Govt interception limitation welcomed

Internet-user advocacy group the Electronic Frontiers Association (EFA) has welcomed the move to restrict legal network interception to government and law enforcement agencies.

Both the Internet Industry Association (IIA) and the EFA were concerned that the wording of proposed changes to the Telecommunications (Interception and Access) Amendment Bill 2009 could extend interception prohibition exemptions to any network operator, including internet service providers (ISPs).

Under existing legislation, it is illegal in most circumstances to intercept inbound communications before it has reached its intended recipient. The amendment Bill penned by the Attorney General's Department positioned the changes as an attempt to improve network security protection measures against, for example, denial of service attacks.

Attorney General Robert McLelland said at the first reading of the Bill that the government was under pressure for appearing not to be taking IT security seriously enough. "I stress and emphasise that because there was some criticism, when this matter was originally put in the public domain for disclosure, that in some way the government was avoiding its responsibilities to protect networks and putting those responsibilities on private users. That is not the case," said McLelland.

He also noted that the Bill limits network protection activities to agreements between government employees and the agency concerned.

The EFA's submission to AGD's paper noted that if the Bill was passed, the loosely defined terminology for network operator could be brought to bear on disputes similar to the upcoming Australian Federation Against Copyright Theft (AFACT) versus iiNet hearing. The EFA was concerned it may lead to an ISP being legally obliged to inspect traffic deemed 'illegal' under user agreements.

AFACT last week released the summary of arguments it intends to put forward in Federal Court on October 6, which included: "iiNet has chosen not to enforce the terms and conditions of its customer relationship agreement (CRA) with its customers. Those terms require, among other things, that customers comply with all applicable laws, that they not use the services to infringe others' rights and that they not use the services for illegal purposes or practices." AFACT will claim it is the ISP's duty to ensure its customers comply with its customer agreement.

Referring to the initial set of proposals put to the public, EFA spokesperson Geordie Guy told ZDNet.com.au: "It's starting to look a lot like this came out without any forethought." Its concerns, however, were allayed after the Bill's first reading by Attorney General Robert McLelland in Parliament earlier this month.

"The definitions of network security that opened the door to ISPs to intercept and disclose in order to police their acceptable use policies has been sensibly scaled back to the Government networks that we, in good faith, expect they were meant to apply to in the beginning," Guy said.

"This with the increase in limits on disclosure — in particular the fact that disclosure to law enforcement and those who perform network security duties, not just systems admins — have us resting a little easier at the moment," he said.

The Bill has now been put to the Senate Committee on Legal and Constitutional Affairs Legislation, which is set scrutinise and report on the Bill on 16 November. Submissions are due by 9 October.