House debates

Tuesday, 23 August 2011

Bills

Cybercrime Legislation Amendment Bill 2011; Second Reading

9:13 pm

Photo of Luke SimpkinsLuke Simpkins (Cowan, Liberal Party) Share this | Hansard source

I welcome the opportunity to speak tonight on the Cybercrime Legislation Amendment Bill 2011. All members of this place would be aware—or at least their staff would be aware—that in recent weeks we have received a great number of emails. These emails have come from our constituents and from around the country. They have been sent to us for the purpose of trying to persuade us on a number of issues: live animal export trade, same sex marriage or even the carbon tax. These are things that of great concern to Australians and we should never believe that we can dismiss these matters out of hand.

I always say to my staff, if it is important enough for someone to contact our office it is important enough for us to do something about it. I would probably hesitate to say that that applies to people within my electorate but I guess I cannot help everyone around the country. It really does say something that in the modern age it is very easy to communicate. It is very easy to reach out across cyberspace and make contact with somebody out there. People can do that not only in the case of their particular cause but also in the case where they are up to no good or they may be committing a crime. A person used to be required to put pen to paper or get the old typewriter out and find a stamp then whack it in the letterbox, but in the modern age that is not the case any more. This has opened up a wide variety of criminal options that colleagues have mentioned during the debate.

As I said, in the same manner that we have been the destination for several email campaigns in recent weeks, Australians have for many years been the target of persons offering dodgy deals and rip-offs via email. It is a very cheap means of delivery. With the right computer programs, millions of emails can be sent out as bait just waiting for someone to respond. Those of us who check our Parliament House email accounts will find great offers from those overseas trying to transfer money out of the country, offering us a percentage of millions of US dollars that they have access to. That is the reality, but as always the snake oil salesmen of the modern era offer a deal that is just too good to be true. Sadly, in spite of receiving an unsolicited offer from a person they do not know offering money that does not belong to them or to the originator of the email, many people are drawn in by this and taken in by the deception. It is pretty much an everyday event in Australia. I note that in the 2007-08 financial year, as colleagues have said tonight, the ACCC received 12,000 online scam complaints. Whilst we may distribute from our office the little black book of scams, unfortunately there will still be Australians that will be taken advantage of or might be deceived by these sorts of criminal activities.

This is just one part of cybercrime and in many ways it is the low end, the unsophisticated end. Although it is a significant acknowledged problem around the world, we know that the only multilateral international treaty on cybercrime is the Council of Europe Convention on Cybercrime. It is in relation to the convention that we are having this debate about this bill which provides for the necessary amendments to Australian laws to facilitate our entry to that convention on cybercrime. As has been said before, this convention is also known as the Budapest Convention.

The main results of this bill being passed will be the imposed requirements on carriers and carriage service providers to preserve data for specific persons when they have been requested to do so by domestic agencies or by the AFP, the Australian Federal Police, on behalf of foreign countries. The Budapest Convention is all about crimes committed either against or via networks and it is focussed particularly on online fraud, unauthorised access, use or modification of data stored on computers and the particularly insidious child pornography crimes. In many ways the convention is about establishing a common criminal policy and taking away the opportunities for criminals to have an easy path for their criminality which they can base in any country. The convention does so by having countries adopt consistent laws and ensuring the best opportunities for fostering international cooperation.

The reasons for the convention and the need to act are apparent. For instance, in February 2008 a hacker attacked the Australian Stock Exchange website bringing it down for four hours. Although the attack could probably be more described as something like a cybergraffiti attack than the destruction or altering of figures or the theft of information, the damage that could have been done could have been even greater given that it was in January 2000—just one month before—that live company and share price information was added. Though the four hours represented just a significant inconvenience, it did prove to be a lesson for the future—but, unfortunately, there have been many incidents since then.

An incident which demonstrates another aspect of information security is the report that a US car maker suffered an incident a few years ago. Apparently a disaffected employee walked out of the building and away from their job but carried with them the latest prototype plans for a car on a flash drive. Those plans were apparently leaked and the cost in lost sales as customers decided to wait for the next model to come out, together with some research and development problems, was estimated at $1 billion.

It is probably the reason that these days if someone decides to resign from a company or is let go by a company often they are escorted from the building. With computers on every desks these days it is very easy to take damaging information away from any business. That is, again, an aspect of the modern world. In just May this year it was reported that Sony was the subject of a cyberattack which resulted in its Playstation network being offline for 23 days because information from tens of millions of subscribers was accessed. The cost was some $171 million.

I, like most members, have an RSA security token on my key ring. This token allows us to get remote access to the parliamentary computer network. On 21 May this year, Lockheed Martin, a large US military contractor, announced that they had sustained what they described as a 'significant and tenacious attack'. That attack occurred using data stolen from RSA—the security token producer—in a hacking in March this year. So we can see that these events are not occurring in isolation and that the skill of these criminals has application beyond the initial crime itself.

I also note that in the first three months of 2011, McAfee, the antivirus company, estimated that some six million malicious—or malware—software programs had been unleashed onto the internet. Again, it is a reality that while there is imagination in the world, there will be someone out there looking to create computer programs designed to separate information or money from those that they wish to target. They will do it for the money or as some sort of challenge. It may be for personal gain or it may be for some political statement. But they are out there and they exist and they are, without doubt, up to no good.

When Mr Rudd was the Prime Minister, there was a major attack on the Australian government's major website. It was apparently hacked in protest. It is a stark reminder to us all that, just because we are in the business of government in this place, we are most definitely a source of interest for attackers and criminals and there are vulnerabilities that we must always be on our guard against.

Before moving on to aspects of the actual bill itself, I wish to spend a bit of time on the most heinous crimes of all—that being the sexual abuse of children. Without a shadow of a doubt, it is a reality that out there in the world—in this country—today there are evil people. There are people who abuse children and there are those who seek to derive financial gain out of abusing children. In the past these evil tendencies were mainly suppressed because these terrible people did not have access to things like the internet. Nowadays, they can seek to indulge their depravity through their perceived anonymity on the internet. Fortunately, this perception of anonymity is not true anymore because we have officers of the Australian Federal Police and other agencies around the world intercepting emails and getting into the chat rooms to find these people, getting into the social media and the other means by which these images are exchanged. More and more of these pathetic yet terrible people are being found out and dealt with, and that is good because if these people feel the inclination to look at those sorts of photos they are more likely to act on the impulses they have. It is not just the looking; it is in fact because of the symptoms of evil people that they should languish in jail. People who look at such images just cannot be trusted in society and have to be dealt with to the full extent of the law. In my view, I have grave doubts that rehabilitation is ever possible for people like that. I am sure that taxpayers would not mind them languishing in jail for the rest of their lives, but that is a personal opinion.

With regard to the convention, it would appear at the outset that it is only about European nations. But, as we know, the United States, South Africa, Japan and Canada have all acceded to the convention. The Treaties Committee, JSCOT, has looked at the convention and reported on it as well.

In Australia the existing laws that will be amended by this bill include the Telecommunications Act 1997, the Telecommunications (Interception and Access) Act 1979, the Mutual Assistance in Criminal Matters Act 1987 and the Criminal Code 1995. The amendments will, as I have previously stated, require carriers and carriage service providers to preserve the stored communications and telecommunications data for specific persons when requested by certain domestic agencies or when requested by the AFP on behalf of certain foreign nations. The amendments will also ensure Australian agencies are able to obtain and disclose telecommunications data and stored communications for the purposes of a foreign investigation. Those are just some of the things that this bill will do. As I said, the bill has been looked at by JSCOT and more recently—just in the last few days—reported on by the Joint Select Committee on Cyber-Safety.

In the very limited time I have left to speak on this bill, I want to say that everyone in this place acknowledges the need for action on this matter, and not just for action today. As I said before, while imagination exists, people will come up with more and more sophisticated methods to commit crime and particularly crime through information technology, or cybercrime. So I anticipate that we or our successors in this place will continue to address these sorts of problems. Because I guess there will always be bipartisan support to take action on these matters, the challenge will be to try to do that without making the future so onerous on the service providers in this country that they can no longer able to operate. But we should be very certain that there is bipartisan support for strong action on these matters, and let us hope there always will be.

Comments

No comments