Cybercrime bill passes despite Greens protest


news A controversial piece of legislation aiming to bolster the powers of law enforcement agencies has passed the Federal Senate, despite vehement protests from the Greens, who argued strongly that the bill was “yet another” unnecessary expansion of the Government’s surveillance powers in Australia.

Entitled the Cybercrime Legislation Amendment Bill 2011, the legislation, amongst other things, introduces a requirements for ISPs to retain data on subscribers’ Internet activities in the context of a warrant being sought. It also broadly brings Australia into line with the Council of Europe Convention on Cybercrime.

“Cyber crime is a growing threat that touches all aspects of modern life. It poses complex policy and law enforcement challenges, partly due to the transnational nature of the internet,” Attorney-General Nicola Roxon said in a statement upon the legislation passing the Senate.

“This is good news for fighting crime and will help make it easier for police to track down cyber criminals around the world. In particular, this will help combat criminal offences relating to forgery, fraud, child pornography, and infringement of copyright and intellectual property. The Convention promotes a coordinated approach to cybercrime by requiring countries to criminalise these computer related offences. The Convention also establishes procedures to make investigations more efficient to improve international cooperation.”

However, the convention has not been accepted internationally without controversy over the years. For example, when the US Senate ratified it in mid-2006, the Electronic Frontier Foundation said the treaty required the US Government help enforce other countries’ cybercrime laws, “even if the act being prosecuted is not illegal in the United States”.

“That means that countries that have laws limiting free speech on the Net could oblige the FBI to uncover the identities of anonymous U.S. critics, or monitor their communications on behalf of foreign governments. American ISPs would be obliged to obey other jurisdiction’s requests to log their users’ behaviour without due process, or compensation,” wrote the EFF at the time.

“Ratifying the Cybercrime treaty would introduce not just one bad Internet law into America’s lawbooks, but invite the enforcement of all the world’s worst Internet laws. Call your senators now, and tell them to hold this invasive treaty at bay,” the EFF advocated.

Yesterday, the Greens noted that the Government and the Coalition had combined to vote down Greens amendments to the legislation which would have established a criminal threshold for data collection, safeguards against facilitating the death penalty, and improving the oversight role of the Commonwealth Ombudsman. Describing the bill as “yet another expansion of surveillance powers”, Greens Communications Spokesperson, Senator Scott Ludlam said the Cybercrime bill made it easier for police agencies to trap and share Australians’ private data with police forces around the world.

“With an inquiry into Government surveillance only just getting under way, this move is provocative, pre-emptive and typifies everything that is wrong with the way the balance is tilting against the rights of the individual,” Ludlam said in a statement. “The focus moves to the national security inquiry, which has before it a set of proposals vastly more invasive than those passed today.”

While I don’t disagree that some of the provisions in this new legislation could be useful to law enforcement groups, I’d like to see more consultation around this kind of legislation in general, and I’d also like to see the Opposition debate it more and the Government take some of the Greens’ concerns more seriously. It seems like this sort of legislation is often rammed through Australia’s Parliament in a bid to stay current with international trends — but without enough local examination.


  1. I don’t quite know how to read some of these articles.

    Is it logging people who are suspected of being criminals with the aim of getting a warrant, logging people who have a warrant out for the act, or logging everyone in the hopes that you could then get a warrant on people?

    IE if a movie studio wanted to find people pirating a movie would they a) ask an ISP to monitor an IP accused of pirating it, in the hopes of getting a warrant for further information, b) require a warrant to ask the ISP to do the logging, or c) ask for all the information on anyone pirating said movie?

    I know it’s used for many crimes, but I’m just wondering the implications of how these things are investigated under the new laws.

    • Its logging on behalf of a foreign entity regardless of whether they have a warrant or are pursuing one.

      • Not quite.

        It is logging people before you have a warrant, but only gaining access after the warrant is granted.

        I just hope there are rules as to when. IMO the only reasonable situation for this; is: simultaneous with application for a warrant, request data to be logged.
        Just to ensure that the data exists, but only from when you had enough information to request a warrant.

        There is no reasonable situation in which data logging should be allowed before you have actually built enough of a case to obtain a warrant to obtain said information. I hope this law addresses that point.

        • Hmm the disclosure provisions don’t mention a warrant being required, but I am quite likely wrong. The only bits I see are that the disclosure has to be reasonably required to enforce the relevant law.

  2. Renai could you please find out more about this
    “In particular, this will help combat criminal offences relating to forgery, fraud, child pornography, and infringement of copyright and intellectual property.”
    and this
    “The Convention promotes a coordinated approach to cybercrime by requiring countries to criminalise these computer related offences. The Convention also establishes procedures to make investigations more efficient to improve international cooperation.”?

    It sounds like Australia has just made copyright infringement a Criminal offence. I think we need some clarification.

    • From the wikipedia:

      “The Convention includes a list of crimes that each signatory state must transpose into their own law. It requires the criminalization of such activities as hacking (including the production, sale, or distribution of hacking tools) and offenses relating to child pornography, and expands criminal liability for intellectual property violations.”

      I was listening to part of the debate on this, and think there was actually no “minimum” level of offence prescribed in the legislation. Ludlum was pushing for only offences that would lead to 7 or 3 year prison sentences (not clear whether here or there – this was just a brief grab on the car radio) but that amendment got voted down.

    • Copyright infringement, in certain circumstances has always been a criminal offence. See recent conviction of audio capper for IMAGiNE and look back to the guy from drink or die who was extradited to US for copyright offences.

      The act applies when an overseas law enforcement body requests the retention of information with a valid warrant, not when a movie studio is on a fishing trip.

        • Last I looked it wasn’t a criminal offence to download a copyrighted material but it was to provide it to other people. If you are using P2P and people download a movie or music from you I believe it’s a criminal offence.

          • Ignoring that copyright breaches arent criminal acts subject to criminal law (only civil law), something I’ve never seen tested – at what point does it become a ‘crime’? Sharing 0.000001%? 1%? 10%? 50%? 100%? 101%? If I download the latest Simpsons episode and it takes 3 minutes, it might be that nobody links to my leech and I share 0.00% – where is the criminal act?

            With torrents you never get a complete copy from a single source (unless there is just 1 seed), so you arent giving someone a complete usable copy. Added to that, if someone downloads, and shares 99% of a file, that file isnt usable because of that missing segment.

            Even if you share 100%, thats by volume and not necessarily a full copy. In fact, the chances of sharing EVERY segment of a torrent is incredibly small. You’re more likely to share just half the segments twice.

            Just intellectual curiosity over something that I’ve never seen used as a defence.

      • I don’t believe a warrant is required, though I may have misunderstood some of the debate as I only caught it part way in. It sounded to me like any request from a law enforcement agency would be honoured, as long as it was related to some sort of ongoing investigation. This is embodied in sec 107P (see below).

        IANAL, have no idea what other laws may have an impact.. so this is just my basic reading.

        107P Condition for giving a foreign preservation notice

        (1) If, under paragraph 15B(d) of the Mutual Assistance in Criminal Matters Act 1987, a foreign country intends to request the Attorney‑General to arrange for access to stored communications that:

        (a) relate to a specified person or specified telecommunications service; and

        (b) are held by a carrier; and

        (c) are relevant to an investigation, or investigative proceeding, relating to a criminal matter involving a serious foreign contravention;

        then the foreign country may request the Australian Federal Police to arrange for the preservation of those stored communications.

        (2) The request to the Australian Federal Police must:

        (a) be in writing; and

        (b) specify the name of the authority concerned with the criminal matter; and

        (c) specify the serious foreign contravention that is the subject of the investigation or investigative proceeding; and

        (d) specify information identifying the stored communications to be preserved and the relationship between those communications and the serious foreign contravention; and

        (e) specify any information the foreign country has that identifies the carrier that holds the stored communications; and

        (f) if the stored communications relate to a specified person—specify any information the foreign country has that identifies the telecommunications service to which the stored communications relate; and

        (g) specify the reasons why the stored communications need to be preserved; and

        (h) specify that the foreign country intends to make a request under paragraph 15B(d) of the Mutual Assistance in Criminal Matters Act 1987 to access the stored communications.

        • Also.. there is a base level of contravention so I was quite wrong in initial statement.

          5EA Serious foreign contraventions

          For the purposes of this Act, a serious foreign contravention is a contravention of a law of a foreign country that is punishable by a maximum penalty of:

          (a) imprisonment for 3 years or more, imprisonment for life or the death penalty; or

          (b) a fine of an amount that is at least equivalent to 900 penalty units.

          • If that’s the case then it does seem to only be relating to commercial scale infringement.

            My concern was that maybe there was an ammendment that made personal infringement a criminal offence in Australia.

            Maybe the statment by Roxon was more of a nod to the likes of AFACT so they might back off a bit.

  3. This legislation will be 100% effective because no serious internet crime uses VPNs, tor and botted computers. On the other hand, human rights activists and the like may now find themselves arrested on arrival (or perhaps extradited?) based on activity that is perfectly legal in Australia.

    Well played govt, you have trolled us all.

  4. “forgery, fraud, child pornography, and infringement of copyright and intellectual property”

    Yeah right Rocksoff, and we all know you can scratch the first three because your bosses in California woulldn’t want to distract you from the REAL criminals downloading Game of Thrones and The Avengers…

    • At the risk of being a bit cheeky, I think you might have mistaken the word ‘arbitrary’ for ‘any’.

  5. I highly doubt this is about copyright infringement.
    This is about Anonymous, Wikileaks, individual hackers, anyone who has attacked and damaged government websites, big business (Paypal, VISA) and about keeping an eye out on terrorist groups who recruit, train, and run actions using cell phones and the internet.
    I’m not saying what I will accept or not, just saying it’s laughable to think this is about stopping people pirate the odd movie or album track.

    • +1

      I’m reading this as powers that let the authorities tell the ISP’s to hold information on someone, rather than tell them to hold everyones data and hope for the best.

      Basically, if they were suspicious of me doing some cyber crime, they could get a warrant and the ISP would have to track my actions. Thats simply evidence collection, no different to staking out a suspect and taking pictures.

  6. Governments are rolling over way too often when a law enforcement agency says “we should be allowed to do this”. Rubbish – what’s the cost, and what’s the benefit? In this case, the cost is too high.

Comments are closed.