Private sector organisations are conducting their own cybercrime investigations with little regard for legal sanctions including the Telecommunications (Interception) Act, it was revealed in a parliamentary hearing into cybercrime.
The joint committee on the Australian Crime Commission (ACC) heard that software, such as keystroke loggers, is being used to target suspicious activity along with willing Internet service providers (ISPs) handing over customer information.
PricewaterhouseCoopers director Graham Henley said he is unsure if the use of such software breached the Telecommunications Act, but pointed out it was "very effective because it records every single stroke, providing a complete picture of what happens on a person's computer".
He went on to explain that in cybercrime matters the ability to get effective information out of ISPs and telcos quickly is essential in trying to identify the source of the attack or the source of the suspect in any investigation.
"With most Internet investigations you need access to ISP records or telco records to progress past a certain point, but there is no legal requirement for them to hold records; because of my ex-law enforcement association we ring the law enforcement liaison officer for the larger ISPs and ask them to preserve records and advise we may come back with a subpoena. . . If we don't go to law enforcement, a subpoena may be six months down the track, which in terms of cybercrime is infinity really, but ISPs usually do comply," Henley said.
Concerned about loopholes in existing laws and a lack of judicial oversight, Electronic Frontiers Australia executive director Irene Graham told the hearing she was aware of ISPs engaging in real-time monitoring without a warrant.
"I know of cases where they are certainly doing it without an interception warrant under the Act; I am concerned about allowing agencies access to the content of e-mail, voicemail and SMS messages that are delayed in transit without a warrant of any description whatsoever," she said.
"A requirement for ISP logging or monitoring would be tantamount to sanctioning mass surveillance and would be an infringement of the fundamental human rights of Internet users.
"We are very concerned about the Telecommunications Act at the moment because it leaves it in the hands of ISPs to decide whether they think it is reasonable to give personal information about their customers' activities to government agencies...when approached by Police, staff generally hand over information."
Supporting the call for ISPs to keep more detailed records, PricewaterhouseCoopers manager Scott Pobihun said there are some difficulties involved in storing large amounts of data, but storage prices have dropped dramatically.
"The old argument for ISPs was that it was too expensive and too time consuming to store information, but these days I do not think that flys, because storage has dropped dramatically in price; you can get massive amounts of storage quite cheaply and can automate a lot of processes," he said.
High Tech Crime Centre director federal agent Alistair MacGibbon said that in terms of cybercrime, information equals dollars and cents - as it can be used for a range of purposes from industrial espionage to competitive information.
"The investigation of high-tech crime relies upon the assistance of private sector organisations more than any traditional crime, because the Internet is owned by these organisations," he said.
Getting MPs up to speed on cybercrime was always going to be an exercise in patience with IT industry representatives showing remarkably good humour in response to some ridiculous questions. In a sobering account of the current state of play on the proliferation of malicious code, Symantec Australia MD John Donovan was asked to provide the profile of a typical virus writer.
NSW ALP Senator Steve Hutchins wanted to know if virus writers had a dishevelled appearance, sucked on Chuppa Chups and wore their caps backwards, or if they were more like National Party members.
Putting aside the lollipop reference and explaining that these virus writers were more likely to drink diet cola, Donovan said they were typically male in the 15 to 35 year age bracket, adding that they are not likely to be from aged people's homes.
Victorian ALP MP Bob Sercombe was also interested in profiling and what was being done by the FBI, but had difficulty trying to clarify his interest: "I am aware that, for example, the FBI particularly - I think at one of their places in Virginia; I cannot think of the name of it but it was made famous in one of those corny movies....". One assumes he was referring to the FBI training facility in Quantico after clarification from federal police in attendance at the hearing.