Teresa Gambaro (Brisbane, Liberal Party, Shadow Parliamentary Secretary for Citizenship and Settlement) Share this | Hansard source

I am very pleased to speak tonight on the Cybercrime Legislation Amendment Bill 2011. It amends the Telecommunications (Interception and Access) Act 1979 to ensure that Australian legislation is compliant with the Council of Europe Convention on Cybercrime requirements in order to facilitate Australia's accession to the convention.

Cybercrime—and cyberspace—is one of the great legal frontiers of our time. It has been reported that from 2000 to 2008 the internet expanded at an annual rate of 290 per cent on a global level and that there are currently an estimated 1.4 billion people on the Net. This is an absolutely phenomenal growth rate. The impact of the internet on society has been so very fast moving and far reaching—the uptake has been incredibly fast—that the legislation has failed to keep pace.

Cybercrime is borderless and potentially transnational. Offenders can in general target users in any country in the world, so international cooperation of law enforcement agencies is absolutely essential for international cybercrime investigations. The convention is the first international treaty on crimes committed either against or via computer networks. It deals with a number of areas, including fraud, child pornography and the unauthorised access, use or modification of data stored on computers. The convention's main objective is to pursue a common criminal policy by adopting consistent legislation and fostering international cooperation.

The Council of Europe Convention on Cybercrime came into force on 1 July 2004, and to date some 31 countries are party to the convention and a further 16 countries have signed the convention, including nonmembers such as Canada, Japan and South Africa. The bill targets online fraud, child pornography, copyright offences and security breaches, including offences against the confidentiality and integrity of the computer systems that bring Australia's communications laws into alignment with international conventions.

There are a number of effects of the amendments and they are: 'To require carriers and carriage service providers … to preserve the stored communications and telecommunications data for specific persons', particularly 'when requested by certain domestic agencies or when requested by the Australian Federal Police on behalf of certain foreign countries.' That means that the bill authorises the requirement for communications carriers to preserve that very important data for up to 90 days from customers who are suspected of having committed a cybercrime offence. By requiring companies to hold information—including emails, messages and internet usage data—agencies can prevent data on suspected cybercrimes from being destroyed during the investigation process. Additionally, this bill will amend the computer crime offences in the Criminal Code Act so that they have adequate scope to act. Cybercrime is on the rise, and we hear it every day in the press. Criminal activity is getting much more shrewd. It involves a use of computers or computer networks, and there are full-time people working in many countries. The level of criminal activity in this particular area is on the increase. The committee heard reports from the Uniting Church of Australia Synod of Victoria and Tasmania in support of Australia's accession to the convention, with particular regard to the need for greater international effort to combat child sexual abuse. This is a particularly horrific crime that we must do everything in our power to combat.

Another example of cybercrime involves using a computer connection and specifically developed software in order to steal identity, credit card numbers and other data that criminals can use to their advantage. Using illegally obtained data, the criminal can open accounts, charge a wide variety of goods and services and then abandon the accounts. This sometimes leaves the victim in a position of having to deal with huge debts of which they are unaware. Quite often I have constituents speaking to me about items appearing on their credit card from offshore regions.

In addition to this, data integrity and security is topical at the moment. There have been some very highly publicised attacks. Earlier this year Citigroup was IT breached by hackers and an online facility used by customers to manage their credit cards was infiltrated. Recently we also had Sony breached, allowing unauthorised access to the account information of millions of users. Other security breaches have also occurred over the last year in relation to RSA Security. All of these breaches expose companies and their customers to the risk of cybercrime. On a daily basis we hear about bank accounts being emptied. Constituents are forever contacting my office when they are being asked for their online bank account details. It still goes on quite frequently.

Submissions to the Joint Standing Committee on Treaties complained that the convention does not contain sufficiently robust privacy and civil liberties protection to offset the increased surveillance and information-sharing powers that it implements. The powers governing the real-time collection and preservation of computer data where identified has been of particular concern; however, powers for mass-surveillance activities such as wiretapping or eavesdropping are not enhanced by the legislation, because the amendments are limited to the telecommunication legislation, which requires the issue of a warrant and does not extend to surveillance devices. Disclosure of real-time data is limited to investigations relating to criminal offences punishable by at least three years in prison.

In addition, the acts sought to be amended by this bill contain their own fairly robust privacy safeguards and accountability mechanisms. We support these amendments, and Australia's accession will assist in the prevention of cybercrime.

See this speech in context