The Australian Privacy Foundation has branded the Government's Cybercrime Legislation Amendment Bill "irretrievable" to the point it should be returned from the committee stage for redrafting.
The proposed laws would require telcos to preserve data on persons suspected of serious crimes, bringing Australia into line with the European Convention on Cybercrime.
Foundation chair Roger Clarke told iTnews the draft bill in Australia contained "many deep flaws".
He argued in a submission to the Joint Select Committee on Cyber Safety that the bill went beyond its stated purpose by attempting to gain new powers for telecommunications data preservation without offsetting privacy concerns.
The foundation identified some 14 features of the bill it said "should, under no circumstances, be passed into law".
Among them, the foundation said the bill failed to distinguish between traffic and content data for the purposes of preservation and collection and lacked adequate controls on its interception.
It also argued that the range of agencies that could issue a preservation order was too broad, as was the range of foreign countries whose law enforcement agencies could seek an order.
The foundation raised concerns over the lack of guarantees that data received by agencies (local or overseas) could be used for purposes other than the investigation of a serious crime.
It was also concerned at data security and storage issues being left to the goodwill of internet service providers, noting that the laws could prove to be a "backdoor" method that led to the Government storing all communications of an ISP.
The foundation's submission was one of 21 published by the Senate committee this week. Most submissions gave the bill a thumbs down.
Government dismisses criticism
Representatives from the Attorney-General's Department, the Australian Federal Police (AFP) and ASIO told a hearing in Canberra yesterday that many attacks on the bill text were ill-founded.
They argued that longstanding relations with foreign governments gave them confidence that secondary use of data would not occur and that in any event, it was at their discretion to decline certain data use requests.
While multiple requests for preservation orders were possible, access would be safeguarded through the need for an explicit warrant as well as oversight by various review agencies such as the Inspector-General for Security and the ACMA if a pattern of improper conduct was identified.
The representatives conceded there were different threshold tests for acceding to a data preservation order; however the "ultimate safe-guard" was they still required warrants issued by a judge or a member of the Australian Administrative Tribunal before access to data could be made.
Alleged “backdoors” to classes of users would not be possible because the warrants required a specific person and details.
In relation to misuse of the data by carriers, the agency representatives argued that ISPs would be bound by the privacy provisions of Australian law.