The Gillard Government's decision to set up legislative framework to allow Australia to sign the Council of Europe Convention on Cybercrime treaty was a good step forward but privacy and civil liberty concerns need to be taken into account, according to a security expert.
Attonery-General, Robert McClelland, announced the Cybercrime Legislation Amendment Bill 2011 which includes three changes to allow Australia to enter the Council. The Council offers international co-operation between signatory countries, as well as establishing procedures to make investigations more efficient.
These procedures include perseveration, which enables agencies to request the preservation of communications by a carrier they intend to seek a warrant over, international co-operation, and the extension of the scope of existing Commonwealth computer offences to fully meet the requirements for such offences under the Convention.
The Cybercrime Legislation Amendment Bill 2011 amends the Mutual Assistance in Criminal Matters Act 1987, the Criminal Code Act 1995, the Telecommunications (Interception and Access) Act 1979 and the Telecommunications Act of 1997.
More than 40 countries have either signed or become a party to the Convention, including the US, UK, Canada, Japan and South Africa.
Unisys Asia Pacific security and industries marketing director, Jane Evans said in a statement that while the company, which made a submission in March to the Government that called for Australia to join the Council, welcomed the decision, privacy and civil liberties issues would need to be taken into account by the Council.
"Striking the right balance between security and privacy will remain a key challenge for international cooperation across jurisdictions," Evans said.
"Sensible safeguards will need to be in place to ensure that investigation and pursuit of crime does not infringe people’s privacy and civil liberties [if innocent], particularly when dealing with electronic and potentially highly sensitive identification information."
According to Evans, the vendor had previously emphasised the importance of treating certain types of information with mandatory sensitivity under the Australian Privacy Act, notably all biometrics including DNA.
"A technology or a security measure that better protects an individual’s personal information from unauthorised hacking, replication or misuse, by its very nature increases privacy protection and builds confidence and trust as a result," Evans said.
"It is in this sense that the Council could play a key confidence building role."
She added that while most Australians were happy to take part in security measures such as biometrics, privacy was an issue that needed to be taken into account as well by the Government and Council.
For example, Unisys Security Index research conducted in February 2011 found that approximately 70 per cent of Australians would be prepared to use a photograph, voice recording or scan of the eye to prove their identity, and 76 per cent would be happy to provide their fingerprint.
Approximately 70 per cent of Australians would be prepared to give a biometric to an airport or airline, or participate in some other traveller identity scheme, if it meant greater security and fast tracking through security procedures at airports.
The same research found that Australians were more concerned about identity theft than any other security issue.
"This is reinforced by the public attention to high profile breaches such as those recently reported at RSA and Sony so clearly, privacy remains important to most people," Evans said.
"We believe it is important to maintain and build public confidence that they are protected wherever a crime against Australia, our people or our interests, is committed."
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.