterbox in the lead-in to the 2016 Federal Election.

It took me a few minutes to realise that this was, in fact, a 'phishing' con of the sort that my internet provider filters out every day.  Except when I looked a bit deeper, I found that this one was, in fact, legal.

It enclosed a postal vote application form that that included a warning against electronic submission of the information direct to the AEC as 'the security of external systems cannot be assured' and that 'the AEC does not accept any liability for unauthorised interception of electronic communications associated with the use of this form'.

With all these warnings, clearly the best thing to do to avoid 'unauthorised interception' would be to use the reply paid envelope provided, right? Wrong!

There was no mention on the form, the covering letter, the outer envelope or the reply paid envelope that the reply paid envelope would be sent to a political party, not the AEC directly (unless you twigged that the reply paid address on the envelope is different from the reply paid address of the AEC).

If that isn't 'unauthorised interception', what is?

Would you accept this behaviour from any business, charity or government agency? I wouldn't. So I reported it (as apparently many have) to the AEC, who sent this response:

"Thank you for your email.

If you have received a postal vote application sent by a political party you do not have to use the application.
Electoral law allows for postal vote applications to be part of candidate and political party election campaign material.
As the law stands, political parties or candidates are able to send postal vote applications to you.
The AEC has no control over what political parties do with the personal information contained on your form before they forward it.
You can choose to return the form directly to the AEC.

(name) | Public Enquiries Officer
2016 Federal Election Contact Centre
Australian Electoral Commission"

In other words, they don't have the tools to stop this. 

But we do. We can create the groundswell to say that the voters of Australia do not accept this and want to see the laws tightened.

The problem comes from very broad exemptions for political parties, their contractors and volunteers from the provisions of the Privacy Act under section 41.7. This is not about stopping the legitimate freedom of communication necessary for a democracy.  It's about stopping data phishing and ensuring our political parties adhere to the same standards we expect of any other legitimate organisation in Australia.

If political parties are sending out any forms, they need to be clear and explicit on the cover letter, the form and the envelope(s) where it is going, what purposes your data will be used for and what level of security will be given to protect your data.

Let's change the law to give the AEC and the Privacy Commissioner (now the Australian Information Commissioner) the tools to stop this.  Please sign if you agree.