International law is lagging behind the leaps and bounds of technology development, argues Detective Sergeant Phil Kaufmann, who heads the NSW Police Service computer crime unit.
Kaufmann acknowledged that the Model Criminal Code discussion paper, released earlier this year by the Minister for Justice and Customs, Senator Vanstone, could see a standardisation of federal laws for computer crimes such as internet hacking. However, Senator Vanstone's office admitted earlier this year that bureaucratic procedures would mean the legislation would not be effective for up to a year, a period Kaufmann said was "too long".
Kaufmann said most Australian states already had legislation prohibiting crimes committed through computers or the internet. However, he believes laws surrounding the net should be standardised federally and, ideally, globally. "Australia has six different (sets of) laws for 20 million people. India has 1 billion people and one law," he mused. A "global internet" requires "globalised legislation" to govern it.
Kaufmann said US laws surrounding internet crime were "pretty similar" to computer crime legislation in Australia. Nevertheless, Australian and US police departments frequently liaised during international investigations.
For investigations such as these, the procedures that police departments from different countries are required to undergo in order to liaise were too time consuming and formal, he said.
As a result, the NSW Police Service has to send police officers overseas to conduct investigations, simply to save time and money. Kaufmann proposed that the bureaucratic procedures required for interstate and international investigations be streamlined dramatically.
Kaufmann clarified the widespread confusion surrounding jurisdictional responsibility of internet crime investigations. An internet crime committed on a federal organisation resulted in investigation by the Federal Police while an internet crime committed on a private organisation was investigated by the state in question's police force. However, the investigation of an internet crime committed on a national organisation such as the Australian Stock Exchange, whose website was harmlessly hacked into earlier this year, was assigned to the NSW Police because it operated as a corporation, he said. If a hacking crime investigation tracked the source of a hack to an overseas country, then the relevant police departments from both countries were required to conduct a coordinated investigation, he said.
The Vanstone Model Criminal Code paper invites IT industry practitioners to submit recommendations for amendments to Australian federal computer crime legislation. Kaufmann said all state police departments were currently preparing a combined submission for the Model Criminal Code Committee that highlighted a need for streamlined bureaucracy for interstate and international internet crime. Additionally, the police submission will suggest an increase in IT training for police, he said.
Police investigating computer crime cases were often at odds with the cutting-edge technology used by criminals. Presently, the NSW Police Service requires regular assistance from businesses and academics specialising in IT.
Kaufmann cited various US and Canadian IT training programs attended by forensic agencies such as the FBI, and proposed that an Australian-based IT forensic training program be introduced by Charles Sturt University.
Kaufmann believes far more hack attacks occur than are reported to the police. He said companies either feared embarrassment or simply didn't realise that the violation of their website was considered a crime. He advised hacking victims planning to report a crime to record all evidence of the attack immediately. Router logs, firewall logs and ISP logs were crucial to tracing the source of a hack, he said.