Businesses will be able to intercept e-mail and instant messaging communications under proposed changes by the federal government to prevent data leakage.
The changes will give employers power to intercept all Internet-based communications without consent, including e-mails and instant message (IM) discussions.
Attorney-General Robert McClelland told The Sydney Morning Herald today the changes are a counter-terrorism measure to prevent hackers stealing sensitive data.
He said such legislation could prevent a breach similar to the Estonian Denial of Service (DoS) attacks in which a 19 year-old hacker disabled the Web sites of banks, schools and the Prime Minister's office.
Electronic Frontiers Australia chair Dale Clapperton said the legislation amounts to an infringement on privacy.
"The Attorney-General will give quasi-police powers to the private sphere which have only been held by the likes of ASIO (Australian Security Intelligence Organisation), the federal police and the crime and misconduct commission," Clapperton said.
"The counter-terrorism card does not exempt government from scrutiny.
"We want strong safeguards in place so that organizations will only exercise their new powers over privacy to defend against cyberattacks and not to snoop about what employees are saying about management."
The laws have raised additional questions about whether safeguards will exist to protect intercepted data from being used by law enforcement and third party organizations.
Nick Elsmore, director of security consultancy SIFT, said the laws will have little impact because most businesses have a provision for e-mail interception in employee contracts.
"The so-called changes are perplexing because businesses already have the ability to monitor employee communications under NSW law," Elsmore said, adding that e-mail archiving is often part of record-keeping requirements.
"Now they no longer have to tell them. I can't see how this will achieve anything. If I were a terrorist, I wouldn't be sending my plans out over work e-mail.
"The devil is in the detail. We will have to wait to see what the broader consequences are."
The classification of e-mail as either a stationary or active medium is the real issue, according to Elsmore. The legislation could make it easier for law enforcement to sequester captured e-mail and IM data by categorizing Internet communication as stationary and therefore require a search warrant, rather than an interception warrant.
"The wording makes a massive difference, but it is to argue the bill for counter-terrorism," he said.
Previous amendments to the Telecommunications (Interception) Act forced Internet Service Providers (ISPs) to make a provision for law enforcement to tap all forms of IP voice communications.
Industry experts and ISPs criticized the provision and argued it is technically impossible to intercept Voice over Internet Protocol (VoIP), online game chat and other encrypted IP communications.