[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) Australian government says CoE Cybercrime Convention DOE




------- Forwarded message follows -------
From:           	"Caspar Bowden" <cb@fipr.org>
To:             	"Ukcrypto" <ukcrypto@chiark.greenend.org.uk>,
  	<cryptography@wasabisystems.com>, "Dave Farber" <farber@cis.upenn.edu>
Subject:        	Australian government says CoE Cybercrime Convention DOES confer GAK powers
Date sent:      	Sat, 7 Jul 2001 11:00:37 +0100
Send reply to:  	ukcrypto@chiark.greenend.org.uk

On 14th November 2000, Peter Csonka of the Council of Europe was
reported as denying that the Cybercrime convention conferred powers
for government access to encryption keys ("That was never our
intention" http://www.zdnet.co.uk/news/2000/45/ns-19057.html)

However on the Second Reading of the Australian Cybercrime Bill on
27th June 2001, Attorney General Daryl Williams said "Such a power is
contained in the draft Council of Europe Convention on Cybercrime and
will assist officers in gaining access to encrypted information."
http://search.aph.gov.au/search/ParlInfo.ASP?action=view&item=0&from=b
ro
wse&path=Legislation/Current+Bills+by+Title/Cybercrime+Bill+2001/Secon
d+ reading+speeches&items=1&altbrowse=yes

The text of the Australian Cybercrime Bill 2001 is at
http://search.aph.gov.au/search/ParlInfo.asp?WCI=Hyperlink&CLASS=BILL&
XR efID=R1360&Short=Cybercrime+Bill+2001 -- Caspar Bowden             
 Tel: +44(0)20 7354 2333 Director, Foundation for Information Policy
Research RIP Information Centre at:    www.fipr.org/rip#media 


-----Original Message-----
To: 'FIPR News Archive'
Subject: Computerworld Australia 4/7/2001: "Cybercrime bill 'draconian
and dangerous'"

http://www.computerworld.com.au/idg.nsf/All/D115FFE5F1AF211DCA256A7F00
01 FACE!OpenDocument&NavArea=Home&SelectedCategoryName=News Cybercrime
bill 'draconian and dangerous' By Sandra Van Dijk 4 July, 2001 10:07
Australia

The IT security industry has been scathing in its attacks this week on
the Cybercrime Bill 2001, labelling it "draconianand dangerous". 

Under the bill, which proposes seven new computer offences carrying
jail terms of up to 10 years, it is illegal to possess hacker
toolkits, scanners and virus code. 

These are 'tools of the trade' for security vendors to test systems
placing a burden on lawyers drafting ethical hacking agreements with
corporations. 

Bernard Hill, barrister and corporate services manager of
Canberra-based security consultancy 90East, said the act complicates
the necessary testing undertaken by the company which manages a number
of Commonwealth agencies. 

"It's a burden for lawyers drafting agreements with companies and will
prove very tricky legally to test denial-of-service attacks," Hill
said.


Amendments to the bill will be debated when parliament sits again in
August and Hill said 90East is preparing a submission identifying
these loopholes. He agreed such tools and information are also
required by systems administrators to secure electronic
infrastructure. 

The proposed bill does allow the Defence Signals Directorate (DSD) and
Australian Security Intelligence Organisation(ASIS) to hack legally.
It also forces companies by law to reveal passwords, keys, codes,
cryptographic and steganographic methods used to protect information. 

Hill said companies may be concerned about intellectual property being
compromised, but protecting the national information infrastructure is
critical. 

"There have been allegations made about the Government's use of
surveillance networks, such as Echelon, and there being no checks and
balances in place when agencies are given such broad ranging powers.
It is a vexed issue, but the cyberterrorist threat at this time is too
great to ignore," he said. 

Describing the bill as "draconian"' Unisys e-security architecture
director Ajoy Ghosh said the new laws need to be enforceable. The bill
will not change the current situation where Australia's enforcement
agencies have scant resourcesto tackle investigations seriously, he
added. 

He said the solution is to empower the private sector, allowing it
access to information necessary to detect, identify and prosecute. 

Many private security consultancies already investigate cybercrime but
Ghosh said they are hampered by current laws. 

"For example, the inability to get access to ISP billing records; the
private sector could focus on opportunistic crimes while the public
sector concentrates on crimes of mass victimisation or those that
threaten our economic infrastructure," he said. 

Internet Industry Association executive director Peter Coroneos
supports the proposed bill in principle but said it needs to find a
balance between privacy concerns and the need to prosecute illegal
hacking activities. 

A spokesperson for the Minister for Justice and Customers Senator
Chris Ellison was unavailable for comment but said ina statement: "The
large amount of data that can be stored on computer drives and disks
and the complex security measures, such as encryption and passwords,
which can be used to protect that information present particular
problems for investigators. The legislation will enable police powers
to copy computer data and examine computer equipment and disks
off-site and enable them to obtain assistance from computer owners."




------- End of forwarded message -------