Standing up for Canberra

Cybercrime Legislation Amendment Bill 2011

Tonight I speak in favour of the Cybercrime Legislation Amendment Bill 2011. Earlier this year I had reason to speak on the identity theft provisions of the Law and Justice Legislation Amendment (Identity Crimes and Other Measures) Bill 2010 [2011] and in particular on the growing problem of the online theft of personal information. It is for similar reasons that I speak on this bill tonight. Indeed, I revealed earlier this year that I was a victim of online identity theft when I was planning a trip to a conference in the United States a couple of years ago. I was told by my travel agent— and I do not use this travel agent anymore—that I had to get a visa to go to the States. That surprised me at the time, given that I had worked in Foreign Affairs and was aware of the relationship we had with the US. I thought we had agreements in place so that for short stays we did not have to obtain visas. Being the person I am, I found a site purporting to provide me with such a visa. I applied, paid $60 and got an ID code to show the officials when I arrived at the fabulous Los Angeles airport. However, my initial instincts were correct and when I arrived in the US there was no need for the visa, so it was a completely spurious concept and a completely spurious visa. I was completely scammed and have not seen my money since.

On a less amusing note, late last year my father-in-law was the victim of identity theft after the death of my mother-in-law. He was in the midst of reconciling and closing down bank accounts and advising government agencies and community organisations of her death while at the same time trying to come to terms with the loss of the woman he had loved for more than 50 years. In his grief he thought the request for bank information was just one of the many administrative processes he had to go through at the time. There was a pile of paperwork and it was just another thing he had to do. He discovered too late that he had become a victim of identity crime. It was very traumatic for him and we spent a lot of time back-pedalling on a range of things to help him out. As I said, it happened at the worst possible time—just after his very beloved wife had died. Last month my husband, Chris, got a phone call from the bank saying that our credit cards had been skimmed and had subsequently been cancelled. Unfortunately, we had no choice in the matter. It is one thing to have the cards cancelled immediately, but then you have to wait to get the new cards and there are all the accounts you have attached to your credit card. You get nasty letters from people saying you have not paid a bill and you have to let them know that you are waiting for a new credit card and then have to notify them of the new details—and we both have so much spare time to do all that.

The reason I spoke on identity theft earlier this year is that it is an everyday problem. I relay these stories because I believe my family is not all that special; in fact it is quite the opposite. My story is all too common and sadly the loss of my $60 is very minor when compared to some of the crimes that occur online. This year we also heard of the breach of the Sony PlayStation Network and the theft of information. It has been confirmed that in all some 77 million users from across the globe had their information stolen by unknown criminals. It is also a sad fact that the online environment is proving to be very convenient for paedophiles and for the dissemination of child pornography. As an example, in March this year the Australian Federal Police cooperated with police from around the world to arrest nearly 200 suspected paedophiles and rescue 230 children—I do not even want to think where those children were— from Holland, Chile, Brazil, France, the United States, New Zealand and Australia.

It is abundantly clear that cybercrime does not confine itself to the niceties of international borders. If one thing can be said about the criminal elements of society, it is that they are nothing if not enterprising. We should not be surprised then that, like legitimate business, criminal syndicates and groups are taking advantage of the globalised world made possible by advances in technology. In March last year, for instance, New Scientist reported on a burgeoning service industry for the creation of malware, insidious software that infects computers to steal information, including credit information. The article revealed that for as little as $400 a person with little computer skill could purchase and use sophisticated malware for online fraud and theft.

Given the rise of this risk to our economy and our society we must react decisively and appropriately, because as Rafael Etges and Emma Sutcliffe stated in an article entitled 'An Overview of Translational Organized Cyber Crime' for the Information Security Journal, A Global Perspective: Organized crime is successful where laws are confusing or lax, or law enforcement is not prepared or structured to fight back.

It is clear that if cybercrime is to be tackled we need effective, international cooperation. It is this kind of international cooperation that this legislation is designed to achieve.

This legislation will facilitate Australia's accession to the Council of Europe Convention on Cybercrime. This convention is the only binding international treaty on cybercrime and as such is the only global mechanism for cooperation on this important issue. The convention serves as a guide for nations to develop laws to combat cybercrime. It aims to combat this rising new criminal enterprise by harmonising laws amongst convention members, empowering agencies with the appropriate tools to investigate crimes and through these elements enable better international cooperation.

Schedule 1 of this bill amends the Telecommunication (Interception and Access) Act. While this act already contains most of the necessary powers, it has no formal arrangements around the preservation of information. The bill seeks to amend this act so that Australian law enforcement agencies can seek the preservation of communication stored on carriers' networks prior to a warrant being issued. This is necessary as it is currently standard business practice for many providers to routinely delete information after relatively short periods. This creates issues for law enforcement as information is often deleted before a warrant for the information can be issued. The amendment will fix this problem. It is important to note that law enforcement agencies will still require a warrant to access the information with the appropriate tests under that process. Warrants will only be available to investigate a serious contravention—that is, a crime with a penalty of three years imprisonment or a significant fine.

Schedule 2 of this bill is designed to facilitate international cooperation. It makes amendments to allow the AFP to assist foreign partners by accessing communications data on a police-to-police basis. This will allow foreign partners improved access to information here in Australia as well as allowing Australian law enforcement bodies greater access to information stored overseas. Again, there are some important safeguards on foreign requests for information. Section 8 of the Mutual Assistance in Criminal Matters Act already sets out a range of mandatory and discretionary grounds for the refusal of mutual assistance. The bill also includes a range of safeguards to govern how and when things can be provided to a foreign country, including how the privacy of the person is likely to be interfered with, the record-keeping requirements on agencies and carriers, and a requirement that the AFP report on the use of powers for foreign purposes in the same way that they report on their use for domestic purposes. Finally, schedule 3 makes amendments to the application of criminal offences. While many of Australia's relevant laws already comply with the terms of the convention, there are some gaps. This bill amends a scope of computer crime offences in part 10.7 of the Criminal Code Act to ensure full compliance with the convention.

This legislation is a timely and necessary reform to ensure that Australia can rely on international cooperation to protect the economy and the lives of Australians from cybercrime. Cybercrime is no longer the domain of spotty faced teenagers out for intellectual stimulation and easy thrills, if indeed it ever was. Cybercrime is being committed by sophisticated syndicates and groups who are intent on committing terrible crimes either for financial gain at the expense of ordinary people or for other more disturbing reasons that, quite frankly, the mind boggles to comprehend. Australia must respond appropriately to this new breed of crime and criminal, and this legislation enhances our ability to respond. I commend it to the House.

Download a copy of this speech.