Australia yet to ratify European cybercrime treaty

Australia has yet to formally adopt the Council of Europe Convention on Cybercrime, despite announcing in April that it would do so.

The Convention was intended to help international law enforcement authorities collaborate on identifying and prosecuting cybercriminals. It was established in 2004 and involved 47 nations from around the world.

When Australia announced its decision to accede to the treaty, the Attorney-General's Department said it first needed to make some legislative amendments.

A spokesman for the Attorney-General's Department told iTnews this week that the Government was "committed to implementing the Convention as quickly as practical".

"The Department is continuing to progress all necessary reforms and considering further amendments that may be necessary to accede to the Convention," he said.

The European Union's Judicial Cooperation Unit's Member for Italy Francesco Lo Voi told iTnews today that the Convention typically called for "simple changes" to domestic laws.

"Every country should make simple but necessary changes to their internal laws and procedural rules," he said. "It does not require countries to [turn] a criminal system upside down."

In Sydney for the Australian Federal Police's Virtual Global Taskforce conference this week, Lo Voi described the world of cybercrime as one that was unconstrained by traditional jurisdictions.

The Convention required parties to provide mutual legal assistance in criminal investigations, including provisions to force service providers to record and surrender information about subscribers.

Lo Voi said that while there was "still a big difference in legislation all over the world about data retention", parties should enforce minimum, common standards.

Service providers in participating countries were currently required to produce three to six months of log files, IP addresses and identifying information to law enforcement agencies with a court order.

Lo Voi said investigations may be improved if parties agreed to require data be stored for periods of one to two years, noting that technical cybercrime investigations typically spanned long periods of time.

"This should be used only in criminal investigations," he said, adding that it was up to individual countries to develop their own reservations and privacy protections.

Implementing the Convention in Italy in 2008 was simple, he said, as the country already had "quite good and quite advanced" cybercrime laws in place.

Down under, however, the Convention has been criticised by Electronic Frontiers Australia, which raised concerns with its search, seizure and real-time interception provisions.

In 2009, the Attorney-General's Department introduced The Extradition and Mutual Assistance in Criminal Matters Legislation Amendment Bill (pdf), which would support Australia's accession to the Convention.

The Bill included reforms to enable Australian authorities to "obtain historical telecommunications data and stored communications warrants to assist in the investigation of foreign criminal offences".

It also allowed authorities to "apply for a surveillance devices warrant to assist in the investigation of serious foreign contraventions."

Minister for Home Affairs Brendan O'Connor told journalists at today's conference that the Government would engage fully with stakeholders on any concerns to do with the Convention.

"We need to make an adaptive decision to suit our circumstances," he said.

"If there is to be the application of any convention, we will ensure that there is full consultation with affected parties, not only because they may raise issues of concern, but we might be able to find better ways.

"We need a public and private march in relation to these [cybercrime] issues, and it's not possible for Government to take these issues and deal with them alone."

Updated at 9.16am on December 3 to include comments from the Attorney-General's Department.