House debates

Tuesday, 23 August 2011

Bills

Cybercrime Legislation Amendment Bill 2011; Second Reading

8:37 pm

Photo of Michael DanbyMichael Danby (Melbourne Ports, Australian Labor Party) Share this | Hansard source

The Cybercrime Legislation Amendment Bill 2011 makes amendments to facilitate Australia's accession to the Council of Europe's Convention on Cybercrime. The convention is the only binding international treaty on cybercrime. In April 2010 the Australian government announced its intention to join 40 other nations that have signed or become a party to the convention, including the United States, the United Kingdom, Canada, Japan and South Africa.

Cybercrime poses a significant challenge for our law enforcement and criminal justice systems. The global and interconnected nature of the internet makes it easy for malicious actors to operate from abroad, especially from those countries where regulations and enforcement arrangements are weak and, indeed, from countries where it seems that some governments half approve of the activities both of the state and of individuals in violating intellectual property in particular.

On 2 August a report by online security firm McAfee into cybersecurity, entitled Revealed: Operation Shady RATthat is, remote access tool—detailed the largest cyber attack to be uncovered. The report, by Dmitri Alperovitch, revealed that over the past five years there have been targeted intrusions into 70-plus global companies, governments and non-profit organisations, including the UN, Lockheed-Martin, Sony, PBS and even the International Olympic Committee. They also include the government of Australia and this parliament. Mr Alperovitch writes:

What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth—closely guarded national secrets … source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts … design schematics, and much more has "fallen off the truck" of … mostly Western companies …

And as a member of the Joint Committee on Intelligence and Security I would say of Western governments, including Australia, France and the United States. The report notes that these attacks are more insidious and occur often without public disclosure. Further, they present a far greater threat to companies and governments where these intrusions are motivated by a desire for secrets and intellectual property. For this reason, it is critical that laws designed to combat cyber threats are harmonised or are at least compatible to allow for international cooperation.

In June 2010, the House of Representatives Standing Committee on Communications tabled a report on cybercrime called Hackers, fraudsters and botnets: tackling the problem of cyber crime. The report included consideration of the European convention which resulted in the committee recommending to the Attorney-General, in consultation with state and territory counterparts, to give priority to the review of Australian law and practice and move to accede to the Council of Europe Convention on Cybercrime. In response to this report, the government accepted the committee's recommendation:

Australia is currently in a good position to comply with the majority of obligations under the Convention. The Government is working on the final legislative amendments required for Australia to formally accede.

The convention serves as a guide for nations developing comprehensive national legislation on cybercrime, establishes procedures to make investigations more efficient and provides systems to facilitate international cooperation, including empowering authorities to request the preservation of specific communications and helping authorities from one country to collect data in another country.

I note that the Attorney-General said in his speech that the bill will enable the Australian Federal Police to require the preservation of communications on behalf of a foreign law enforcement agency. However, once again, the content of these preserved communications can only be accessed following authorisation of a stored communications warrant under a formal mutual assistance request for a serious foreign contravention. This is an offence carrying a penalty of either three years imprisonment or a fine of $99,000. That is taking the issue very seriously.

The other systems that will facilitate international cooperation include establishing a 24/7 network to provide immediate help to investigators and facilitating exchange of information. The convention promotes a coordinated approach to cybercrime by requiring countries to criminalise four types of offences, including offences against the confidentiality, integrity and availability of computer data systems, including illegal access to computer systems, illegal interception, data interference, systems interference and misuse of devices. Computer related offences include forgery and fraud. Content related offences are offences relating to the infringement of copyright and other related rights. The convention requires parties to criminalise certain types of conduct committed via the internet and other computer networks and to ensure domestic agencies can access and share information to facilitate international investigations. As such, the convention will help Australian agencies better prevent, detect and prosecute cyber intrusions and criminal activity conducted over the internet.

Australian law already complies with the majority of the obligations of the convention. In particular, jurisdictions in Australia have created relevant offences and have provided agencies with many of the powers and procedures required by the convention. The bill amends the Telecommunications (Interception and Access) Act 1979, the Criminal Code Act 1995, the Mutual Assistance in Criminal Matters Act 1987 and the Telecommunications Act 1997.

The proliferation of illegal access of data, computer enabled fraud and forgery, and attacks against computer systems pose a strategic challenge not only to Australian's political, economic and national security interests but to many other nations around the world. The threat posed by cybercrime and targeted intrusions is on a massive scale, with such attacks and crimes possibly affecting nearly every industry and sector of nations around the globe. While I cannot go into it, my experience as a member of various committees of this parliament leads me to reflect on the fact that the Attorney's legislation and the remarks that I have just made have, in my view, absolute authority. The things that have been done that I am aware of that breach cyber-security and are criminal intrusions, whether by individuals or governments, into this nation's affairs are truly astonishing. I note the member for Barton, the Attorney-General, concluded his speech by saying:

The increasing cybercrime threat means that no nation alone can effectively overcome this problem and that international cooperation is essential.

Australia must have appropriate arrangements domestically and internationally to be in the best possible position to fight cybercrime and to do it in cooperation with international partners.

I commend the Attorney-General for introducing this legislation. This bill brings Australia’s into line with the European Convention on Cybercrime and enables us to improve our ability to combat this ever-increasing threat. I commend the bill to the House.

Comments

No comments