Monday, 21 June 2010
Communications Committee; Report
On behalf of the Standing Committee on Communications I present the committee’s report entitled Hackers, fraudsters and botnets: tackling the problem of cyber crime, together with the minutes of proceedings and evidence received by the committee.
Ordered that the report be made a parliamentary paper.
Today I table the report of the House of Representative’s Standing Committee on Communication’s inquiry into cybercrime. Over the past 12 months the committee has heard evidence from a wide cross-section of government, industry and the community on the impact of cybercrime on the Australian public. The report is a substantial contribution to the cybercrime policy debate in Australia. The message was clear and consistent: Australia needs to take a more comprehensive approach, a ‘whole-of-cyberspace’ approach that takes account of ordinary Australians and shifts away from the fragmented approach to tackling cybercrime which presently dominates the issue, and move to a coordinated approach between government, the private business sector, service providers and law enforcement authorities.
In 2009 alone the number of Australian internet subscribers grew by one million to a total of nine million. The global estimate is approaching two billion. The digital economy is here and here to stay. While the benefits of a connected world are undeniable, increased connectivity brings increased risks. Cybercrime has grown from the nuisance hacker into organised transnational crime committed for vast profit. Malicious code, malware, identity theft and botnets—cybercrime continues to evolve and grow. An underground digital economy has emerged by which cybercrime tools and stolen information can be easily traded. These crimes take a significant toll on everyday Australians. Cybercriminals have identified home users and small business as the weak links in the chain and are conscientiously targeting these groups. The emotional and financial consequences for Australian victims of cybercrime are real, lasting and significant.
Despite the prevalence of cybercrime, the committee does not accept that the internet is an unpoliced Wild West. The internet is subject to the same laws as the offline environment. I commend the ongoing efforts of the government to combat cybercrime. However, under current arrangements, end users have largely been left to fend for themselves. This is no longer a tenable position. We must achieve a model of shared responsibility that brings industry, government and the community together. To achieve this goal the committee has made a number of significant recommendations. These are based on the unanimous view that e-security education alone is not sufficient to protect end users.
The committee has recommended that an office of online security be established within the Department of Prime Minster and Cabinet, headed by a cybersecurity coordinator—a cyber-tsar—to work with all levels of federal, state and territory governments, industry and consumers, and with international partners. The office must be centrally located and not be biased towards one particular policy area such as national security. The coordinator will need to have both government and industry experience—someone who can cut through red tape and work with all parties. The committee has also recommended a 24/7 national cybercrime complaint centre—a one-stop shop—and hotline to assist everyday Australians. This approach will also help enforcement agencies to see the bigger picture of organised cybercrime. If we can follow the footprints of cybercriminals, we can ultimately identify them and prosecute them. The report also recommends the development of a centrally managed national e-security education strategy.
The Standing Committee of Attorneys-General recently announced national cybercrime measures. I commend greater national collaboration but would caution against seeing this as a role purely for the Attorneys General. The committee has emphasised the importance of a national, multisectoral, strategic and coordinated response to cybercrime through, for example, strong consumer protection and privacy laws. Significantly, the committee has recommended a mandatory e-security code of practice to put to the internet industry. The recent voluntary code for ISPs is a step in the right direction, but the committee wants a clear obligation for ISPs to notify subscribers when their computers are infected. Nine-two per cent of internet consumers support this notification, and it is very clear that, in the present circumstances, unless the ISPs notify consumers, many consumers are oblivious to the fact that their computer has been hijacked. It is essential to remediate infected computers, dismantle botnets and identify the sources of cybercrime. End users should also be expected to install antivirus software before connecting to the internet.
I rise to support the Chair of the House of Representatives Standing Committee on Communications in the tabling of the report of the inquiry into cybercrime, titled Hackers, fraudsters and botnets: tackling the problem of cyber crime. I congratulate the chair of the committee for the fantastic work that she did in her leadership of this committee. As the deputy chair, I certainly appreciated the effort that she and the rest of the committee members put in. I would also like to take the time to thank the committee secretariat for their diligent and dedicated hard work to ensure that this report actually is a report that, I am sure, will not gather dust in the future. I am sure that this report will have many of the recommendations within it put into practice. I am hoping that that will be the case because a significant amount of hard work went into it.
Fishing, virus, worms, trojan horses, botnets—one might be forgiven for thinking that this could be just science fiction; however, this is language that we as consumers of the internet must become familiar with. We need to accept that the internet is a valuable form of communication but, as technology advances rapidly, we must implement protection mechanisms that can play a role in protecting consumers against criminal activity that causes devastation and wreaks havoc on the victims.
Over the past few years, criminal activity has increased dramatically as a result of utilisation of the internet. During evidence given, we were told that when a home user fell victim to a scam the cybercriminal put the respondents of these scams onto what they called a ‘sucker list’. This list is then used to distribute further scams. So, rather than people thinking, ‘Well, I’ve been caught once and now I will be left alone,’ they actually are targeted even more intensely with alternative scams. It is quite a shame to see that people can get caught time and time again. It might be thought that the people who get caught are not savvy people. Well, that is certainly not true.
During the evidence we heard that there is huge concern for the future. As our internet speeds increase, the ability to track criminals becomes increasingly difficult. However, we are very fortunate that the same technology used to commit crime against users is also used to catch these criminals. The committee heard evidence from agencies that gave us significant comfort in their expertise, but we also heard tragic and heart-wrenching evidence from people who had been scammed. The one constant comment that we heard from people who gave evidence, advice on evidence and agency advice was that there is a need for intense education. I personally feel that the very nature of the advancement in technology means that consumers must become more savvy and have a responsibility to be educated. In addition, I feel that retailers have an obligation to ensure that consumers are aware of the need to install the protection that they require, such as anti-virus software, firewalls and anti-spy software.
As a result of how many complaints I have had over the years, I held forums in my electorate to educate my community on the very real issues of cybercrime, identity theft, fraud, the use of people’s computers to host and distribute of child pornography and other issues. I put out a booklet to explain, in very simple terms, just what people need to look for, the types of protection they need to have on their computers and how they can check their computers to see whether botnets are active on their home systems. Mr Deputy Speaker, you would be surprised at how many people are hosting botnets in their own homes without having any idea that they are being used to transfer information—sometimes information that is highly illegal—throughout the system. I commend this report to the House. The committee did an excellent job, and I think that, on the whole and in the main, this is a successful report.