The Federal Government will today introduce tougher cybercrime laws into parliament that will require internet service providers to retain data on customers when requested by authorities across the globe.
Federal Attorney-General Robert McClelland (Credit: Darren Pauli/ZDNet Australia)
The Cybercime Legislation Amendment Bill 2011, to be introduced into federal parliament today, will amend two criminal Acts (the Mutual Assistance in Criminal Matters Act 1987 and the Criminal Code Act 1995) and two telecommunications Acts (the Telecommunications (Interception and Access) Act 1979 and the Telecommunications Act 1997) to allow Australia to accede to the Council of Europe Convention on Cybercrime.
The Council of Europe Convention on Cybercrime is a treaty designed to foster cooperation and common policy between nations to deal with multi-national crimes committed on computer networks across the globe, such as online fraud or child pornography offences. Over 40 countries are party to the convention, and it has been in place since 2004. The Australian Government first flagged its intention to become a signatory to the treaty in May 2010, releasing a discussion paper on the convention in February 2011, with a committee report recommending that Australia accede to the convention last month.
The legislation will essentially facilitate greater cybercrime cooperation between Australia and other countries by giving police greater access to data from countries that are signatories to the convention, as well as adjusting computer offences to meet with the convention requirements.
In Australia, police will be given greater powers under the proposed legislation to force internet service providers to retain data of customers who are suspected to have committed a cybercrime while the matter is being investigated. However, according to Attorney-General Robert McClelland, the authorities will only be able to access that data once a warrant has been obtained.
Catherine Smith, assistant secretary in the telecommunications and surveillance law branch of the Attorney-General's Department told a committee hearing in March that the amount of data being retained would vary from case to case.
"In some cases that may be as small as one text message, in other cases it might be two months' worth of emails. It'll differ depending on the case," she said.
In announcing the legislation, McClelland said that, in the last six months alone, Australia's Computer Emergency Response Team found that Australian businesses have lost more than 250,000 pieces of stolen information including passwords and account details. He said that the new legislation was needed to ensure that Australia would be in the best position to address cybercrime on a global scale.
"The increasing cyber threat means that no nation alone can effectively overcome this problem, and international cooperation is essential," he said. "Australia must have appropriate arrangements domestically and internationally to be in the best possible position to fight cybercrime and cybersecurity threats"
The number of international cyber threats on Australian businesses has been significant of late, most notably with the hack on security company RSA forcing a number of Australian businesses to evaluate their use of RSA's SecureID system.
Hacker groups LulzSec and Anonymous have also recently teamed up to attack banks, government agencies and other high-profile organisations, in a campaign code-named "AntiSec".