Chris Hayes (Werriwa, Australian Labor Party) Share this | Hansard source

I rise to also lend my support to the Telecommunications (Interception and Access) Amendment Bill 2009, a bill that will principally amend the Telecommunications (Interception and Access) Act 1979, the T(IA) Act, to ensure that the actions of network administrators to operate, protect and maintain computer networks will not breach the Telecommunications (Interception and Access) Act. These amendments are technical. They have been brought about to ensure that the overall objectives of the Telecommunications Act 1997 are being met and not frustrated by the speed of technology and the speed with which systems operators need to move to protect the information that is gained in and about their networks. These amendments are necessary to legitimise the activities aimed at securing the integrity of networks and the information that is contained in those networks.

It is no surprise to anyone in the House that we are continuing to increase our use of internet network transmissions not only in the normal day-to-day lives of individuals but also by businesses and the community generally. In fact, Australians are more active online users than the people of most other nations. Over the past few years we have seen a move away from the more traditional methods of communications—I must say that these are the ones that personally I have been a bit more comfortable with—to those which are now more familiar to an up-and-coming generation and certainly to the business community, who know of the need for instantaneous communication if they are to be in a position to win contracts and have a forthright position in leading within the business field in this country. We are now communicating more over the internet and having information exchanged instantaneously through digital processes for just about every business opportunity that exists in this country. It is for this reason that most businesses now have an online presence to enable them to communicate and, essentially, expand their trade not only as to what they do here but also as to the way in which they are actually able to apply their trade in terms of worldwide activity. We know the technology is providing us with unprecedented access to trade around the world and therefore it is vital not only for trade but also for our local community. That is one of the reasons why this government has committed $42 billion to building the National Broadband Network, a project of Snowy Mountains scheme proportions for the 21st century. This will give our businesses the boost they need to be competitive on the world stage.

However, with the increased use of online communication comes a high incidence of a new emerging crime, cybercrime. I have spoken in this place many times about criminal activity not being one matter that is actually born and bred in any particular crime base. Criminals will move to actually exploit loopholes with a view to getting returns on their investment in crime. At the moment cybercrime is one of those things that is attracting serious money for various groups of individuals in terms of setting up criminal enterprises to benefit the less than law-abiding citizens of our country. According to a global survey of nine countries in 2008 conducted by a software security vendor, AVG Australia, Australia has the highest incidence of cybercrime in the world. The study—which canvassed 1,000 users in each of the countries of Australia, the US, France, Germany, Italy, Spain, Sweden, Brazil and the Czech Republic—found that more than 39 per cent of Australians have been the victim of some form or other of cybercrime. That is compared to 32 per cent in Italy, 28 per cent in America and just 14 per cent in Sweden and Spain. It is certainly of no surprise to me just how sensitive is some of the information that is being sought out there at this stage when you think about what is being accumulated online, particularly when it relates to such things as medical records, banking details, phone numbers et cetera. All are certainly not in the public domain, but through criminal enterprise cybercriminals are actually trying to attract that information as their form of business. What they then do with that is exchange it on the black market, therefore identify theft has become such a big issue not only in this country but around the globe. In Australia alone the proceeds of identity fraud are estimated to be something around $6 billion a year. I have seen identity fraud figures being touted that suggest it is something in the vicinity of $100 billion worldwide. So it goes without saying that we must do whatever we can to defend Australia’s computer networks.

We have an obligation to protect Australians and certainly Australian businesses from malicious access to their personal information or their business information. We actually do that by building confidence in this new emerging digital economy. As it stands, network operators can undertake protective activities to protect their networks. However, as attacks are becoming so frequent and more refined, many operators’ actions in defending their networks may be regarded, without their intending to be, as breaches of the Telecommunications (Interception and Access) Act 1979. This bill will amend the act to ensure that network operators can undertake legitimate activities aimed at securing their networks and, importantly, the information that is contained on those networks. We know that currently an exemption exists under the act for network protection activities undertaken by designated security and law enforcement agencies. In fact, early last year the parliament agreed to extend the operation of these provisions until 12 December this year. This was related to timing to give more opportunity to build broader solutions relevant to all networks, both government and non-government, as they were being developed.

It should be noted that the protection regime proposed in this bill has been amended following the result of an active consultation round that occurred with various law enforcement agencies, including the Australian Federal Police; the business community; and other stakeholders. It is also important, I believe, to note that these amendments strike a balance between protecting computer networks from malicious activities whilst also protecting the users of these networks from unnecessary or unjustifiable invasion as to their personal information. Under this revised approach, this bill will have a couple of major impacts. Under it all networks will be able to intercept communications at the network boundary in order to protect the network. Intercepted material may be communicated for the purpose of performing network protection duties and investigating criminal offences. Only network operators within interception agencies, intelligence agencies and Commonwealth departments responsible for security collection of foreign intelligence, defence or the conduct of the Commonwealth’s international affairs will be able to monitor reasonable use of certain information in certain circumstances. This will mean that employees in private or non-government organisations—and most other government agencies for that matter—cannot be the subject of disciplinary action under the network protection provisions, given that they use the network appropriately, properly and in accordance with the agreed use.

This bill also includes several important amendments that will improve the effective operation of the act, including amending the definition of ‘permitted purpose’ in relation to the New South Wales Police Integrity Commission to reflect an expansion in the role of the commissioner. Further, the bill will also clarify that information that has been intercepted by the Australian Federal Police in the course of investigations into serious offences, including terrorism offences, can be used by the AFP for purposes associated with the making of control orders and preventative detention orders under the Criminal Code. These technical amendments, along with a couple of others that I have not had the opportunity to mention, will ensure that the act continues to be clear and relevant in the obligations and the powers it imposes on carriers and on law enforcement agencies. This bill marks an important step in the government’s commitment to building confidence in the online world. I commend the bill to the House.

See this speech in context