18.8.11 - Cyber-Safety Committee - Report - House of Reps Hansard

Mr HAWKE (Mitchell) (11:57): On behalf of the Joint Select Committee on Cyber-Safety, I present the committee's report entitled Review of the Cybercrime Legislation Amendment Bill 2011 incorporating additional comments.

In accordance with standing order 39(f), the report was made a parliamentary paper.

Mr HAWKE: by leave—As Deputy Chair of the Joint Select Committee on Cyber-Safety, I have presented the report of the review of the Cybercrime Legislation Amendment Bill 2011, referred to us by the House Selection Committee. Senator Bilyk, the chair of the committee, will be tabling the report in the Senate today.

The Cybercrime Legislation Amendment Bill deals with the law enforcement powers to tackle cybercrime, a subject that has increasingly occupied the attention of all Australian governments and this parliament. The globalisation of communication technology has brought many benefits, but it has also enabled transnational crime to flourish. Hacking, the spread of malware, denial of service attacks on private corporations and the institutions of government is the modern face of cybercrime. Large-scale online fraud can net organised crime vast profits. We are no longer dealing with just nuisance hackers but with organised syndicates of crime.

This bill will amend the Telecommunications (Interception and Access) Act, the Mutual Assistance in Criminal Matters Act and the Criminal Code Act 1995 to enable Australia to accede to the Council of Europe Convention on Cybercrime. The convention and the bill are intended to enable law enforcement agencies to keep up with criminal networks that attack computers and computer systems or use the internet to facilitate their criminal enterprise.

Before speaking about the report, I will briefly outline what the bill does and correct some of the misinformation that has been circulating in recent days. There are four main aspects to the bill. First, it will introduce a new mechanism for the preservation of communications to prevent the destruction of potential evidence until a warrant for access is obtained. This new preservation mechanism will be available to law enforcement agencies and to ASIO. he purpose of a preservation notice is to ensure that potential evidence is not destroyed. Access to that material is by a stored communications warrant, which is already available under the Telecommunications Interception and Access Act.

Second, the bill also requires the AFP to preserve communications data on behalf of a foreign country when requested to do so. But, again, there is no access to this material without a warrant and the AFP can only apply for the warrant once the Attorney-General has agreed to a formal request for mutual assistance from the foreign country.

Thirdly, the bill allows the AFP to share telecommunications data—that is, non-content data—with a foreign country without the need for a formal mutual assistance request. This may occur only where that data has already been obtained for a domestic investigation. It is intended to speed up international cooperation where perpetrators may also be operating overseas.

Fourthly, the Ombudsman will have oversight of the preservation regime and stored communications warrants obtained for a foreign country. The Inspector-General of Security and Intelligence will have oversight of ASIO's use of the preservation regime for intelligence purposes.

I want to make it clear also that neither the convention nor the bill seek to implement a general data retention scheme. It does not, as has been claimed by various online news information services this week, open the door to mass surveillance of internet usage. That is very important from the committee's perspective. The powers available under the bill—and, indeed, the powers that already exist under the Telecommunication Interception and Access Act—can only be activated where there are legitimate law enforcement requirements or, in the case of ASIO, legitimate security purposes. No country can demand the communications or the traffic data be transferred to them.

Turning to the inquiry, the committee received 23 submissions and heard from several witness on Monday 1 August. We also carried out an inspection of the Australian Federal Police high-tech crime operations facilities in Barton. We have been conscious of the sensitivity that goes with any expansion of covert police powers, and especially powers that involve access to private communications of Australian citizens. We are mindful of the importance of subjecting these powers to proper standards and safeguards, and the scrutiny applied by the committee's inquiries addressed many of the concerns that have been in the public domain. It is with this in mind that we have proposed a range of realistic, modest and practical changes, which are tabled in this report. If adopted, we believe these changes will go a long way toward allaying any fears of unwarranted intrusions into privacy or unjustified sharing of data with foreign countries.

The time for presentation of this report is short, so I will forgo a detailed explanation of each of our 10 recommendations, but the fact that we have made a series of detailed recommendations in relation to such an important piece of legislation should be a signal that we are taking our role seriously in terms of the serious nature of this legislation. The general approach of the committee was to ensure that thresholds that apply to domestic investigation are applied equally to foreign countries seeking access to communications material of Australians. We have proposed that the Australian Federal Police guidelines on police-to-police cooperation in possible death penalty scenarios be tightened and should only occur in exceptional circumstances, and with the consent of the relevant ministers—the Attorney-General and the Minister for Home Affairs. This means that telecommunications data—traffic data—cannot be shared, even at an early investigative stage, in possible death penalty scenarios without both of the ministers' consent.

We also propose that police should be required to consider the range of factors set out in the Mutual Assistance Act before sharing telecommunications data obtained during a domestic investigation with foreign counterparts. This would strengthen protection against data sharing in relation to, for example, a political offence, which, of course, has been a concern with Australia signing this international convention. The committee considered that the general privacy safeguard in proposed section 180F would be elaborated in more detail to provide greater guidance to the Australian Federal Police. That guidance is already in the explanatory memorandum, but putting it in the statute, I believe, will provide better visibility to police and the public.

Finally, the committee proposed that the government consider in more detail what privacy obligations might apply to carriers and carriage service providers. Of course, the Privacy Act already applies, but better visibility and clarity can be achieved if there are clear obligations to destroy material held by a carrier. Law enforcement agencies already have an obligation to destroy this material when it is no longer relevant to an investigation. The report recommends that this obligation be replicated for industry unless there are practical, legitimate business purposes for keeping the information, such as billing. But in relation to information gathering by industry, the report recommends that there will be a requirement for this information to be destroyed. The intention of the committee is to improve public confidence in the scheme, and we are sure that public confidence is equally important to the industry. I commend the report to the House.