Australia toughens cybercrime laws
Conventional thinking
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Australian carriers and ISPs will be forced to retain customer’s private data such as email and text messages by police and authorities, without a warrant, if it is required for investigations into cybercrime.
The requirements are part of legislation introduced to strengthen cyber security laws and enhance Australia’s ability to combat international cybercrime.
Attorney General Robert McClelland said the new laws will preserve private data, which today is typically held briefly.
In contrast with previous proposals, which would have required the industry to preserve all customer data, the new legislation proposes preservation requests. These will give law enforcement time to seek a warrant, according to McClelland/
"In other words it prevents the information evaporating over the electronic ether," he said.
This year Australia's Senate criticised earlier data-retention proposals, saying the government needed to justify the collection and retention of personal data.
The Government’s Cybercrime Legislation Amendment Bill 2011 brings Australia in line with the Council of Europe Convention on Cybercrime, the only binding international treaty on cybercrime.
The Convention provides systems to facilitate international co-operation and investigations between participating countries including: empowering authorities to request the preservation of specific communications (sans warrant); allowing authorities from one country to collect data in another country; establishing a 24/7 network to provide immediate help to investigators; and facilitating the exchange of information between countries.
More than 40 countries have either signed or become a party to the Convention, including the US, UK, Canada, Japan and South Africa.
McClelland said that in the last six months , Australia’s Computer Emergency Response Team has alerted Australian business to more than a quarter of a million pieces of stolen information such as passwords and account details.
“While Australian law substantially complies with the obligations in the Convention, the Government believes there is more we can do to ensure Australia is in the best position to tackle cyber threats that confront us, both domestically and internationally,” he said.
Brendan O’Connor, Minister for Home Affairs and Justice, said the Convention covers crimes committed via the internet and other computer networks, dealing particularly with computer-related fraud, child pornography and violations of network security.
“Consistent with the Convention, the Government’s Bill establishes procedures to make investigations more efficient and provide systems to facilitate international co-operation,” he said. ®
COMMENTS
@Stuart Longland - Unless it's all in GPG will attract State snoops like flies around a shitcan.
Snoops mightn't be able to read your email etc. but the fact you're GPG-ing it alone will single you out for special attention.
Ideally, M$ should public-key Outlook and Outlook Express as the default then everybody's in. Individuals would simply be lost in the noise. But State pressure on M$ would see this never happens--perhaps also it's the reason it's never happened previously.
Existing email standards are now almost archaic. Seems to me we need new email standards where privacy is intrinsic. Perhaps a standard based on torrents where the recipient's [first] email address is 'parametric'--a partial or random address which is only completed with the full (real) email address after it is obtained from metadata decrypted with the recipient's public key--the real address part being VPNed to the recipient.
Alternatively, the public/private key combination would automatically set up an on-the-fly VPN which would both obfuscate the sender and recipient.
Either way, the nett effect for snoops would be torrent streams filled with useless pseudo email addresses or copious seemingly-random data.
Oh, one great side effect for users would be that it'd nuke spam stone dead.
+1 to prehistoric email
Indeed, SMTP was invented in a day where everyone on the Internet was either an academic or government employee, and when running an open relay was a *good thing*.
Using Bittorrent as a delivery mechanism could be an interesting concept. However, why re-invent the wheel? GPG still provides a good peer-to-peer public key infrastructure which could be used to secure such communications.
Anything that obscures the data will make the feds suspicious. Even if it's just little old me using an OpenVPN tunnel to my workplace to commit some C++ code into a Subversion repository. :-)
Oz Cybercrime efforts highly confusing and largely inaffective.
Im not sure that they know what they are doing. To start with; let alone passing Warrant-les bills.
This is a total violation of peoples privacies and can be abused by authorities. Im all for Counties sharing information when it comes to Nabbing the bad guys. But mostly the bad guys get away with their crimes. It would seem the small cyber criminals are the ones that get caught, while the large Cyber Criminal rings go unpunished; due to lack of Funding, Lack of White hat skill; Lack of Sites for people even knowing where to report these crimes.
I sadly see our Cyber Crimes Units in OZ failing. They haven't even got all their departments properly worked out. If you go to the 'Australian High Tech Crime Centre' www.ahtcc.gov.au it just bounces of the The Federal Police Website; Then there's a large list of what The Federal police will and won't handle. Not clearly outlined.
Then there's the NSW Cyber crimes task force - I don't know where thats gone, because when you go to that website, there's no real reporting there either its just basically a police site. Then there's the ACCC for Scam reporting, they are largely overworked, lack of funding to do anything really concrete. They have no jurisdiction to overseas scam's. To enforce anything. But keep the public aware of such scams etc.
Mostly all these departments just pass the buck and nothing gets fully sorted due to chaos.
I think our Country needs to work out how they are dealing with Cyber crimes and have there correct channels sorted out; before any bills are passed; with other countries.
Re: More than 40 countries have either signed or become a party to the Convention, including the US, UK, Canada, Japan and South Africa.
I wonder if that includes India? coming party to the Convention.
Because the scamming thats coming out of those Indian calls centre's is beyond a joke!
One of India's largest call centre's is rife with Cyber Crime syndicates. Money Scams, Software Antivirus Scams, Bank and Social Security Scams, Tax scams, you name it; these dudes are doing it.
Because we allow our Comms to be outsourced to these people. Therefore they have our client databases, to make those nasty scam calls too.
Wake up Australia. Lets get Cyber Crime working constructively!
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
