Internet legislation watchdog concerned over cybercrime bill
Privacy campaigners are arguing Australians will be subject to a serious erosion of civil liberties after the Australian Senate passed the Cybercrime Legislation Amendment bill, writes Stella Gray.
Phone call and email data, web browsing history, and other footprints of online activity may be accessed by Australian authorities and passed along to foreign authorities to prosecute a crime in jurisdictions outside of Australia.
The Cybercrime bill’s objective was to make amendments to existing federal legislation to enable Australia’s ascension into the controversial Council of Europe Cybercrime Treaty.
Over 40 countries, including non-EU nations such as the U.S, Canada, and Japan, have signed the original treaty, which was first drawn up in 2001.
Scott Ludlam, speaking before the Senate in August, said the bill does not just cover cybercrime (such as online fraud), but “is about any kind of crime that happens to involve a communications aspect”.
New amendments stipulate that Australian agencies (such as the AFP and ASIO) must issue a ‘preservation notice’ to ISPs before user data is retained, and that this is only to be accessed with a warrant.
However, statistics released earlier this year show that many surveillance requests made to ISPs do away with the court warrant process entirely – instead, the Australian Federal Police is often the final arbiter in demanding access to online data under federal law.
Questions are also raised as to whether Australians would be subject to prosecution overseas for offences that do not have equivalent criminality in Australia.
The Greens moved to add several amendments, including ones that would ensure higher penalty thresholds for surveillance warrants, and require other countries to issue a written guarantee that an Australian wouldn’t be subjected to capital punishment if the treaty facilitated their prosecution. All of the Greens’ amendments were rejected.
Instead, information sharing requests with countries that have the death penalty would be dealt with on a ‘case-by-case basis’.
Jon Lawrence, spokesperson for Electronic Frontiers Australia, says that Australia’s relationship with the U.S, which has the death penalty, means the Australian government would be unlikely to resist requests for data from that country. But this is part of a wider concern.
“In many ways the US could be seen as, you know, the big bad villain in this, but I’d be just as concerned about information about people being shared with China or other jurisdictions that perhaps aren’t terribly interested in human rights…”
“We’ve seen in the past the [Australian] Federal Police send people to death row in Indonesia, so you know, there’s some form.”
The AFP declined a request for an interview with Reportage Online.
The new cybercrime legislation does not exist in isolation in current policy making. The Attorney General’s ‘Inquiry into Potential Reforms of National Security Legislation’, launched in early July, was accompanied by a discussion paper showing the government is clearly courting the idea of internet data retention for every citizen for up to two years. It has drawn ire from all angles of the political spectrum. “These proposals are, almost by definition, the opposite of privacy,” says Lawrence.
The inquiry has attracted much more vocal debate than the cybercrime bill, which stalled for a year before reaching the upper house. While the cybercrime bill places emphasis on active criminal investigations, the national security inquiry proposals encompass every Australian internet user.
An area of particular confusion within the cybercrime bill debate are the distinctions between ‘traffic’ data (or metadata) – transactional details which carries details such as timestamps, email headers, and URLs of web pages visited, and ‘content’ data – the actual body content of an email, Facebook message or audio recording of a phone call.
Although small amounts of traffic data may not reveal much about a user, when compiled over long periods, it can form a very detailed mosaic of someone’s life.
“URLs contain all sorts of things that aren’t just about web addresses, they can contain usernames and passwords in some circumstances,” says Lawrence. “URLs are not benign data.”
The Attorney General’s department has not yet disclosed a time frame for the introduction of amendments and signing of the treaty.