Internet Service Providers (ISPs) will be required to retain the browsing history of their customers for up to three months if the Australian Government accedes to the Council of Europe Convention on Cybercrime.
The process is currently under public consultation, for which Attorney General Robert McClelland and Minister for Home Affairs and Justice, Brendan O’Connor, have released a public consultation paper.
According to the paper, governments are required to ensure law enforcement agencies have the powers and processes needed for the purposes of criminal investigations and prosecution of Convention offences, other criminal offences committed by means of a computer system and the collection of evidence in electronic form.
To enable this, domestic agencies must retain data for up to 90 days, enable the disclosure of traffic data to allow the identification of service providers involved in the path of the communication, order the production of specified computer data, search and seize a computer, collect traffic data in real time and intercept the content of communications.
“The obligation to preserve information does not automatically require the release of preserved information,” the paper reads. “Rather, one Party’s law enforcement agencies can request that another Party preserve the information in anticipation of obtaining a lawful authority to access the information.”
Should it sign on to the Convention, governments would also be required to cooperate internationally for the mutual assistance, extradition and disclosure of unsolicited information.
They must be able to preserve stored computer data at the request of another government for a period of at least 60 days, facilitate the partial disclosure of traffic data to enable the identification of service providers in another state involved in the transmission of communication and the path of the communication.
They must also provide assistance in accessing, seizing and disclosing data stored by means of a computer system, provide mutual assistance in obtaining the real time collection of traffic data, and to the extent allowable under domestic law, provide mutual assistance in the interception of communications.
Commenting on the paper, McClelland said the Convention provides systems to facilitate international co-operation between signatory countries, as well as establishing procedures to make investigations more efficient.
“While Australian law substantially complies with the obligations in the Convention, there is more we can do to ensure Australia is in the best position to address the range of cyber threats that confront us, both domestically and internationally,” he said.
The Convention endorses a coordinated approach to cybercrime, requiring countries to criminalise four types of offences:
- Offences against the confidentiality, integrity and availability of computer data and systems, including illegal access to computer systems, illegal interception, data interference, systems interference and the misuse of devices.
- Computer-related offences, including forgery and fraud.
- Content-related offences, including child pornography and
- Offences related to the infringement of copyright and other related rights.
According to O’Conner, cybercrime poses a significant challenge for the Australian law enforcement and criminal justice system.
“The Internet makes it easy for criminals to operate from abroad, especially from those countries where regulations and enforcement arrangements are weak.
“For this reason, it is critical that laws designed to combat cybercrime are harmonised, or at least compatible to allow for cooperation internationally,” he said.
To date, approximately 40 nations have signed on to thebecome a party to the Convention including the United States, Canada, Japan and South Africa.
Submissions are sought by 14 March 2011.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.