18 August 2011

Cybercrime Convention

The Joint Select Committee on Cyber-Safety has tabled its 111 page report on the Review of the Cybercrime Legislation Amendment Bill 2011, including endorsement of recommendations made by myself and LLB Hons student Skye Masters in a joint submission earlier this year.

The recommendations are -
Mutual Assistance - Stored Communications and Disclosure of Prospective Data to Foreign Countries

R1 - the thresholds that apply to the issuing of a stored communication warrant under the Mutual Assistance in Criminal Matters Act 1987 (Cth) and the Telecommunications (Interception & Access) Act 1979 (Cth) for an investigation or investigative proceeding for a serious foreign offence should be the same thresholds as apply for domestic Australian investigations.

R2 - the Attorney-General investigate whether the proposed new Part IIIA of the Mutual Assistance in Criminal Matters Act 1987 (Cth) may prevent stored communications warrants being available to foreign countries for investigations into child sexual exploitation.

R3 - subsection 8(2) of the Mutual Assistance in Criminal Matters Act 1987 (Cth) be amended to include an additional discretionary ground to decline a request where the requesting country’s arrangements for handling personal information do not offer privacy protection substantially similar to those applying in Australia.

R4 - the proposed section 180F of the Telecommunications (Interception and Access) Act 1979 (Cth) be amended to elaborate more precisely the requirement that the authorising officer consider and weigh the proportionality of the intrusion into privacy against the value of the potential evidence and needs of the investigation.

Police Assistance to Foreign Countries – Historic and Existing Telecommunications Data

R5 - the proposed sections 180A(5) and 180C(2) of the Telecommunications (Interception and Access) Act 1979 (Cth) be amended to ensure that, in determining whether a disclosure of telecommunications data to a foreign country is appropriate in all the circumstances, the authorising officer must give consideration to the mandatory and discretionary grounds for refusing a mutual assistance request under existing s 8 of the Mutual Assistance in Criminal Matters Act 1987 (Cth).

R6 - the disclosure of telecommunications data to a foreign country in the context of police-to-police assistance at the investigative stage and in relation to criminal conduct that, if prosecuted, may attract the death penalty, must:
a) only take place in exceptional circumstances and with the consent of the Attorney-General and the Minister for Home Affairs & Justice; and
b) each Minister must ensure that such consent is recorded in a register for that purpose.
R7 - the Cybercrime Legislation Amendment Bill 2011 (Cth) be amended to elaborate the conditions of disclosure of historical and existing telecommunications data to foreign countries, including in relation to retention and destruction of the information and an express prohibition on any secondary use by the foreign country.

R8 - the Attorney-General investigate the desirability and practicality of a legislative requirement for data subjects to be advised that their communications have been subject to an intercept, stored communications warrant, or telecommunications data disclosure under the Telecommunications (Interception and Access) Act 1979 (Cth) once that advice could be given without prejudice to an investigation.

Reporting and Oversight

R9 - the proposed new paragraph 186(1) (ca) of the Telecommunications (Interception and Access) Act 1979 (Cth) be amended to require that the Australian Federal Police report to the Minister
• the number of authorisations for disclosure of telecommunications data to a foreign country;
• identify the specific foreign countries that have received data;
• the number of disclosures made to each of the identified countries; and
• any evidence that disclosed data has been passed on to a third part or parties.
Industry Data Handling & Privacy Obligations

R10 - the Attorney-General consult initially with the telecommunications industry and then with relevant Ministers, statutory bodies, and public interest groups to clarify and agree on the data handling and protection obligations of carriers and carriage service providers.

R11 - the Cybercrime Legislation Amendment Bill 2011 (Cth) be amended to require carriers and carriage service providers to destroy preserved and stored communications and telecommunications data or a record of that information when that information or record is no longer required for a purpose under the Telecommunications (Interception and Access) Act 1979 (Cth) unless it is required for another legitimate business purpose.

R12 - the exemption of small Internet Service Providers from the Privacy Act 1988 (Cth) as small businesses be reviewed by the Attorney-General with a view to removing the exemption.

Industry Implementation Issues

R13 - the Attorney-General’s Department consult widely with carriers and carriage service providers to ensure that the Cybercrime Legislation Amendment Bill 2011 (Cth), when enacted, can be implemented in a timely and efficient manner.