senate vote 2012-08-22#3
Edited by
Henare Degan
on
2015-03-18 12:34:42
|
Title
Bills — Cybercrime Legislation Amendment Bill 2011; in Committee
- Cybercrime Legislation Amendment Bill 2011 - In Committee - Agree to amendments introducing limitations on access and disclosure
Description
<p class="speaker">Joe Ludwig</p>
<p>I table a supplementary explanatory memorandum relating to the government amendments to be moved to this bill. The memorandum was circulated in the chamber on 13 September 2011. I seek leave to move the amendments together.</p>
<p>Leave granted.</p>
- The majority disagreed that Australian Greens amendments (1) to (10) on [sheet 7232](http://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:legislation/billhome/display.w3p;query=Id%3A%22legislation%2Famend%2Fr4575_amend_7d1c9aa0-1d6b-4f85-a9ed-fd2ff6ef7b85%22;rec=0) be agreed to. This means these amendments will not be part of the bill (which [was later passed](https://theyvoteforyou.org.au/divisions/senate/2012-08-22/4) into law).
<p>I move amendments (1) to (6) on sheet BL210 together:</p>
<p class="italic">(1) Schedule 1, item 2, page 4 (lines 14 and 15), omit "or interception agency", substitute "(including an interception agency)".</p>
<p class="italic">(2) Schedule 1, items 6 and 7, page 5 (lines 1 to 11), to be opposed.</p>
<p class="italic">(3) Schedule 1, item 18, page 10 (line 2), before "interception agency", insert "enforcement agency that is an".</p>
<p class="italic">(4) Schedule 1, item 18, page 11 (lines 29 and 30), omit "or interception agency", substitute "(including an interception agency)".</p>
<p class="italic">(5) Schedule 1, item 18, page 12 (line 27), before "interception agency", insert "enforcement agency that is an".</p>
<p class="italic">(6) Schedule 1, item 18, page 12 (line 33), before "interception agency", insert "enforcement agency that is an".</p>
<p>Amendments (1) to (6) make technical corrections which reflect that the interceptions agencies are defined as subsets of enforcement agencies. These amendments do not affect the meaning of the bill but ensure a consistency with current drafting in the interception act.</p>
<p class="speaker">George Brandis</p>
<p>Can I indicate that these amendments are of a technical character, which the opposition supports.</p>
<p class="speaker">Scott Ludlam</p>
<p>Likewise the Australian Greens believe these amendments are being provided by way of consistency, so we will not be opposing them. I did have some general questions on the bill, but the minister got the jump on me, as is his right, so I wonder whether it might be possible to put a couple of questions of a general nature before we start chipping our way through the amendments. I have indicated that the Greens will be supporting this batch of amendments that the government has moved, before we move to the Greens amendments.</p>
<p class="speaker">Trish Crossin</p>
<p>Senator Ludlam, if these are technical amendments and everyone is in agreement, we will put them and then I will allow you to ask your general questions. So I put that amendments (1) and (3) to (6) on sheet BL210 be agreed to.</p>
<p>Question agreed to.</p>
<p>The TEMPORARY CHAIRMAN: In respect of amendment (2) on sheet BL210, I put that items 6 and 7 of schedule 1 stand as printed.</p>
<p>Question agreed to.</p>
<p class="speaker">Scott Ludlam</p>
<p>I have two questions, and the first is essentially about definition. The European convention quite exhaustively defines 'traffic data', whereas my understanding is that this bill relies on the parent act and does not use convention terminology. I would be interested in the minister's view on the way that the T(IA) Act will be interpreted once this bill passes the chamber and whether or not it will be entirely consistent with convention terminology because the term 'traffic data' is to be found nowhere in this bill or in the parent act.</p>
<p>This is important because, as the minister indicated in his responses to some of the questions that I posed during my second reading debate contribution, this is not about the content of the call, this is not about reading the emails; this is about the telecommunication data or the metadata or the traffic data that surrounds the communications. I have a problem with the basic premise that says that this is necessarily less important or less intimate, I guess, given that it would include, for example, detailed location data, but we will get to that a little further down in the debate because I have an amendment with regard to that. But initially I am seeking the minister's advice on terminology. For the purposes of interpretation of this bill once it has been incorporated into the act, how should we interpret what is actually caught by 'traffic data' or 'telecommunications data'?</p>
<p class="speaker">Joe Ludwig</p>
<p>It does seem to go to the difference in the phrases between the T(IA) Act, which sets out information or documents that relate to communication, and the phrase in the convention, which, if you will bear with me, seems to relate more to technology. It says:</p>
<p class="italic">… any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.</p>
<p>I do not see a substantive difference, other than one tries to relate more broadly to a type of technologies, whereas if you note the definition of 'traffic data' in the convention, it is inclusive rather than exhaustive. Ultimately, I think the technologically neutral way that we have phrased it captures all of the essence of what they describe. In Australia, as you well know, legislation is typically drafted to ensure it is technologically neutral so that law can apply to new and emerging technologies without the need for amendment.</p>
<p>So I accept that we do use slightly different phrases to refer to the concept of communications data. I do note that rather than ours being exhaustive, theirs is inclusive. But, ultimately, I do not see a substantive difference between the phrases in the legislation.</p>
<p class="speaker">Scott Ludlam</p>
<p>Minister, I trust that you or your advisers have a copy of the parent act with you. Could you point out to me, in the definition section of the T(IA) Act, where I can find the standard definition that most closely matches what we are referring or relating this legislation to in the convention?</p>
<p class="speaker">Joe Ludwig</p>
<p>It is 276 of the Telecommunications Act.</p>
<p class="speaker">Scott Ludlam</p>
<p>Minister, I will look that up and that might give rise to a supplementary question, but while I am doing that my question effectively is: are we defining this term in the negative in that it refers to everything except the communication itself? Are we referring to everything except the actual transcript or the actual recording of the phone call of the Skype channel, or Skype stream? Are we essentially referring to everything except that data?</p>
<p class="speaker">Joe Ludwig</p>
<p>I think the simple way to put it is that it is everything about the communication, not the communication itself.</p>
<p class="speaker">Scott Ludlam</p>
<p>Would that include location-specific data? Does that get incorporated—so latitude, longitude or however the device? I presume that a phone would be included in your earlier definition under the convention of a computer device. Will that include that location specific data?</p>
<p class="speaker">Joe Ludwig</p>
<p>It may, depending on the nature of the communication. You can imagine a circumstance where locational data is not part of the communication. You can imagine where it is, so it would depend on the circumstances. But the way it is framed is information or documents that relate to the communication. I think 'metadata' is one phrase, but if can you imagine the metadata includes that then it would have it in it.</p>
<p class="speaker">Scott Ludlam</p>
<p>That is helpful, and with a minimum of back and forth you have answered my question. In essence this will refer to anything at all apart from the communication itself. I suppose it would make more sense to come to this when I put some specific amendments dealing with it, but I think there is now a misapprehension that this cloud of data that surrounds our communications is somehow of less importance for the protection of privacy, that as long as we protect the communication itself there should be open season by a whole range of agencies on the telecommunications data or the traffic data that surrounds it. I think we need to fix that. I think that is one area where the law needs to be updated. As much as I acknowledge the desire of our policing and intelligence agencies to make sure that the law keeps track with technology, this is a profound area with privacy protection has not kept track with technology. There is an assumption that things as intimate as your latitude and longitude every minute of the day when you are carrying your phone around should have a much lower standard of protection from intrusion by not just law enforcement agencies but also welfare agencies and private companies. I think that is a serious misapprehension if we feel that, as long as we protect the phone call, everything else, all the traffic data around it, should be up for grabs. I strongly disagree with that presumption.</p>
<p>I turn now to another question, and I recognise that this matter is before the joint committee at the moment, which was one of my arguments for not debating this bill now. People who do have something to hide will simply use encryption and place their communications beyond the reach of an act like this. So is it not the case that, effectively, the people that the bill is after are presumably either already encrypting their communications or will be doing so in greater numbers? How does this bill address that and is this a further encroachment on privacy for what may be minimal gain?</p>
<p class="speaker">Joe Ludwig</p>
<p>As I understand it, the part of the work that the PJCIS national security inquiry is dealing with is encryption. So the bill as it stands has left the broader issue around encryption, and the issue I think you raise around the privacy implications of that, for the PJCIS. This bill addresses cybercrime and meeting the convention obligations. I understand your point that you wanted to wait for the PJCIS, but I think it is better that we deal with the cybercrime legislation so that we do meet our convention obligations and can accede to the convention as soon as possible.</p>
<p class="speaker">Scott Ludlam</p>
<p>I have a question before I move the first of the set of Greens amendments: why did it take a year? I am not satisfied with the minister's explanation for why this is happening now; it is cutting diagonally across the work of the joint committee. I mentioned in my second reading contribution that the cybersafety committee produced its report on this matter almost exactly a year ago this week, and I wonder why it has taken a year for the bill to come before the chamber.</p>
<p class="speaker">Joe Ludwig</p>
<p>Competing for legislative space is always a challenge, particularly in the Senate, but more importantly it does require industry consultation. It has required significant consultation backwards and forwards to ensure that industry understands the role that this legislation will play and the onus it will place on them. All of that does take time. Can I say, though, that we are here now, and that is the important part.</p>
<p class='motion-notice motion-notice-truncated'>Long debate text truncated.</p>
|