State-sponsored hackers that target privately-held ‘trade secrets’ could contravene a new criminal offence being proposed by the Australian government.
A committee examining a package of laws targeting espionage and foreign interference last night recommended clarity whether the new ‘theft of trade secrets involving foreign government principal’ criminal offence would specifically apply to hackers.
Its 404-page report [pdf] said the applicability of the proposed offence to attacks launched through “cyber vectors” was not sufficiently clear, and should be spelled out.
Under the proposal, it would become an offence under Australian law to “dishonestly receive, obtain, take, copy or duplicate, sell, buy or disclose certain information where the conduct is connected to a foreign government principal”.
A 15-year penalty would be available in successful criminal prosecutions.
Unlike other laws in the package being considered, the theft of trade secrets “does not contain a national security element”, the committee noted.
Instead, the Attorney-General’s department said the offence was intended “to combat the increasing threat of data theft, business interruption and economic espionage, particularly by or on behalf of foreign individuals and entities”.
Targets could include “highly valuable and sensitive information held by the CSIRO and the Defence Science and Technology Group, commercial secrets such as negotiating positions on natural gas and iron ore prices, and trade secrets related to nuclear power, metal, solar production and defence industries (including trade secrets held by private contractors),” the department indicated.
ASIO indicated that this kind of activity could occur “through cyber and human means”; however, the committee said it was worried that hacking and cyber-based attacks were not specifically called out in an explanatory memorandum accompanying the package of new laws.
“The committee questions whether it is sufficiently clear that the proposed threshold of ‘dishonestly’ stealing trade secrets would capture economic espionage committed by cyber vectors - for example, by hacking into a company’s electronic records in order to access commercially sensitive information and intellectual property,” it said.
“The committee recommends that, if this conduct is intended to be captured by the offence, then this should be reflected in the explanatory memorandum.”
The hacking offence is part of what amounts to a substantial re-writing of “Australia’s criminal laws relating to secrecy, espionage, foreign interference and sabotage”.
The committee said it recognised the need for the rewrite and recommended the new laws be passed, with some modifications.
However, it said that proposed secrecy provisions to be incorporated should be subject to review after three years.