Inquiry picks holes in government Cybercrime Bill

A parliamentary inquiry has highlighted serious concerns with the government's Cybercrime Legislation Amendment Bill 2011, which is intended to allow Australia to accede to the Council of Europe Convention on Cybercrime.

The report from the Joint Select Committee on Cyber-Safety's inquiry, tabled yesterday, notes problems including:

• Failing to distinguish between the retention of traffic metadata, such as the time and destination of an online communication, and the contents of that communication.
• The possibility that foreign governments could be given access to data in relation to crimes that in Australia would not be serious enough to warrant an interception, or even be a crime, such as political crimes.
• Conversely, the possibility that the investigation of some child exploitation offences would not be assisted by foreign governments because they're not treated as seriously in some countries as in Australia. "Many countries, including many European countries, impose a maximum penalty of two years imprisonment for the possession, dissemination, sale or rent of child sexual abuse material," the report said, which would not trigger the penalty threshold for a "serious" crime.
• The potential for data on Australians to be shared with countries "at large", rather than limited to those that have also acceded to the Council of Europe convention or have an existing formal mutual assistance arrangement with Australia.

The inquiry report makes 13 recommendations, which Attorney-General Robert McClelland says the government will "consider".

Senator Scott Ludlam of the Australian Greens is even more critical of the proposed legislation.

"With this Bill the Attorney General’s Department yet again seeks to fast track legislation, which yet again extends well beyond its nominal purpose, to yet again encroach upon on the civil liberties of Australians in the name of law enforcement and counter-terrorism," Ludlam writes in four pages of additional comments appended to the report.

"Once again with this Bill, a major expansion of the surveillance state is occurring with entirely inadequate justification," he writes.

Ludlam points to the Bill's provision for the ongoing retention of communications, which the Convention does not require, and the retention of traffic data for 180 days, twice what the Convention requires.

Ludlam is also critical of the government's haste. The Bill was introduced in June and stakeholders given little time to comment.

"Setting five business days for civil society organisations that largely rely on volunteer labour to provide input is unfair. A seven day extension, while welcome, is not good enough given the importance of the matters in question," he writes.

The Attorney-General has stressed the Bill's importance in fighting international cybercrime, especially computer-related fraud, child pornography and violations of network security.

"While Australian law substantially complies with the obligations in the Convention, the Government believes there is more we can do to ensure Australia is in the best position to tackle cyber threats that confront us, both domestically and internationally." he said in a media statement welcoming the inquiry report.

"Australia must have appropriate arrangements domestically and internationally to be in the best possible position to fight cybercrime and cyber security threats."

The Council of Europe Convention on Cybercrime is currently the only international treaty covering online crime. More than 40 countries have signed or become a party, including the US, UK, Canada, Japan and South Africa, and more than 100 countries are using it as the basis for their own legislation.

The recent Quintet meeting of Attorneys-General from the five key Anglosphere nations recently endorsed the Convention as the key framework for international cooperation.

Could Google pull an Apple on Motorola hardware?

Polymorphic threats cause pain for traditional anti-virus: Symantec

• Tweet