FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
------- Forwarded message follows ------- From: "Caspar Bowden" <cb@fipr.org> To: "Ukcrypto" <ukcrypto@chiark.greenend.org.uk>, <cryptography@wasabisystems.com>, "Dave Farber" <farber@cis.upenn.edu> Subject: Australian government says CoE Cybercrime Convention DOES confer GAK powers Date sent: Sat, 7 Jul 2001 11:00:37 +0100 Send reply to: ukcrypto@chiark.greenend.org.uk
On 14th November 2000, Peter Csonka of the Council of Europe was reported as denying that the Cybercrime convention conferred powers for government access to encryption keys ("That was never our intention" http://www.zdnet.co.uk/news/2000/45/ns-19057.html)
However on the Second Reading of the Australian Cybercrime Bill on 27th June 2001, Attorney General Daryl Williams said "Such a power is contained in the draft Council of Europe Convention on Cybercrime and will assist officers in gaining access to encrypted information." http://search.aph.gov.au/search/ParlInfo.ASP?action=view&item=0&from=b ro wse&path=Legislation/Current+Bills+by+Title/Cybercrime+Bill+2001/Secon d+ reading+speeches&items=1&altbrowse=yes
The text of the Australian Cybercrime Bill 2001 is at http://search.aph.gov.au/search/ParlInfo.asp?WCI=Hyperlink&CLASS=BILL&; XR efID=R1360&Short=Cybercrime+Bill+2001 -- Caspar Bowden Tel: +44(0)20 7354 2333 Director, Foundation for Information Policy Research RIP Information Centre at: www.fipr.org/rip#media
-----Original Message----- To: 'FIPR News Archive' Subject: Computerworld Australia 4/7/2001: "Cybercrime bill 'draconian and dangerous'"
http://www.computerworld.com.au/idg.nsf/All/D115FFE5F1AF211DCA256A7F00 01 FACE!OpenDocument&NavArea=Home&SelectedCategoryName=News Cybercrime bill 'draconian and dangerous' By Sandra Van Dijk 4 July, 2001 10:07 Australia
The IT security industry has been scathing in its attacks this week on the Cybercrime Bill 2001, labelling it "draconianand dangerous".
Under the bill, which proposes seven new computer offences carrying jail terms of up to 10 years, it is illegal to possess hacker toolkits, scanners and virus code.
These are 'tools of the trade' for security vendors to test systems placing a burden on lawyers drafting ethical hacking agreements with corporations.
Bernard Hill, barrister and corporate services manager of Canberra-based security consultancy 90East, said the act complicates the necessary testing undertaken by the company which manages a number of Commonwealth agencies.
"It's a burden for lawyers drafting agreements with companies and will prove very tricky legally to test denial-of-service attacks," Hill said.
Amendments to the bill will be debated when parliament sits again in August and Hill said 90East is preparing a submission identifying these loopholes. He agreed such tools and information are also required by systems administrators to secure electronic infrastructure.
The proposed bill does allow the Defence Signals Directorate (DSD) and Australian Security Intelligence Organisation(ASIS) to hack legally. It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information.
Hill said companies may be concerned about intellectual property being compromised, but protecting the national information infrastructure is critical.
"There have been allegations made about the Government's use of surveillance networks, such as Echelon, and there being no checks and balances in place when agencies are given such broad ranging powers. It is a vexed issue, but the cyberterrorist threat at this time is too great to ignore," he said.
Describing the bill as "draconian"' Unisys e-security architecture director Ajoy Ghosh said the new laws need to be enforceable. The bill will not change the current situation where Australia's enforcement agencies have scant resourcesto tackle investigations seriously, he added.
He said the solution is to empower the private sector, allowing it access to information necessary to detect, identify and prosecute.
Many private security consultancies already investigate cybercrime but Ghosh said they are hampered by current laws.
"For example, the inability to get access to ISP billing records; the private sector could focus on opportunistic crimes while the public sector concentrates on crimes of mass victimisation or those that threaten our economic infrastructure," he said.
Internet Industry Association executive director Peter Coroneos supports the proposed bill in principle but said it needs to find a balance between privacy concerns and the need to prosecute illegal hacking activities.
A spokesperson for the Minister for Justice and Customers Senator Chris Ellison was unavailable for comment but said ina statement: "The large amount of data that can be stored on computer drives and disks and the complex security measures, such as encryption and passwords, which can be used to protect that information present particular problems for investigators. The legislation will enable police powers to copy computer data and examine computer equipment and disks off-site and enable them to obtain assistance from computer owners."
------- End of forwarded message -------