The committee investigating the controversial Cybercrime Legislation Amendment Bill 2011, which opens the door to foreign governments to demand telecommunications and ISP data on Australians, has called for a range of changes to tighten the bill.
The changes urged by the cross-party committee are a rebuke, albeit a mild one, for the Attorney-General's department, which again has been found to have overreached in extending law enforcement and intelligence-gathering powers.
The committee, chaired by Labor Senator Catryna Bilyk, called for several changes to the bill and to the existing framework for data storage and preservation, including:
- concerns of groups like the Australian Privacy Foundation that foreign requests for data storage can occur in the absence of an equivalent Australian offence be addressed not by amendments to the bill itself but by changes to the exiting framework for mutual assistance, so that the same thresholds as apply for domestic Australian investigations apply to requests for data; the committee also suggested that there be a stronger requirement on Australian authorities to weigh the mandatory (political offences, for example) and discretionary (like cost to authorities) grounds for refusing a request.
- that where requesting countries have poorer privacy safeguards than Australia, that be a basis for Australian authorities declining a request for data storage, and that Australian authorities be under a stronger obligation to consider the impact on privacy of allowing a request;
- that requests for data in relation to offences attracting the death penalty overseas be rejected unless there are exceptional circumstances and ministers agree;
- the bill make clearer obligations relating to the destruction and non-secondary use of information, and require the destruction of data once relevant notices have expired; and
- stronger reporting requirements on police about disclosure of data to foreign governments.
However, the report doesn't address several other complaints from the likes of the Privacy Foundation. For example, it doesn't discuss the loose wording that appears to allow requests for all data across a class of all users of a single service provider, although Senator Bilyk in presenting the report complained about a previous Crikey report
and rejected the interpretation that the Bill "opens the door to mass surveillance of internet usage" (Bilyk, in her introductory remarks, also lumped "hacking, the spread of malware, denial of service attacks on private corporations and the institutions of government" altogether as "the modern face of cybercrime", apparently deliberately conflict online activism with organised crime). The Greens also recommended a series of further amendments relating to issues such as the Ombudsman's capacity to check actual compliance with the requirements of the Act, rather than merely record-keeping, the lack of oversight of police-authorised disclosures of traffic data, a harder dual criminality test be included in the bill itself, and the lack of clarity around what is traffic data.
The extent to which the government picks up the recommendations of a committee endorsed by its own members and senators remains to be seen. As we saw previously with the recent extensions to ASIO's spying powers, the Attorney-General's department enthusiastically pursues legislative overreach even when publicly embarrassed, presumably because it is confident National Security State thinking will see bipartisan endorsement of its handiwork.