Tuesday, 21 August 2012
Cybercrime Legislation Amendment Bill 2011; Second Reading
I have listened with interest to the comments of Senator Brandis and I rise to make some additional comments on behalf of the Australian Greens. We share some of the reservations that Senator Brandis expressed, so we certainly look forward, Senator, to your support for our amendments, which actually give effect to precisely some of the reservations.
I will put one additional reservation on the record at the outset. The Attorney-General, to her credit, has initiated quite a far-reaching inquiry into powers of the national security agencies, particularly with regard to surveillance powers, online and offline. The areas that are of greatest interest to me and that would seem to flow as having the greatest consequences from the terms of reference that the joint committee has put together substantively impact on the matters within this bill.
My first comment in response to the Cybercrime Legislation Amendment Bill 2011, which has been around for a very long time, is that this is now seen as actually being quite pre-emptive. This cuts directly across the inquiry that the Attorney-General, in good faith, has put to the Australian people and to the joint committee. Ironically enough, yesterday was the closing date for submissions. Today we are just going to go ahead and legislate a big slab of it without having bothered to read the submissions. These matters are directly related. These are not tangential issues. We are asking the Australian people to consider far-reaching expansions of surveillance powers, data sharing, data retention and sharing material with overseas governments.
Here is a bill which, if we were to sit down, let the speaking order collapse and not put up any questions—the coalition is clearly not going to put up anything of a fight—would pass, before the joint committee has even had a chance to read the submissions. I respect the fact that this bill has been around for a while. I am not suggesting that this is some kind of ambush that has just dropped out of nowhere out of the sky. It does have some history to it. But it has been floating around for over a year, and my question is why it is being passed now, before the joint committee has been given the chance to do its work and before the public has been given the opportunity to give evidence.
Nonetheless, this bill is before us now. My proposition is that the debate simply be adjourned until such time as that committee has done its work. How are we to take the government in good faith as actually interested in the views of the general public—people who have profound problems with the way that this government is proceeding—and take its assurances seriously if, while that inquiry is underway, we are legislating a big slab of it here tonight?
The bill was referred to the Joint Select Committee on Cyber-Safety in June 2011. That committee, of which I am a member, reported in August 2011, so it is now a year, I am a bit dismayed to realise, since that committee handed down its unanimous findings, holding up a red flag and saying, 'This bill in its current form has some very severe problems.' I have enjoyed working on the Select Committee on Cyber-Safety. It is a bit unusual that a bill would have been referred to it, but in this instance it was. The committee had profound problems with the way that the bill was drafted, and it was unanimous. We signed on. We would have gone a bit further and we put a couple of additional propositions to the committee.
But the Joint Select Committee on Cyber-Safety said: 'Hold. This is not ready to be legislated.' In response, the government has not only ignored the findings of that committee; it has, as Senator Brandis quite correctly indicated, failed to provide a response and is now going ahead and legislating, despite the fact that serious reservations have been expressed by the unanimous report of that committee.
Some of the concerns I have are basically mechanical. I join Senator Brandis in acknowledging that technology moves on. This space is moving very rapidly. Law enforcement agencies need to conduct their important work in tracking and prosecuting organised crime, politically motivated violence, offences against children and so on in qualitatively different ways through telecommunications media that were simply not possible before. I have no objection to the fact that, yes, this is a space in which the law lags and there will need to be a process whereby we update legislation to ensure that our law enforcement agencies have the tools they need to do this extremely important work. However, commensurate with that, we need to ensure that privacy protections remain in place. While we hear a great deal from law enforcement agencies about how their powers have failed to keep track with the expanding ways in which people are communicating with each other, there has been virtual silence on the fact that our privacy protections and our human rights protections have also failed to keep track. No such urgency is displayed.
The inquiry by the Senate Legal and Constitutional Affairs Legislation Committee into privacy protection is working its way through a phone-book-sized batch of amendments with no end in sight. There is no apparent urgency being displayed there about protecting people's privacy online, but there have been repetitive invocations to this chamber to urgently amend and expand surveillance powers. We have concerns about privacy implications and we have real concerns that this legislation actually goes significantly further than the European convention to which we are seeking to accede. There is nothing in that convention about some of the powers that we find in this legislation. This is where I think this debate gets muddied. Legitimate expectations that the government will protect Australian children from abuse online and protect all Australian citizens from organised crime or politically motivated violence are somehow used as a shield for a vastly expanded set of agendas which have nothing to do with those legitimate concerns and those legitimate expectations.
We also have some technical concerns which have been transmitted to us by the carriers and the telco sector about how these powers will be practically applied. Through this bill and also through the national security inquiry—which has touched off something of a storm of outrage online, and I get the sense that the Attorney-General is already keenly aware of this—the intelligence and policing agencies are seeking to outsource to the telco sector responsibilities for data storage and data retention so that it can be used for evidence later. That imposes costs and major technical issues on the carriers that they will then have to pass on to their customers. We do not hear anything from the opposition about a great big new tax on telecommunications—on every tweet you send, on every email you receive, on every Skype chat you have—but that in effect is what it is.
If we are forcing and compelling internet service providers and phone companies to retain all of this data for unknown periods of time, to enable it to be crossmatched, to enable it to be used in court to those sorts of standards of evidence, who is going to pay for that? It will not be the Federal Police. It will not be ASIO. It will not be the other agencies that are pushing for these powers. It will be us, all of us, through increased costs of telecommunications. Again, let us get a hold of what are the legitimate expectations of all Australians in being protected from violence, organised crime and other forms of abuse perpetrated online. Let us grab that agenda with both hands. But let us also be very clear about other agendas that might be advancing at the same time and make sure that we are aware of what they are.
The joint select committee spent a lot of time thinking about the fact that this legislation unnecessarily dumps quite a principled stand, a cross-party stand, on the death penalty that our government will actually cooperate with. This bill is effectively about sharing Australian telecommunications data with law enforcement agencies of other states around the world, those who are also signatories to the European convention. We do not have the death penalty in Australia; we have not for quite some time. There is no political will to reinstate it. In fact, I think all Australians would abhor that the state would murder its own citizens for committing certain kinds of crimes. I think Australia has been quite a constructive global player on the abolition of the death penalty worldwide. Nonetheless, this bill explicitly allows intelligence to be shared with foreign law enforcement agencies for capital crimes. That is something that we can fix. That is something that the cybersafety committee spent a lot of time thinking about. We have an amendment to this bill that would allow that loophole to be closed.
We have concerns about the extent to which this bill is not really about cybercrime at all. Cybercrime includes bank fraud, phishing, taking over computers with malicious software and that kind of thing, and using the internet to transact certain forms of crimes that were not possible before. This is a standard and reasonably accepted definition of cybercrime, although obviously a very broad definition. When we get to the committee stage of the bill, I will put some questions to the minister about the fact that this legislation is actually about the prosecution of all crime and has nothing to do with cybercrime. This is about the tracking of phone calls, emails, Skype chat, social media or any form of communication in pursuit of anything at all—whether it be a crime or not—and has nothing to do with cybercrime. That is a very small subcategory of the range of offences that would be able to be pursued and the range of materials that would be able to be transmitted to foreign law enforcement agencies on Australian activities, including for things that may not even necessarily be crimes in this jurisdiction.
It also essentially lowers the bar on telecommunications intercepts. Again, this is something that I will put to the minister when we get to the committee stage to make absolutely sure that I am clear about what is going on here. At the moment, in order to intercept telecommunications, the offence has to attract a seven-year penalty and above. That is a serious crime. Things like terror offences attract those sorts of penalties. Organised crime and other crimes of violence attract those very severe penalties. Most Australians would understand that if the police are targeting those kinds of offences, there is a legitimate expectation that they should be able to tap a phone, with the judicial oversight of then having to seek a warrant for a serious offence. Those are the two things about which I think there is a general consensus in Australian society, that it is legitimate and appropriate that messages and communications be intercepted given those conditions.
This bill, of course, lowers that bar.
After this bill is passed all of our data can be captured and held, pending a warrant, on the basis of an offence that attracts only a three-year penalty. Obviously, this radically expands the categories of offences that can be caught. If my understanding is incorrect I look forward to the minister correcting the record a little later in the debate. And all this before the joint committee on intelligence and security has provided its views on this very subject! That is pretty ironic. The deadline for that was yesterday.
We share very serious concerns that were expressed by the former ombudsman about the lack of clarity on the essential role that his office would perform with regard to these amendments and the significant changes that are proposed. This bill was sent to the cybersafety committee for inquiry and the committee consulted with experts. We held hearings and we heard from technical experts in the fields of IT, privacy and law, and the committee formed the view, as I did, that the privacy protections in this legislation needed to be extended. The committee also became convinced that there were reasons for amendments to be made so that we do not disclose telecommunications data to foreign countries where the death penalty is possible, and that we would be seeking some kind of assurance, from the government that this material was being transferred to, that the death penalty would not be pursued. That is an undertaking that we should be able to ask for.
The government chair of the committee, when presenting the report, said the following:
If adopted we believe these changes will go a long way in allaying any fears of unwarranted intrusions into privacy or unjustified sharing of data with foreign countries.
Well, what do you know? The amendments have been rejected; they have not even been discussed. Perhaps we will get the minister to go through the reasons for that. In my meetings with the attorney's office subsequent to that report being handed down, the amendments were treated entirely dismissively. It is quite regrettable that 11 out of the 13 recommendations have been dismissed in this fashion. I value the committee system. I enjoy committee work and I know that it is one of the things that attracts many people to this chamber as opposed to the other place—we get the time to do due diligence on legislation.
I must say that, in my brief four years here, I have found the attorney's office is one of the worst in terms of assuming that it has simply got it right and everybody else must be wrong. The Attorney-General's office, by far, under successive ministers, is the most resistant to ideas that did not originate from within its own domain. It then becomes a responsibility of this chamber to examine what the committee has brought forward and to consider whether those proposed amendments might not be a good idea.
I briefly quote from the JSCOT report:
… the Committee holds concerns about the lack of transparency in the review process for this important treaty, in particular, the lack of timely advice to the Committee and the lack of public exposure and certainty about necessary amendments to support Convention obligations.
We are aware that the agenda has moved on significantly since that work was done, but no further information has been provided. It will be our job, as this debate unfolds during this evening and tomorrow, to ensure that those answers are put on the table. This is quite a poor process that leaves considered and consensus recommendations not only unimplemented but also completely disregarded.
Even Premier Colin Barnett—and it would be pretty rare that I would stand up in here and agree with something that the Western Australian Premier has said—and the Victorian Attorney-General called for the bill to be delayed. The former Premier of Queensland questioned its passage. There are mainstream concerns that I am trying to reflect tonight about the passage of this bill. Now we see a vastly larger expansion of surveillance powers proposed by the Attorney-General, and I do not think it is appropriate that this bill is debated in that context.
I will go through some of these matters in detail when we get to the committee stage, but now I come to some of the specific matters that were raised with us. One was Telstra, ironically enough, who warned the committee that the new obligations on them to preserve data were beyond business needs and would place significant burdens on carriers and service providers in the form of cost and manpower. While the government has extended the time Telstra had to prepare, it is not enough, and we have drafted an amendment to fix that. I am very interested to hear what the government's view is on whether the industry is telling it that they are not going to be ready to bring it. Despite the fact that that submission was made a year ago, I suspect that when push comes to shove we will find that we are imposing formidably difficult obligations on telcos to trap this data and to make it available to law enforcement agencies across such a broad band.
In case senators believe that this is simply about a narrow range of phone calls and emails and so on that would be read by intelligence agencies, that is not the case. From the most recent figures that we have, which is the 2010-11 financial year data, there have been somewhere in the realm of a quarter of a million requests for telecommunications data. This is not the communication itself; this is the data that surrounds it—for example, the time that you sent the email, your IP address when you made that Skype call, or your latitude and longitude when you walked down the street and bought a coffee—because smartphones, for the benefit of those MPs who are carrying them, will record in quite fine-grained detail where you are, when you are there, whether you are using the phone or not, whether the phone is switched on not; these devices are keeping track of where people are. This is a category of data that did not even exist when the telecommunications access regime was drafted, and so it has slipped completely under the radar. There is no seven-year threshold for access to that. There is no three-year threshold. There is no threshold at all. And so a quarter of a million of these requests were made in the most recent year for which we have accurate data. This has now become a pervasive problem, and I do not hear the clamour in government circles for fixing that loophole, so the Australian Greens will attempt to do so. We have an amendment afoot that we will move to this bill that does just that.
I note that I have a second reading amendment and I will come to that towards the end of the debate. This has been circulated, and effectively goes to the Telecommunications (Interception and Access) Act. I will be interested to hear whether or not senators believe that this second reading amendment might have been pre-empted by the Attorney-General's review. As I said, I acknowledge and appreciate that that review is underway—that, rather than simply ramming them through this place as a bill, the attorney has had the good sense to put these broad terms of reference to the Australian people and hear what people think.
But this second reading amendment simply says that there should be a holistic review of the Telecommunications (Interception and Access) Act to work out in part whether the act is to continue to regulate effectively communications technologies and the individuals and organisations that supply technologies and communication services. In particular, this review would take a look at whether the surveillance powers that are available to the agencies in question are proportionate to the kinds of things that they are attempting to track. By that I mean the criminal penalty thresholds, which most Australians would support.
In order to have your phone tapped or your latitude and longitude recorded and distributed to intelligence and policing agencies, you should be accused of something. There should be some judicial oversight, and you should be implicated in some kind of crime. But as it is at the moment, and where this national security inquiry is going, all Australians are being treated as suspects, not citizens. That is something on which I call the Liberal Party to go back and examine their roots. You are meant to be the party that supported individual liberties over the power of the government. This goes back hundreds and hundreds of years. Where are you? We need you now. We need those values to come forward. I do not think it is appropriate that all Australian citizens are treated as suspects, as guilty until proven innocent: 'We'll just retain all this data in case you turn out to be implicated in some hideous crime down the track.' It is not the Australian way. Again, we appear to be taking our lead from the United States, which is starting to adopt distinctly authoritarian strands. I think we deserve better than this and I look forward to the debate as it unfolds.