Tuesday, 21 August 2012
Cybercrime Legislation Amendment Bill 2011; Second Reading
The Cybercrime Legislation Amendment Bill 2011 essentially amends a number of acts, including the Mutual Assistance in Criminal Matters Act 1987 and the Telecommunications Act 1987, to ensure that Australian legislation is compliant with the requirements of the Council of Europe Convention on Cybercrime in order to facilitate Australia's accession to that convention. Madam Acting Deputy President, you would be aware that on several occasions I have spoken on bills that impact or indeed potentially impact on the privacy of citizens, and I do so again today. But, firstly, I will make a few preliminary observations.
I note in passing Senator Ludlam's remarks before about threats to privacy that are emerging in the context of national security, and he is quite right to suggest that the Liberal Party in particular and indeed no parliamentarian can escape that debate. The Liberal Party, as the good senator reminded the Senate and reminded in particular the Liberal Party, was founded on the balance of power between the state and the individual, and he is quite right to suggest that in the past the resolution of that balance and the resolution of that tension have generally fallen, for the Liberal Party, toward the individual, and that will be a matter that we will have to pursue and debate in earnest no doubt in the future because it is not just a debating point; it actually defines the role and the relationship of citizens in this country to the state and to the government. So it is a huge issue and a very important one, and I acknowledge Senator Ludlam's eloquent contribution.
The Council of Europe Convention on Cybercrime is the first significant international attempt to coordinate law enforcement pertaining to crimes committed using computers and the internet—sadly, perhaps the fastest expanding area of criminal activity, which ranges from Nigerian scams perpetrated by teenagers from internet cafes right throughout Africa to professional hacking jobs directed at major financial institutions. In addition to computer related fraud and, indeed, violations of network security, the convention also addresses issues such as copyright infringement and, of course, as Senator Polley mentioned, child pornography.
Globalisation of the economy and globalisation of culture has also brought about the globalisation of crime. Mobile devices, computers, networks and satellites that link us all and enable us to connect to each other and indeed transmit ideas to each other—products and money around the world in the blink of an eye—also enable criminals to do just the same. They also provide criminals rich opportunities to take advantage of others. In a global village, all crime can be local, even if it is perpetrated not by armed floods straight out of gangster movies but by some corrupted nerds ensconced in the twilight of their bedroom, whether it be in Paris, Singapore, Lagos, Bucharest or indeed Sydney. With these new realities in mind, the bill among other provisions requires carriers and carriage service providers to preserve communications and data for specific persons when requested by Australian law enforcement authorities, even if this request is on behalf of foreign law enforcement authorities. This ensures that these authorities can obtain and disclose this stored information for the purposes of investigation.
With these new powers, however, come vast new responsibilities. While the convention seeks to control cybercrime, it does also allow for the safeguarding of rights. Article 15 states that human rights must continue to be upheld and enforcement powers and procedures under the convention must respect the right to free expression, the right to access information, the right to privacy and other similar rights.
Despite these guarantees the convention did create some disquiet, I think it is fair to say, both overseas and indeed here in Australia, particularly among privacy advocates. I think Senator Ludlam has indicated that this evening. It is not surprising, as the convention and the bill which gives it effect in Australia seeks to expand the powers of both law enforcement and intelligence agencies to access, gather and share people's private data and indeed their private communications.
For example, the Law Council submitted that the new section 180F in the Telecommunications (Interception and Access) Act 1979 is inadequate to safeguard personal privacy. That was their contention. The proposed section 180 F merely asked that an authorising officer 'have regard to' privacy impacts. The Law Council rightly submitted that this could be satisfied by merely ticking a box on a form and submitted the following to be inserted in the bill:
Before making an authorisation, an authorised officer must be satisfied on reasonable grounds that the likely benefit to the investigation which would result from the disclosure substantially outweighs the extent to which the disclosure is likely to interfere with the privacy of any person or persons.
The Australian Privacy Foundation in their submission had a more general complaint. They submitted:
As currently drafted, the Bill does not specifically differentiate between traffic and content data and instead merely refers to 'stored communications', which is in fact not defined. The use of this phrase is unnecessarily broad and increases the scope or unwarranted privacy intrusions into personal communications where preservation and disclosure of traffic data alone could be sufficient in terms of an ongoing investigation.
That was the submission of the Australian Privacy Foundation. It also has to be noted that the bill leaves it to the Attorney-General to decide whether to assist foreign law enforcement agencies where the offence committed carriers a death penalty in the country concerned. The Joint Select Committee on Cyber-Safety recommended that the Attorney-General should make such a decision jointly with the Minister for Home Affairs and Justice and that these decisions should of course be registered.
I hope that the Attorney-General will exercise her powers wisely and carefully, and I am sure she would. So far all the signatories to the convention, most of them European countries, are democracies with, let's face it, very reasonable protections of human rights. I think that is fair to say. It is perhaps unlikely that any dictatorship and gross human rights violators will at any point in the near future decide to bind themselves to the convention. However, should that happen, we would not want to see Australian law enforcement agencies having to play a part in enforcing the convention at the behest of foreign authorities who are using cybercrime laws to in fact quash domestic political dissent. I do not think anyone in this Senate would want to see that. While this may sound like an unlikely and indeed even a far-fetched scenario, we should nonetheless keep such possibilities in mind.
Contrary to some very overenthusiastic claims I believe that developments in information technology will not necessarily lead us to some cyberutopia. I do not believe it necessary will. Information technology, just like any other technology, is neither intrinsically good nor bad; it is essentially neutral. Whether it is put to good or bad use is a matter of human intent. Certainly mobile devices, the internet and fast and cheap connections have empowered the individual. That much is true. But also that technology has also empowered the state and surveillance.
For every instance where oppressed peoples mobilise themselves and world opinion through Twitter, Facebook and YouTube there is another instance of a government that uses essentially the same technologies to increase its powers of surveillance and control over its own people. We have seen that in the People's Republic of China in the recent past and also during the Arab Spring. I do not think I am overstating it. I think it is fair to say that those technologies can be used both by advocates of democracy and by authorities seeking to quash dissent. Technology can be used both ways.
Under our Constitution the parliament has the power to determine the rights of Australian citizens. This places an enormous burden on members of parliament to be diligent and cautious whenever legislation is introduced that looks to curtail the rights of Australians. This is the case even where it is thought necessary to achieve a greater good, like the stamping out of crime. Some governments curtail freedom and human rights as an end in itself. Many governments and many states, particularly during the 20th century, have done just that. They have curtailed freedom and human rights as an end in itself. We in Australia are fortunate to have governments which might on occasion curtail freedom and human rights, that is true, and I think that we all accept that, but only as a means to a laudable end, and even then they have striven to maintain the right balance between the means and the ends. That is the perpetual conundrum of democracy. It is not an easy balance but it is one we have to strive for.
While the coalition does support the bill, it is a shame that the government did not have more regard to the recommendations of the Joint Select Committee on Cyber-Safety or to the detailed submissions of the Law Council and others. None of us should ever cease trying to get the balance just right.