COMMITTEES;Cyber-Safety Committee;Report – 18 Aug 2011

I present the report of the Joint Select Committee on Cyber-Safety on the Cyber­crime Legislation Amendment Bill 2011 and move:

That the Senate take note of the report.

Today I table the report of the Joint Select Committee on Cyber-Safety on the provi­sions of the Cybercrime Legislation Amend­ment Bill 2011. All members of the committee were in agreement, including the Greens, who have complimented the quality of the report. There are some additional comments by the Greens, who would obviously have liked us to go further, but I will leave those matters to Senator Ludlam.

The bill deals with the subject of cybercrime, a subject that has increasingly occupied the attention of all Australian governments and this parliament. The globalisation of communication technology has brought many benefits but it has also enabled transnational crime to flourish. Hacking, the spread of malware, denial of service attacks on private corporations and the institutions of government is the modern face of cybercrime. Large-scale online fraud can net organised crime vast profits. We are no longer dealing the nuisance hacker who gets his kicks from showing off his hacking prowess.

The bill amends the Telecommunications (Intercep­tion and Access) Act, and the Mutual Assistance in Criminal Matters Act, to enable Australia to accede to the Council of Europe Convention on Cybercrime. The convention and the bill are intended to enable law enforcement agencies to keep up with criminal networks that attack computers and computer systems or use the internet to facilitate their criminal enterprise. Before speaking about the report, I would like to outline what the bill does and correct some of the misinformation that is circulating.

What the bill does

There are four main aspects to the bill. First, it introduces a new mechanism for the preservation of communications to prevent the destruction of potential evidence until a warrant for access is obtained. This new preservation mechanism will be available to law enforcement agencies and to ASIO.

Second, the bill also allows the AFP to apply on behalf of a foreign country for a stored com­munications warrant. So, while the AFP must issue a preservation notice at the request of a foreign country, there is no access to this material without a warrant. The AFP can only apply for the warrant once the Attorney-General has agreed to a formal request for mutual assistance from the foreign country.

Thirdly, the bill allows the AFP to share telecommunications data—that is, non-content data—with a foreign country without the need for a formal mutual assistance request. This may occur only where that data has already been obtained for a domestic investigation. This is intended to speed up international cooperation.

Fourthly, the Ombudsman will have oversight of the preservation regime and stored communications warrants obtained for a foreign country. The Inspector General of Security and Intelligence will have oversight of ASIO’s use of the preservation regime for intelligence purposes.

What the b ill does not do

It is important to be clear that neither the convention nor the bill seeks to implement a general data retention scheme. It does not, as has been claimed by Crikey this week, ‘open the door to mass surveillance of internet usage’. No country can demand the transfer of any data—the content of communication or the ‘traffic data’. It simply is not true, as Crikey has claimed, that a country like China will be able to obtain volumes of communi­cations data about dissidents in Australia.

The powers available under the bill, and indeed the powers that already exist under the Telecommunications (Interception and Access) Act, can only be activated where there are legitimate law enforcement require­ments or, in the case of ASIO, legitimate security purposes. Access to the content of communications is provided under warrant and only after a mutual assistance request has been agreed to by the Attorney-General.

The bill makes no change to the range of countries to which police can provide police-to-police assistance. The bill does not allow ASIO to share communications with foreign counterparts.

The committee received 23 submissions and heard from several witness on Monday, 1 August. We also carried out an inspection of the Australian Federal Police high-tech crime operations facilities in Barton. We were conscious of the sensitivity that goes with any expansion of covert police powers, especially powers that involve access to private communications. We are mindful of the importance of subjecting these powers to proper standards and safeguards.

It is with this in mind that we have proposed a range of realistic, modest and practical changes. If adopted, we believe these changes will go a long way toward allaying any fears of unwarranted intrusions into privacy or unjustified sharing of data with foreign countries.

The time for presentation of this report is short. I will forgo a detailed explanation of each recom­mendation. The general approach of the committee was to ensure that thresh­olds that apply to domestic investigation are equally applied to foreign countries seeking access to communications material.

We have proposed that the AFP guidelines on police-to-police cooperation in possible death penalty scenarios be tightened and should only occur in exceptional circum­stances and with the consent of the relevant ministers. This means that telecommuni­cation data cannot be shared even at an early investigative stage in such matters without the minister’s consent.

We also proposed that the general privacy safeguard in proposed clause 180F be elaborated in more detail to provide greater guidance to the AFP. That guidance is already in the explanatory memorandum, but putting it in the statute will provide better visibility to the police and the public.

Finally, the committee proposed that the government consider in more detail what privacy obligations might apply to carriers and carriage service providers. Of course, the Privacy Act already applies. But better visibility and clarity can be achieved if there are clear obligations to destroy material held by a carrier.

Law enforcement agencies already have an obligation to destroy this material when it is no longer relevant to an investigation. The recommendation is that this obligation be replicated for the industry, unless there are other legitimate business purposes for keep­ing the information such as billing.

The intention of the committee is to improve public confidence in the scheme and we are sure that public confidence is equally important to the industry.

In conclusion, I wish to thank the committee members and the secretariat for their work in this inquiry. I commend the report to the Senate.