Under the proposed Bill, tabled in the House of Representatives on June 27, 2001, anyone in charge of a computer system could be required to release security information such as encryption keys, if required to do so by law enforcement agencies.
“This is a very controversial issue,” EFA vice chair, Greg Tyler, told ZDNet.
”It raises all sorts of questions about the security of data in the first place…and if it’s encrypted how does one prove they don’t possess every key to that data?”
Penalties for non-compliance could amount to six-months imprisonment, Tyler stressed.
Tyler said the EFA was also concerned with the way sections of the Bill were worded.
”The way the Bill is currently worded could criminalise innocent behaviour…behaviour designed to protect computer systems,” Tyler said.
If the Bill is passed, individuals could be charged with Possession with Intent if they’re found to have tools which could be used to interfere with computer systems, when such security tools “can be used for fully legitimate purposes,” according to Tyler.
”Our concern is that [the Bill’s] a bit premature … it really needs a lot more thought,” he said.
According to Tyler, the solution behind the virues which seem to have inspired the Cybercrime Bill, is to install better security software at both the server and desktop level …”to make companies resistant rather than attack them with criminal law”.
”The best approach is better defence rather than creating more offences,” Tyler said.
The EFA is currently preparing its submission to the Senate Legal and Constitutional Legislative Committee Inquiry into the Provisions of the Cybercrime Bill 2001, which will meet for a preliminary hearing this week.
”We don’t expect this Committee will make major changes to the Bill,” Tyler said.
However, ”we’ll exercise lodging our concerns and hopefully some ammendments will be made to the Bill that will make it not as bad as it already is.”