Cybercrime Convention Ratification Leaves Lingering Concerns

The Council of Europe’s Cybercrime Convention was ratified by Australia on Friday, 1 March 2013[1]. Pirate Party Australia has previously criticised the Convention for being flawed in regard to the protection of privacy and personal data[2].

The Pirate Party notes that the Australian Parliament has already passed a comprehensive piece of legislation in August 2012 that complies with the requirements of the Cybercrime Convention. The pious-sounding Cybercrime Legislation Amendment Act 2012[3] includes the ability for a foreign country to ask Australia for a communication by an Australian if the crime for which they are accused carries the death penalty in the requesting country.

The current legislation could allow a country to gather data about Australian citizens for any crime with a penalty exceeding $100,000, or that carries the death penalty. Due to the loose dual-criminality provisions within the Act, this could potentially allow countries with blasphemy laws, criminal copyright provisions or laws against activism to access Australian data.

The treaty’s entry into force comes at a time when the Australian Government, with the support of various law enforcement agencies, is examining an extensive range of proposed amendments to national security and intelligence legislation and regulations. Included among these changes are the mandatory, warrantless two-year retention of the Internet communications of all Australians, the ability for law enforcement agencies to not only remotely access citizens computers but to also add software and other files to them, as well as penalties for failing to assist in decrypting encrypted data.

“As this overbearing and fundamentally unbalanced Convention has already been implemented through the Cybercrime Legislation Amendment Act, we see no reason for the Government to go ahead with the controversial provisions currently under consideration in the National Security Inquiry,” said Brendan Molloy, Secretary of Pirate Party Australia.

“Not only does the current legislation have issues such as weak dual-criminality provisions, it allows for the handing over of data to countries where the crimes carry the death penalty. The proposed data retention regime has a very loose definition of what data is retained and does so without a warrant.”

“To couple this with the possibility of handing the private data of Australian citizens to foreign entities that may lack the same safeguards we still enjoy here is farcical as best and only serves to make this flawed legislation more dangerous.”

Pirate Party Australia recently submitted a petition to the Senate with more than 1400 signatures against the provisions of the National Security Inquiry[5], and continue to campaign against the provisions.

[1] http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=&CL=ENG
[2] https://pirateparty.org.au/2011/03/23/cybercrime-convention-to-make-all-australians-suspects/
[3] Cybercrime Legislation Amendment Act 2012 http://www.comlaw.gov.au/Details/C2012A00120
[4] http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
[5] https://pirateparty.org.au/2013/02/26/data-retention-goes-back-underground-as-campaign-turns-up-the-heat/