Internet Industry Association

Internet Industry Association

N  E  W  S      R  E  L  E  A  S  E

For Immediate Release
Monday, 21 July 2003

IIA Releases Draft Cybercrime Code of Practice

The Internet Industry Association today released its draft Cybercrime Code of Practice for public consultation.

The Code is the product of over 18 months' development by the IIA Cybercrime taskforce. It defines the rights and responsibilities of Internet Service Providers in meeting their enforcement co-operation obligations, while preserving, to the full extent the law, the sanctity of their customers' personal information. The IIA sees the Code as forming day to day operational guidelines to enable ISPs to assist law enforcement and national security agencies in the execution of their duties.

IIA chief executive, Peter Coroneos explained that the Code aimed to address the frustrations of law enforcement agencies who have too often found that by the time they approach an ISP for information about suspects, the data has been overwritten or discarded. In other countries such as the UK, legislators have stepped in and required data retention for up to seven years.

"Our draft Code stipulates retention periods of six or 12 months in Australia, depending on the information in question. We think this is a more reasonable period than other countries have imposed, and the Australian law enforcement agencies we have consulted with evidently agree, given their support for the initiative."

Mr Coroneos emphasised the lengths the IIA had gone to in protecting the balance between privacy and cooperation with law enforcement investigations into cybercrime and cyberterrorism . "In framing the Code, we have been at pains to strike what we are convinced is a reasonable balance. Where ISPs already collect customer information in the course of their business operations, this Code stipulates minimum retention periods for that data. "

Contrary to some publicly expressed concerns, the Code does not require ISPs to capture caller line identification (CLI) or caller name display (CND) data. Instead, it says that if an ISP becomes in a position to access this data under arrangements with their telco providers - for example as an anti fraud measure - then they must retain it for 6 months. During this time a law officer with a warrant or 'section 282 notice' can request the ISP to provide this information, which can be helpful in locating criminals hiding behind the anomity of an unlisted number.  

However, the Code reminds ISPs that if they disclose this information to anyone other than a law enforcement agency acting under lawful authority, they will be in breach of the Telecommunications Act and at risk of a criminal penalty and up to two years imprisonment. Further, by requiring all ISPs wanting to be party to the Code to become bound by the Privacy Act, the powers of the Privacy Commissioner can be invoked, leaving the way open for compensation and other orders.

"It is important that when dealing with sensitive issues like privacy, that we don't allow a two-tier set of compliance to arise. The same rules must apply to everyone if they are to benefit from the certainty that this Code seeks to provide.".

The public consultation period for the draft Code ends on 21 August 2003. The Code is available from www.iia.net.au/cybercrimevt.html.

Ends.

More: For more information see www.iia.net.au/cybercrime.

Peter Coroneos, Chief Executive IIA (02) 6232 6900

--
ABOUT THE IIA
The Internet Industry Association is Australia's national Internet industry organisation. Members include telecommunications carriers; content creators and publishers; web developers; e-commerce traders and solutions providers; hardware vendors; systems integrators; banks, insurance underwriters; Internet law firms, ISPs; educational and training institutions; Internet research analysts; and a range of other businesses providing professional and technical support services. On behalf of its members, the IIA provides policy input to government and advocacy on a range of business and regulatory issues, to promote laws and initiatives which enhance access, equity, reliability and growth of the medium within Australia.