The need for global cyber security law reform

Cybercrime can move across the globe in an instant and disappear again without a trace. David Coleman says any law reform will need to balance cyber security and privacy.

In the past year alone, hacks against Sony, eBay, Target, Home Depot, Ashley Madison and the United States Department of Defence have highlighted the dire need to heighten cyber security and empower law enforcement both with the technical skills to fight cybercrime and the legal framework that allows police to efficiently investigate and prosecute cyber criminals.

It is clear from the response of law enforcement to these hacks that police are woefully unequipped to deal with the type of crime that can strike at millions of places at once, move across the globe in an instant and disappear again without a trace. International organised criminals and terrorists are free to communicate, organise and operate across the internet anywhere in the world. Although Australian companies and government organisations have not suffered from such high profile attacks, it would be naive to assume that our IT infrastructure will remain immune from serious attack. It is clear that reform needs to come to enhance the general level of cyber security around the world, but this reform will need to balance another fundamental concern.

The second fundamental concern is privacy. The world was shocked by the revelations that came through Edward Snowden that the United States National Security Agency can intercept practically any electronic communication which passes over the internet and decoded it, even when encrypted with state of the art encryption. Those outside technical circles were astonished that a national government of a liberal democracy could have such invasive and pervasive powers of surveillance and that such surveillance could be legal. To survey US Citizens, the National Security Agency only needed approval from the FISA court which had only rejected about 5 percent of the applications for surveillance that were presented to it. The agency is able to survey communications involving foreigners without limitation or judicial oversight.  Because the vast majority of internet communications at some point pass through servers in the United States, basically anything electronically communicated in the world can readily be intercepted.

As far as Australians are concerned, because of the information sharing arrangements between Australia, the United States, the United Kingdom and Canada, the Australian government is regularly passed information acquired by United States intelligence agencies. Clearly, the citizens of the world have a justifiable right to an expectation of privacy.

The most difficult question for law makers is how to balance the competing rights and expectations to security and privacy and ensure protection where perpetrators can skip national borders in the blink of an eyelid. It is clear that law enforcement needs to be able to track, trace and apprehend criminals on a global basis which will involve international cooperation between governments whose national security interests align. It will most likely require an international treaty to harmonise the laws amongst likeminded nations and enable speedy law enforcement cooperation where it is required and ensure the protection of privacy across the world.

However, the history of the creation of international agreements of this nature is chequered. The global solution to climate change has come woefully short of what is required to solve the problem, but global treaties on the law of the sea, telecommunications, post, trade and investment have achieved considerable success in creating global solutions to global problems. It seems that it is increasingly necessary for the governments of the world to negotiate international treaties on cyber security and privacy.