Tuesday, 21 August 2012
Cybercrime Legislation Amendment Bill 2011; Second Reading
I rise to make a contribution on the Cybercrime Legislation Amendment Bill 2011. It was not all that long ago, I remember, that I would receive a 'pay' envelope containing cash. And later my wages were paid by cheque. That was a time when we were worried about our cheques being stolen or lost in the mail—not that those are not concerns now. But times have really changed, especially in the last 20 years. These days, salaries are paid by direct deposit into a bank account. But that is only the tip of the iceberg.
As can be read on the Australian Institute of Criminology website, our daily lives have seriously changed. The convergence of computing and communications technologies has changed dramatically the nature of our lives, at least for those of us who live in a developed country. We are able to do our shopping and banking from home, work and be paid electronically, and engage in leisure activities using computers. Government benefits are also able to be processed electronically and a wide range of services delivered online. The process of reducing information to electronic streams of '0s and 1s' that are stored on computers has enabled people to communicate more effectively and at a lower cost than in the past. It has also meant that geographical boundaries are able to be crossed more easily. This has enhanced the process of globalisation of the economy and social life enormously.
But these same technologies that have provided so many benefits have created enormous opportunities for various offenders. Fraudsters are able to communicate with each other in secret, disguise their identities in order to avoid detection and manipulate electronic payment systems to obtain funds illegally. They are also able to target a wide range of potential victims throughout the world, all from the comfort of their home or office. The risk of fraud is one of the principal barriers to electronic commerce systems becoming widely accepted in the community. It is believed to be one of the most under-reported offences in Australia, with fewer than 50 per cent of incidents being reported to police or other authorities.
This bill, the Cybercrime Legislation Amendment Bill 2011, will facilitate the accession to the Council of Europe Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or just the Budapest Convention. This is the first international treaty seeking to address computer crime and internet crimes by harmonising national laws, improving investigative techniques and increasing cooperation among nations. It was drawn up by the Council of Europe in Strasbourg, with the active participation of the Council of Europe's observer states: Canada, Japan and China.
The convention aims principally at harmonising the domestic criminal substantive law elements of offences and connected provisions in the area of cybercrime; providing for domestic criminal procedural law powers necessary for the investigation and prosecution of such offences, as well as other offences committed by means of a computer system or evidence in relation to which is in electronic form; and setting up a fast and effective regime of international cooperation. To date there are 47 signatories to the convention, with 32 of those signatories having ratified this commitment. These signatories include many European states as well as Canada, Japan, the USA and South Africa.
The Joint Select Committee on Cyber-Safety considered this legislation. However, another report by the same joint select committee—an interim report in June 2011 called 'High-wire act: Cyber-safety and the young'—gives some insight to the scope of the cybercrime issues that now face our youth: cyberbullying; cyberstalking; sexual grooming; sexting; illegal and inappropriate content; privacy and identity theft; technical addictions; online promotion of inappropriate behaviour—for example, use of drugs, alcohol, suicide, anorexia; and child pornography and exploitation. These are just some that are listed. We are all aware of instances where these social abuses have ended tragically—suicide after cyberbullying; or people charged with possessing thousands, even millions, of child pornographic images. Then there are concerns such as cyberterrorism—which, in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources. Various governments are even concerned about cyberwar. Then most types of organised criminal activity can be cited—drug trafficking, fraud and theft.
I return to this bill. The review of the Cybercrime Legislation Amendment Bill 2011 by the Joint Select Committee on Cyber-Safety made 13 recommendations, but the bill was manifestly supported. The areas covered by the recommendations included: issues of mutual assistance—stored communications and disclosure of prospective data to foreign countries; police assistance to foreign countries—historic and existing telecommunications data; reporting and oversight; industry data handling and privacy obligations; and industry implementation.
However, the main concerns the committee raised regarding the bill relate to:
The government has considered the recommendations from the Joint Select Committee on Cyber-Safety's report on this bill and welcomes their recommendations. Twelve of the 13 recommendations have been supported through provisions currently in effect in intersecting legislation, contained in the bill or included in the proposed government amendments. The recommendation relating to the discretion to reject mutual assistance requests where foreign information handling laws differ from domestic law will not be accepted. Making an assessment of foreign privacy laws is not practicable and would cause substantial delays. Additionally, the bill and the Mutual Assistance in Criminal Matters Act 1997 already require an assessment of the privacy impact on any person and create limitations on how the foreign country can deal with the information.
I come to the explicit privacy considerations. This bill introduces a requirement for privacy considerations when authorising the disclosure of historic telecommunications data to ensure that privacy considerations are taken into account for every disclosure of telecommunications data. The government's amendments provide detailed guidance to officers about the factors and privacy considerations which must be weighed before making an authorisation. This proposal responds to recommendation 4 of the committee.
I refer to the strengthened reporting requirements. The government amendments would strengthen the reporting requirements for instances where the AFP has disclosed existing or prospective information or documents to a foreign country. The proposed government amendments require the head of the AFP to give the minister an annual report that includes the number of disclosures that were made to each country. Consistent with international practice, sensitive information that could compromise international investigations and the strength of Australia's cooperative relationships with foreign law enforcement agencies will not be made publicly available, but will be included in the report to the minister. This proposal responds to recommendation 9 of the committee.
I come to the delay of ongoing preservation notices. The government amendments will delay the application of the ongoing preservation notices provisions until 90 days after royal assent. Industry currently provides historic preservation to agencies on an informal basis, and therefore can already comply with the requirement to preserve historic telecommunications data. The government amendments will provide industry with sufficient time to ensure compliance with requests for ongoing preservation. Industry has flexibility in compliance because the bill does not prescribe any particular capability or methodology for enabling preservation.
I come to the technical amendments as to the threshold for provision of prospective telecommunications data. The government amendments regarding the availability of prospective telecommunications data would ensure consistency of thresholds and access for domestic and foreign purposes and will ensure Australia is compliant with article 33(2) of the convention. As the bill is currently drafted, prospective telecommunications data is available domestically for the investigation of 'serious offences' and for offences punishable by at least three years imprisonment. For foreign purposes, prospective telecommunications data is only available for the investigation of a foreign offence that is punishable by at least three years imprisonment. In many cases, offences that meet the definition of 'serious offence' would also meet the requirement of being punishable by at least three years imprisonment. However, as the definition of 'serious offence' in the Telecommunications (Interception and Access) Act 1979 includes some offences punishable by less than three years, there may be some offences that would meet the domestic threshold, but not meet the foreign threshold. This difference in threshold would breach article 33(2) of the cybercrime convention. The government's amendments will remove this differential threshold and ensure Australia's compliance with the convention. On the basis of the amendments that are being proposed by the government and the recommendations by the Joint Select Committee on Cyber-Safety, I support this bill and recommend it.