Catching cyber crooks across international borders
Cybercrime is something we hear about all too frequently. In April, Sony had its Playstation Network hacked and the personal data (including credit card numbers) of millions of its account holders stolen. While Sony’s a Japanese company, the data centre that was hacked was in San Diego, compromising account holders across the globe. The perpetrator/s could be based anywhere in the world.
It gives you some idea about the extent of the international cybercrime problem. It’s not something countries can easily police individually.
Enter the Council of Europe Convention on Cybercrime. It’s an international treaty that’s about making it easier for countries to cooperate internationally in order to bring down cyber crooks. It focuses on crimes committed via the Internet and computer networks, such as the use of technology to commit fraud, forgery, copyright and child porn crimes; and offences such as hacking, and damaging or altering computer data.
Over 40 countries have signed it, or become a party to it, including the UK, USA, Canada and Japan. Australia looks set to join them.
But first, various pieces of legislation will need to be amended to satisfy the treaty. The federal government this month introduced the Cybercrime Legislation Amendment Bill.
One change relates to “preserving” communications. Internet service providers and telecommunications companies could be requested by agencies, such as the Australian Federal Police (AFP), to keep someone’s information for up to 90 days (such as text messages, emails, websites visited, financial transactions), if they’re under investigation for a cybercrime. Currently, different carriers store records for different time periods before deleting them, so if authorities don’t move fast to get a warrant, they can lose access to information that could help solve a crime.
The preservation law would also allow the AFP to give “Foreign Preservation Notices” on behalf of treaty countries who request access to someone’s information here.
Another change includes expanding the computer offences in Australia’s Criminal Code Act to cover all of the treaty’s listed offences. And procedures would be put in place to give Australian agencies greater access to information stored overseas.
Some fear that allowing carriers to “preserve” records is a violation of our privacy rights (especially if the person being investigated is innocent), and could also mean hackers have easier access to stored information.
One of the treaty’s terms is that procedures for investigating cybercrime must have safeguards to protect human rights. Australian legislation will need to address this. The proposed Bill includes strict confidentiality requirements about authorising the disclosure of stored information.
Let’s face it; many of us spend time in the electronic world. It’s perhaps reassuring to know that the government is looking to protect us, as long as our privacy rights aren’t overlooked.
For more information please see Companies warned of need for market disclosure following cyber attack.