IP: Australian government says CoE Cybercrime Convention DOES confer GAK powers

[David Farber <dave@farber.net>]

>From: "Caspar Bowden" <cb@fipr.org>
>To: "Ukcrypto" <ukcrypto@chiark.greenend.org.uk>,
>    <cryptography@wasabisystems.com>, "Dave Farber" <farber@cis.upenn.edu>
>Subject: Australian government says CoE Cybercrime Convention DOES confer 
>GAK powers
>Date: Sat, 7 Jul 2001 11:00:37 +0100
>
>On 14th November 2000, Peter Csonka of the Council of Europe was
>reported as denying that the Cybercrime convention conferred powers for
>government access to encryption keys ("That was never our intention"
>http://www.zdnet.co.uk/news/2000/45/ns-19057.html)
>
>However on the Second Reading of the Australian Cybercrime Bill on 27th
>June 2001, Attorney General Daryl Williams said "Such a power is
>contained in the draft Council of Europe Convention on Cybercrime and
>will assist officers in gaining access to encrypted information."
>http://search.aph.gov.au/search/ParlInfo.ASP?action=view&item=0&from=bro
>wse&path=Legislation/Current+Bills+by+Title/Cybercrime+Bill+2001/Second+
>reading+speeches&items=1&altbrowse=yes
>
>The text of the Australian Cybercrime Bill 2001 is at
>http://search.aph.gov.au/search/ParlInfo.asp?WCI=Hyperlink&CLASS=BILL&XR
>efID=R1360&Short=Cybercrime+Bill+2001
>--
>Caspar Bowden               Tel: +44(0)20 7354 2333
>Director, Foundation for Information Policy Research
>RIP Information Centre at:    www.fipr.org/rip#media
>
>
>-----Original Message-----
>To: 'FIPR News Archive'
>Subject: Computerworld Australia 4/7/2001: "Cybercrime bill 'draconian
>and dangerous'"
>
>http://www.computerworld.com.au/idg.nsf/All/D115FFE5F1AF211DCA256A7F0001
>FACE!OpenDocument&NavArea=Home&SelectedCategoryName=News
>Cybercrime bill 'draconian and dangerous'
>By Sandra Van Dijk
>4 July, 2001 10:07 Australia
>
>The IT security industry has been scathing in its attacks this week on
>the Cybercrime Bill 2001, labelling it "draconianand dangerous".
>
>Under the bill, which proposes seven new computer offences carrying jail
>terms of up to 10 years, it is illegal to possess hacker toolkits,
>scanners and virus code.
>
>These are 'tools of the trade' for security vendors to test systems
>placing a burden on lawyers drafting ethical hacking agreements with
>corporations.
>
>Bernard Hill, barrister and corporate services manager of Canberra-based
>security consultancy 90East, said the act complicates the necessary
>testing undertaken by the company which manages a number of Commonwealth
>agencies.
>
>"It's a burden for lawyers drafting agreements with companies and will
>prove very tricky legally to test denial-of-service attacks," Hill said.
>
>
>Amendments to the bill will be debated when parliament sits again in
>August and Hill said 90East is preparing a submission identifying these
>loopholes. He agreed such tools and information are also required by
>systems administrators to secure electronic infrastructure.
>
>The proposed bill does allow the Defence Signals Directorate (DSD) and
>Australian Security Intelligence Organisation(ASIS) to hack legally. It
>also forces companies by law to reveal passwords, keys, codes,
>cryptographic and steganographic methods used to protect information.
>
>Hill said companies may be concerned about intellectual property being
>compromised, but protecting the national information infrastructure is
>critical.
>
>"There have been allegations made about the Government's use of
>surveillance networks, such as Echelon, and there being no checks and
>balances in place when agencies are given such broad ranging powers. It
>is a vexed issue, but the cyberterrorist threat at this time is too
>great to ignore," he said.
>
>Describing the bill as "draconian"' Unisys e-security architecture
>director Ajoy Ghosh said the new laws need to be enforceable. The bill
>will not change the current situation where Australia's enforcement
>agencies have scant resourcesto tackle investigations seriously, he
>added.
>
>He said the solution is to empower the private sector, allowing it
>access to information necessary to detect, identify and prosecute.
>
>Many private security consultancies already investigate cybercrime but
>Ghosh said they are hampered by current laws.
>
>"For example, the inability to get access to ISP billing records; the
>private sector could focus on opportunistic crimes while the public
>sector concentrates on crimes of mass victimisation or those that
>threaten our economic infrastructure," he said.
>
>Internet Industry Association executive director Peter Coroneos supports
>the proposed bill in principle but said it needs to find a balance
>between privacy concerns and the need to prosecute illegal hacking
>activities.
>
>A spokesperson for the Minister for Justice and Customers Senator Chris
>Ellison was unavailable for comment but said ina statement: "The large
>amount of data that can be stored on computer drives and disks and the
>complex security measures, such as encryption and passwords, which can
>be used to protect that information present particular problems for
>investigators. The legislation will enable police powers to copy
>computer data and examine computer equipment and disks off-site and
>enable them to obtain assistance from computer owners."



For archives see: http://www.interesting-people.org/