Cybercrime treaty may violate Privacy Act: EFA

Mandatory data retention fears persist.

Australia’s privacy legislation may be at odds with Government plans to accede to the Council of Europe Convention on Cybercrime, Electronic Frontiers Australia (EFA) has warned.

Responding to the Attorney-General’s call for submissions on the plan this month, EFA chair Colin Jacobs highlighted eroding privacy protections and a broadening of law enforcement powers as concerns.

The civil liberties group was particularly concerned with Article 16 of the Convention, which required member countries to preserve and maintain “specified computer data, including traffic data”, for up to 90 days.

According to Government documents (pdf), Australia considered addressing Article 16 by amending the Telecommunications Interception and Access Act to create an “explicit preservation regime”.

Jacobs warned that such a regime would “have a corrosive effect on Australians’ faith and trust in government”, and might put sensitive data at risk of being exposed accidentally or maliciously.

The data retention provisions might also pave the way for the more invasive EU data retention directive 2006/24, which required service providers to retain telephone, email, and web traffic logs for up to two years.

“We know that the Government is looking to go down that route,” Jacobs told iTnews, noting that the directive had attracted criticism from human rights and civil liberties groups worldwide.

“We believe the Convention would have significant privacy impacts, including some that directly conflict with Australian National Privacy Principles.”

EFA raised concerns that the 2004 Cybercrime Convention went “far beyond” what was required to combat cybercrime.

Jacobs warned that accession would make Australian residents “far too vulnerable to investigation by or at the behest of foreign agencies”; echoing former EFA spokesman Geordie Guy’s warning that was an “advance party for the ACTA [copyright] treaty”.

“Some of the substantive offences listed are vague or problematic, including the misuse if devices, criminalisation of copyright and corporate liability provisions,” the EFA submitted.

Pirate Party Australia also opposed acceding to the treaty in a separate submission to the Attorney-General's consultation, arguing that there were "serious flaws" in the Convention.

While the party agreed that international law enforcement organisations needed a coordinated approach to tackle cybercrime, it warned against "[throwing] fundamental freedoms and respect for individual rights and democratic institutions to the wind".

Party secretary Rodney Serkowski described the Cybercrime Convention, which currently involved some 47 nations, as a "fundamentally imbalanced" law enforcement "wish list".

He questioned Article 25 of the Convention, which would require Australia to aid other countries in enforcing their laws whether or not those laws existed in Australia also.

The Party favoured a cybercrime treaty proposal that was discussed and ultimately rejected at the United Nations' Crime Congress in Brazil last April.

Russia, China and a number of developing countries could not reach agreement with the EU and US, which argued that a new treaty was not needed with the European Convention in place.

"This [European] treaty does not contain within the minimum protections necessary to ensure an adequate global standard," Serkowski wrote in the Party's submission.

"We continue to advocate a more inclusive, adequately balanced approach through the UN that balances the requirements of law enforcement agencies and civil liberties."

The Attorney-General’s Department reported having received 20 submissions when its call for submissions closed on 14 March. The deadline was extended to close of business on Wednesday for “a few organisations”.

A departmental spokesman said submissions were received “from a broad range of the community”, and would be discussed before the Joint Standing Committee on Treaties.

The Standing Committee invited public submissions until 21 March.

Updated at 9.14am, 21 March, to include the Pirate Party's submission.