Australian government says CoE Cybercrime Convention DOES confer GAK powers

Caspar Bowden cb at fipr.org
Sat Jul 7 06:00:37 EDT 2001


On 14th November 2000, Peter Csonka of the Council of Europe was
reported as denying that the Cybercrime convention conferred powers for
government access to encryption keys ("That was never our intention"
http://www.zdnet.co.uk/news/2000/45/ns-19057.html)

However on the Second Reading of the Australian Cybercrime Bill on 27th
June 2001, Attorney General Daryl Williams said "Such a power is
contained in the draft Council of Europe Convention on Cybercrime and
will assist officers in gaining access to encrypted information."
http://search.aph.gov.au/search/ParlInfo.ASP?action=view&item=0&from=bro
wse&path=Legislation/Current+Bills+by+Title/Cybercrime+Bill+2001/Second+
reading+speeches&items=1&altbrowse=yes

The text of the Australian Cybercrime Bill 2001 is at
http://search.aph.gov.au/search/ParlInfo.asp?WCI=Hyperlink&CLASS=BILL&XR
efID=R1360&Short=Cybercrime+Bill+2001 
--
Caspar Bowden               Tel: +44(0)20 7354 2333
Director, Foundation for Information Policy Research
RIP Information Centre at:    www.fipr.org/rip#media 
 

-----Original Message-----
To: 'FIPR News Archive'
Subject: Computerworld Australia 4/7/2001: "Cybercrime bill 'draconian
and dangerous'"

http://www.computerworld.com.au/idg.nsf/All/D115FFE5F1AF211DCA256A7F0001
FACE!OpenDocument&NavArea=Home&SelectedCategoryName=News 
Cybercrime bill 'draconian and dangerous' 
By Sandra Van Dijk 
4 July, 2001 10:07 Australia

The IT security industry has been scathing in its attacks this week on
the Cybercrime Bill 2001, labelling it "draconianand dangerous". 

Under the bill, which proposes seven new computer offences carrying jail
terms of up to 10 years, it is illegal to possess hacker toolkits,
scanners and virus code. 

These are 'tools of the trade' for security vendors to test systems
placing a burden on lawyers drafting ethical hacking agreements with
corporations. 

Bernard Hill, barrister and corporate services manager of Canberra-based
security consultancy 90East, said the act complicates the necessary
testing undertaken by the company which manages a number of Commonwealth
agencies. 

"It's a burden for lawyers drafting agreements with companies and will
prove very tricky legally to test denial-of-service attacks," Hill said.


Amendments to the bill will be debated when parliament sits again in
August and Hill said 90East is preparing a submission identifying these
loopholes. He agreed such tools and information are also required by
systems administrators to secure electronic infrastructure. 

The proposed bill does allow the Defence Signals Directorate (DSD) and
Australian Security Intelligence Organisation(ASIS) to hack legally. It
also forces companies by law to reveal passwords, keys, codes,
cryptographic and steganographic methods used to protect information. 

Hill said companies may be concerned about intellectual property being
compromised, but protecting the national information infrastructure is
critical. 

"There have been allegations made about the Government's use of
surveillance networks, such as Echelon, and there being no checks and
balances in place when agencies are given such broad ranging powers. It
is a vexed issue, but the cyberterrorist threat at this time is too
great to ignore," he said. 

Describing the bill as "draconian"' Unisys e-security architecture
director Ajoy Ghosh said the new laws need to be enforceable. The bill
will not change the current situation where Australia's enforcement
agencies have scant resourcesto tackle investigations seriously, he
added. 

He said the solution is to empower the private sector, allowing it
access to information necessary to detect, identify and prosecute. 

Many private security consultancies already investigate cybercrime but
Ghosh said they are hampered by current laws. 

"For example, the inability to get access to ISP billing records; the
private sector could focus on opportunistic crimes while the public
sector concentrates on crimes of mass victimisation or those that
threaten our economic infrastructure," he said. 

Internet Industry Association executive director Peter Coroneos supports
the proposed bill in principle but said it needs to find a balance
between privacy concerns and the need to prosecute illegal hacking
activities. 

A spokesperson for the Minister for Justice and Customers Senator Chris
Ellison was unavailable for comment but said ina statement: "The large
amount of data that can be stored on computer drives and disks and the
complex security measures, such as encryption and passwords, which can
be used to protect that information present particular problems for
investigators. The legislation will enable police powers to copy
computer data and examine computer equipment and disks off-site and
enable them to obtain assistance from computer owners."




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list