The government has ignored nearly all the amendments to the Cybercrime Legislation Amendment Bill 2011 recommended by a bipartisan committee, and instead rushed to patch a gaping flaw that would have prevented accession to the European Cybercrime Convention — the very purpose of the bill.
Yesterday the government’s amendments to the controversial bill, which establishes a framework to enable foreign governments to demand the retention of internet and telephony data of Australian users, were circulated and the bill is expected to be debated in the Senate this week, although it dropped from the original Senate schedule for today.
As the Supplementary Explanatory Memorandum for the amendments explains, the amendments include: technical fixes (not unusual for a bill of any complexity); a delay in the commencement of the preservation protections for 90 days to give ISPs time to prepare; making more explicit the privacy issues that must be considered by officials when deciding on the provision of data to foreign agencies; and a tightening of the annual reporting requirements relating to disclosures.
The amendments also expand the reach of the bill from offences “punishable by imprisonment for three years or more, imprisonment for life or the death penalty” to those offences and ones that are “a serious offence within the meaning of section 5D of the Telecommunications (Interception and Access) Act 1979“, something not raised by either the bill’s critics or the committee that considered it.
The European Cybercrime Convention requires that signatories apply the framework to “serious offences”, meaning the bill as originally drafted — with a limitation to offences of three years or more — would not have met the requirements for accession. The purpose of the legislation — rushed into parliament, with just five working days for stakeholders to comment — is to enable accession. In its haste to introduce and pass the bill, the government appears to have made a potentially fatal drafting error that it is now correcting.
Despite the Joint Select Committee on Cyber-Safety underplaying a number of serious concerns raised by stakeholders in the brief consultation process for the bill, of the eight drafting recommendations made by the committee on the bill only two have been wholly or partly picked up by the government, relating to reporting requirements and consideration of privacy impacts. The delay in implementation also reflects the committee’s recommendations regarding the impact of the bill on ISPs and telcos, which according to some industry sources will be significantly grater than appreciated by officials.
However, the government has rejected the committee’s recommendation regarding limitations of provision of information in cases where the death penalty may be applied, insisting present safeguards are sufficient. The Greens are expected to move amendments in the Senate that, inter alia, prevent disclosure of information unless the relevant foreign government has agreed the death penalty will not be applied.
The government has also ignored advice from the Commonwealth Ombudsman, Allan Asher, that the bill should be amended to improve the ombudsman’s power to monitor compliance with both the reporting requirements of officials and the obligation of ISPs and telcos to destroy data once orders have expired. Both Victorian Attorney-General and West Australian premier Colin Barnett wrote to the committee to point out possible constitutional issues around the extension of Commonwealth computer offences and a possible clash with state offences. Both urged the bill be delayed while the issues were resolved.