Forensic expert backs Telecommunications Act changes

Leading forensic computer lab director describes calls for intercepted data to be destroyed "as soon as it is no longer required" as shortsighted

A call for intercepted data to be destroyed "as soon as it is no longer required" has been described as shortsighted by the director of one of the country's leading forensic computer labs.

The call is part of the Greens’ opposition to amendments to the Telecommunications (Interception And Access) Amendment Bill 2009. Greens Senator, Scott Ludlam raised his opposition to a report into the Government's proposed changes to the Telecommunications Interception Act, which was tabled in the Senate.

In particular, the Greens have called for greater clarification around "network protection duties" and "disciplinary actions". They are also seeking tighter requirements around destroying copies of intercepted communications.

"In fact we see this requirement that intercepted information be destroyed as soon as it is no longer required, as fundamental to getting the balance right," Ludlam said in a release.

However, the director of the forensic computer lab at University of South Australia, Jill Slay, who also undertakes work with the Australian Federal Police (AFP) and other Government agencies, described the call as shortsighted.

Slay is one of many researchers around the world working on projects that, among other things, look at how data can be obtained from networks and devices (such as mobile phones) and used to help fight against crime and protect against cyber security threats.

In response to the Greens' call, Slay acknowledged the privacy concerns as genuine but said it needs to be balanced against using data to gather intelligence for the purpose of fighting crime and protecting the nation against external threats, whether they are from non-state actors or nation states.

She drew a parallel with the seizure of computers and how long police are allowed to hold them for, which varies across states.

In the year to June 30, 2008, Australian authorities 3254 interceptions compared to roughly 170,000 in the United States.

"In some states the police are genuinely hampered by the really short time they are allowed to hang on to a computer," she said. "I think it is something that has developed over the years, when you could easily sort through a hard disk and see what was there it was okay. But when you just have an increase of something like 10 to the power of 5 in data over 10 years, we just can't trawl anymore; you don't know where the smoking gun is. When you have major crimes and terrorism and you have so many pieces of evidence, like the bombing in London when they had 600 mobile phones, you don't actually know what you are looking for. To put those kinds of artificial limitations on the police — I just don't want to do that."

Slay added it would be difficult to say when the data would not be required any more and agreed if the data had traveled over a public network there would most likely be other copies in existence and accessible by anyone with the right skills and therefore not private.

Federal attorney general, Robert McClelland, has argued that changes to the Act will strike an effective balance between protecting networks from malicious activities while protecting users from unnecessary or unwarranted intrusion.

Introducing the bill for its second reading last week, McClelland said in attempting to strike a balance, the amendments recognised the general prohibition against interception and identified the circumstances in which the access, use and disclosure of information for network protection purposes would be permitted.

“The bill does not oblige network operators to undertake network protection; nor does it specify any type of technology that must be used,” McClelland said. “I stress and emphasise that because there was some criticism, when this matter was originally put in the public domain for disclosure, that in some way the government was avoiding its responsibilities to protect networks and putting those responsibilities on private users. That is not the case.”

The Federal Government has also announced a new Cyber Security Strategy and said it would launch a new emergency response team called CERT Australia. And earlier in the year, a new Cyber Security Operations Centre (CSOC) was announced as part of the Defence White Paper to boost the country's cyber warfare capabilities.

The moves have been supported by several parties, including academics and analysts like Slay, who argue the threat to Australia's national infrastructure — both public and private — is very real and will only increase going forward.

However, others have called for greater transparency around the respective groups' activities and the Privacy Commissioner, Electronic Frontiers Australia and the Australian Law Reform Commission have sided with those demanding greater privacy.

Additional reporting by Tim Lohman

Sign up for Computerworld's newsletters.

Got a tip on the Telecommunications Bill?Email Computerworld or follow @computerworldau on Twitter and let us know your thoughts.

Join the newsletter!

Error: Please check your email address.

Tags defencecerttelecommunications interception actCyber Security Operations Centre (CSOC)privacycyber security

More about Australian Federal PoliceBillCERT AustraliaetworkExposureFederal PoliceUniversity of South AustraliaUniversity of South Australia

Show Comments

Market Place