A leading privacy group has branded the Federal Government's Cybercrime Legislation Amendment Bill "irretrievable", calling for it to be redrafted to address data security and other issues.
The proposed laws would require telcos to preserve data on persons suspected of serious crimes, bringing Australia into line with the European Convention on Cybercrime.
Roger Clarke, chair of the Australian Privacy Foundation said the draft bill in Australia contained "many deep flaws".
He argued in a submission to the Joint Select Committee on Cyber Safety that the bill went beyond its stated purpose by attempting to gain new powers for telecommunications data preservation without offsetting privacy concerns.
The foundation identified some 14 features of the bill it said "should, under no circumstances, be passed into law".
Among them, the foundation said the bill failed to distinguish between traffic and content data for the purposes of preservation and collection and lacked adequate controls on its interception.
It also argued that the range of agencies that could issue a preservation order was too broad, as was the range of foreign countries whose law enforcement agencies could seek an order.
The foundation raised concerns over the lack of guarantees that data received by agencies (local or overseas) could be used for purposes other than the investigation of a serious crime.
It was also concerned at data security and storage issues being left to the goodwill of internet service providers, noting that the laws could prove to be a "backdoor" method that led to the Government storing all communications of an ISP.
The foundation's submission was one of 21 published by the Senate committee this week. Most submissions gave the bill a thumbs down.
Government dismisses criticism
Representatives from the Attorney-General's Department, the Australian Federal Police (AFP) and ASIO told a hearing in Canberra yesterday that many attacks on the bill text were ill-founded.
They argued that longstanding relations with foreign governments gave them confidence that secondary use of data would not occur and that in any event, it was at their discretion to decline certain data use requests.
While multiple requests for preservation orders were possible, access would be safeguarded through the need for an explicit warrant as well as oversight by various review agencies such as the Inspector-General for Security and the ACMA if a pattern of improper conduct was identified.
The representatives conceded there were different threshold tests for acceding to a data preservation order; however the "ultimate safe-guard" was they still required warrants issued by a judge or a member of the Australian Administrative Tribunal before access to data could be made.
Alleged “backdoors” to classes of users would not be possible because the warrants required a specific person and details.
In relation to misuse of the data by carriers, the agency representatives argued that ISPs would be bound by the privacy provisions of Australian law.
Copyright © iTnews.com.au . All rights reserved.
Issue: 334 | December 2014
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.