Yesterday afternoon the Australian Senate passed the Cybercrime Legislation Amendment Bill 2011 following amendments suggested by the Labor Party.
It’s been more than a year since the bill was first introduced to the lower house and in that time it’s faced opposition both inside and outside parliament.
The purpose of the bill is to align Australia with the Council of Europe Convention on Cybercrime, to which 34 other countries – including the US, Germany and most European nations – are already signatories.
Special effects
The bill effects changes in the Telecommunications Act 1997 and Telecommunications (Interception and Access) Act 1979 and will force carriers and internet service providers (ISPs) to preserve stored communications, when requested by certain domestic authorities (such as the Australian Federal Police), or when requested by those authorities acting on behalf of nominated foreign countries.
This means a warrant will be needed before the police or security agencies can force carriers or ISPs to monitor, capture and store website use, data transmissions, voice and multimedia calls, and all other forms of communication over the digital network.
But, as mentioned, the introduction of this bill has attracted significant criticism.
Writing for Crikey in August 2011, Bernard Keane highlighted a number of concerns about the bill, including the fact there are no restrictions on the use of information requested by foreign countries. A foreign country could call upon Australia to assist in an investigation that may lead to the death penalty.
Criticism also came from non-profit online rights organisation Electronic Frontiers Australia (EFA). In its submission last year to the Federal Government’s Joint Select Committee on Cyber-safety Inquiry (which made recommendations that led to amendments to the bill) the EFA wrote:
EFA is very concerned with amendments to the computer crime offences in the Criminal Code, and believe these parts of the current legislation are both deeply problematic, and unnecessary for adherence to the Convention.
EFA is concerned that some aspects of this legislation can potentially enable arbitrary interference with privacy and correspondence. We believe it should treated with great caution.
But worse, we believe the Criminal Code changes would apply serious criminal penalties, up to ten years' imprisonment, on a very broad range of actions, well beyond what is required for the Convention, and for this reason the legislation should be rejected in its current form.
Toeing the line
So why did the government, with opposition support, proceed with the bill in the face of criticism by industry and civil liberties advocates such as EFA?
It could be argued that the Cybercrime Legislation Amendment Bill 2011 is a much-needed update of existing legislation and that it brings Australia in line with Europe. And there’s no doubt that the digital network is being used ever increasingly for crime, espionage and terrorism.
Indeed, following the passing of the Bill, Attorney-General Nicola Roxon stated:
This is good news for fighting crime, and will help make it easier for police to track down cybercriminals around the world.
This will help combat criminal offences relating to forgery, fraud, child pornography and infringement of copyright and intellectual property.
Where we’re at
The introduction of the new bill comes at an interesting time. On August 10 Nicola Roxon decided to defer plans to increase web surveillance – a plan which would have affected all Australians by introducing a two-year data-retention plan for ISPs.
In essence, if that plan ever comes to fruition, everything you do online – every keystroke, website visited, video watched – would be monitored and stored for two years.
Unanswered questions
So the bill’s been passed. But the underlying issues remain, and do nothing to address the following critical questions:
- What is the government doing to build a more secure network?
- What is it doing to develop best-practice guides for individuals and companies operating on the network?
- Should Australia really be implementing laws that allow foreign governments to access its information?
- Will Australian carriers and ISPs now be required to hand over to the US everything that exists on the network, including private personal information for people such as Julian Assange of Wikileaks?
- What about emails and phone calls that Julian Assange makes to his parents and family in Australia from the Ecuadorian embassy in London?
The Australian government needs to step back and look at how to address some of the concerns being voiced within Australia.
The Cybercrime Legislation Amendment Bill 2011 will assist law enforcement agencies but failure to address the underlying problems that exist with technology used in the network will mean law enforcement will simply be treading water.
The bill will now return to the lower house for approval and will likely become law before the end of 2012.
Further reading
- Why is Anonymous hacking Australia? – Mark Gregory, The Conversation
- Anonymous' Operation Australia – can the federal police stop them? – Mark Gregory, The Conversation
- We’re watching you: why the government should focus on cybersecurity, not surveillance – Mark Gregory, The Conversation
- And softly went our privacy into the night – Bernard Keane, Crikey
R_Chirgwin
logged in via Twitter
Mark,
A detail. The legislation does not demand a warrant for the data collection. It allows an issuing agency to request the retention (Section 107H). However, law enforcement will need to obtain a warrant to view the collected data.
tqft
logged in via Twitter
I find it hard to believe that this data isn't being accessed already when the security agencies want to. "Echelon" anyone? I see this as more making what they already can do more legal, easier and shifting the cost to the spied upon (us).
"This will help combat criminal offences relating to forgery, fraud, child pornography and infringement of copyright and intellectual property."
Read moreHow? Really? What evidence is there that this level of detail will actually help? And of course no-one will…
Anthony Nolan
Ruminant
According to US Senate Leader Bill Frist speaking on the US ratification of this convention on cyber crime:
"...law enforcement authorities must be granted the power to compel an Internet Service Provider to monitor a person's activities online in real time. Finally, the Convention requires signatory states to provide international cooperation to the widest extent possible for investigations and proceedings concerning criminal offenses related to computer systems and data, or for the collection of evidence in electronic form of a criminal offense."
Note the last phrase "or for the collection of evidence in electronic form of a criminal offense."
(Source: wikepedia http://en.wikipedia.org/wiki/Convention_on_Cybercrime)
According to Keane over at Crikey the convention applies to crimes of terror and acts political dissent. So, what the bill means to me is that today's dissident is tomorrow's criminal. Watch out.
Mark A Gregory
Senior Lecturer in Electrical and Computer Engineering at RMIT University
Hi Anthony, your comment is very valid and demonstrates the difficult position Australia could find itself in moving forward. I do hope that the government can step back and look at the network from a number of angles and identify a better way forward. Regards, Mark
Ian Donald Lowe
Seeker of Truth
I guess I should go back to using my slave name then?
Just call me Winston, or Mr. Smith if you prefer.
Considering my online activity in recent times, I would be called a dissident and political activist. But then again, I'm also a pacifist and a humanist and my main message now is PEACE.
When I was a young man, these were vallid choices and it was considered the moral duty of every citizen to question every action of the state. Global government has no room for such niceties, obviously. See you all in the re-education camp (if they let me live that long).
None of it matters. They stole my life from me when I was a small child, so I have nothing to lose.
Zvyozdochka
logged in via Twitter
Our security and policing services just want to play on their computers as substitute for connection building and old-fashioned intelligence work.
Why are we taking our security leads from everything the incompetent US does? We should be consulting the Israels who can disable an entire Iranian centrifuge operation with an emailed virus - apparently the attachment images had big tits!
Mark A. Lane
Independant IT Professional.
What about emails and phone calls that Julian Assange makes to his parents and family in Australia from the Ecuadorian embassy in London?
Apparently they will be encrypted ( via deniable encryption ) and embedded { one character per frame } of a randomly selected torrent seed of Underground [ http://www.matchboxpictures.com/press/underground-selected-for-the-toronto-international-film-festival/ ] ....;)
John Harland
bicycle technician
When democratic liberties are put aside to make the work of the police easier, do we have a democracy, or a police state?