Unlimited government and police control of the internet? There’s no filter for that

A Pandora’s box may have been opened, without a clear idea of how best to proceed. smithi1

Unlimited government and police control of the internet? There’s no filter for that

A Pandora’s box may have been opened, without a clear idea of how best to proceed. smithi1

Good news. A decision made earlier this month by Australia’s Minister for Broadband, Communications and the Digital Economy Senator Stephen Conroy may have inadvertently opened the door for unlimited government and police control of the internet.

On November 9, Senator Stephen Conroy said:

Australia’s largest ISPs [internet service providers] have been issued with notices [by the Australian Federal Police] requiring them to block illegal [child pornography] sites in accordance with their obligations under the Telecommunications Act 1997.

Conroy’s decision to scrap a much publicised internet filter, a commitment made by Labor ahead of the 2007 election, was seen by many as a victory for common sense and by others as a missed opportunity to crack down on criminal activity in cyberspace.

But an unexpected result appears to be unlimited government and police control of the internet.

To understand how this has happened we need to look at Section 313 of the Telecommunications Act 1997 and how it can be used to compel carriers and ISPs to implement just about anything, including internet filters.

Section 313 explained

Section 313, with seven subsections, covers the obligations of carriers and carriage service providers. The first two subsections are:

(1) A carrier or carriage service provider must, in connection with:

(a) the operation by the carrier or provider of telecommunications networks or facilities; or

(b) the supply by the carrier or provider of carriage services;

do the carrier’s best or the provider’s best to prevent telecommunications networks and facilities from being used in, or in relation to, the commission of offences against the laws of the Commonwealth or of the States and Territories.

(2) A carriage service intermediary must do the intermediary’s best to prevent telecommunications networks and facilities from being used in, or in relation to, the commission of offences against the laws of the Commonwealth or of the States and Territories.

The government’s announcement on November 9 appears to indicate an interpretation of Section 313 that subsection (1) and (2) stand alone and provide broader powers than may be understood if all of the subsections were read together.

This interpretation was challenged on November 9 by Simon Breheny from the Institute of Public Affairs who stated:

The use of an obscure provision of the legislation raises serious legal issues – it is highly doubtful whether the law can be used to compel ISPs to block websites at the Minister’s behest.

If the Minister always had the power to impose an internet filter without the need for new legislation section 313 would have been used from the beginning.

Surely, the questions highlighted below now need to be addressed:

1) Why has it taken the AFP so long to act?

The Australian Federal Police (AFP) is responsible for enforcing Commonwealth criminal law.

The Telecommunications Act 1997 has been around for 15 years so why has it taken the AFP – an organisation with access to the best lawyers in Australia – this long to “discover” that Section 313 of the Telecommunications Act 1997 can be used to compel carriers, carriage service providers and ISPs to implement internet filters to block webpages listed on the Interpol’s “worst of” list.

By finally using Section 313 of the Telecommunications Act 1997 the AFP has “crossed the Rubicon” - the point of no return.

2) Will the AFP only act when told to do so by a minister?

Commissioner Tony Negus, the head of the AFP, needs to publicly clarify whether the AFP intends to use Section 313 in the fight against internet-based organised crime and, if not, why not.

Will the AFP only act when a minister tells the AFP to do so?

3) Will the AFP cherry-pick the crimes it tackles online?

Is the AFP going to judiciously select which crimes should be tackled using Section 313?

Australians are being hammered daily by organised criminals who use the internet to carry out an ever-expanding list of sophisticated crimes such as scams which target individuals and businesses.

On September 6, Norton’s cybercrime report 2012 suggested that, over the past 12 months, cybercrime cost Australians A$1.65 billion and that more than 5.4 million Australians have been affected by cybercrime in the past year.

Australians expect the AFP to use every reasonable tool at its disposal to fight cybercrime and to enforce all duly passed criminal laws.

Will the AFP now use Section 313 to block access to Apple’s iTunes and Google’s Android App Store because they are the repository for apps that steal personal information found on smart phones and tablets?

Will the AFP now use Section 313 to block internet access to and from China which is suspected of carrying out state-sponsored hacking of government, national institutions, national infrastructure, business and other organisations?

Lets remember that on March 24 this year, the government banned Huawei from tendering for the National Broadband Network on national security grounds.

Should Section 313 be used to force carriers and ISPs to implement a two-year data retention scheme if the AFP and other security agencies identify that by doing so this action will assist in the fight against cyber criminals, terrorists and enemy states?

Crimes carried out online are global and among the worst crimes affecting Australians.

4) What can the AFP now do?

It may not be immediately obvious but by using Section 313 the AFP might decide to force carriers and ISPs to implement important technology changes to the internet that would assist in crime fighting.

Email has long been a vehicle for cybercrime so the AFP could use Section 313 to require carriers and ISPs to implement the mandatory use of SMTPS and SMTPSec.

SMTPS is the use of secure authentication and communication between a customer and an email provider and SMTPSec is the use of secure communication between email providers.

Section 313 could be used to force the immediate implementation and mandatory use of Internet Protocol v6, the Domain Name System Security Extensions (DNSSec) and Hypertext Transfer Protocol Secure (HTTPS).

The lack of government action to force much-needed and readily available technology upgrades to the internet may now result in draconian outcomes that have a significantly detrimental impact on the privacy of all Australians and the operation of the internet.

5) What should the AFP do now?

Now that Section 313 has been used in the fight against online child pornography, the AFP could be expected to broaden the fight against cybercrime.

So should Section 313 have been used by the AFP – or has a Pandora’s box been opened, without any clear idea of how best to proceed?

A quote from Rudolph “Rudy” Giuliani III in Time Magazine on October 15, 1984 remains strikingly relevant today:

It’s about time law enforcement got as organised as organised crime.