Status regarding Budapest Convention
Status : Party Declarations and reservations : Reservations: Art. 14, Art. 22 See legal profileCybercrime policies/strategies
The Australian Government published the Cyber Security Strategy: Enabling Innovation, Growth & Prosperity 2016, which addressed cybercrime and other cyber threats, as well as established strategic aims from 2016 to 2020. The strategy establishes five themes of action for Australia’s cyber security until 2020:
- A national cyber partnership: priority actions to focus on co-leadership, building stronger partnerships and understanding costs of malicious cyber activities to the economy.
- Strong cyber defences: priority actions to focus on detecting, deterring and respondoing top cyber threats, and raising the bar to make Australia a harder target against cyber threats
- Global responsibility and influence: priority actions to focus on championing open, free and secure Internet, shutting down safe havens for cybercrime, and building capacity
- Growth and innovation: priority actions to focus on enabling cyber security innovation, enabling cyber security businesses to develop and expand, and enabling cyber security research and development
- A cyber smart nation: priority actions to focus on developing the right cybersecurity skills and expertise, and raising national cyber security awareness.
The Attorney-General’s Department previously published a ‘National Plan to Combat Cybercrime’ in 2013, detailing legislative amendments and strategic objectives to counter cybercrime.
‘Australia’s International Cyber Engagement Strategy’ (2017) – contains a chapter on cybercrime, with the main goal of attaining stronger cybercrime prevention, prosecution and cooperation, with a particular focus on the Indo-Pacific. To this end, the measures taken are:
- Raise cybercrime awareness in the Indo-Pacific;
- Assist Indo-Pacific countries to strengthen their cybercrime legislation;
- Deliver cybercrime LE and prosecution capacity building in the Indo-Pacific;
- Enhance diplomatic dialogue and international information sharing on cybercrime.
Australia’s International Cyber Engagement Strategy emphasis the fact that cybercriminals attempts to exploit the vulnerabilities of states in the early stages of developing the legislative and technical capabilities necessary o combat cybercrime. Therefore, Australian government seeks to deepen bilateral, regional and global partnerships to increase cooperation and build on the capacities to combat this threat.
Cybercrime legislation
State of cybercrime legislation
In Australia, the term 'cybercrime', in line with Budapest Convention definitions, is used to describe both:
- crimes directed at computers or other information communications technologies (ICTs) (such as hacking and denial of service attacks);
- crimes where computers or ICTs are an integral part of an offence (such as online fraud, identity theft and the distribution of child exploitation material).
Responsibility for combating the different forms of cybercrime in Australia is shared between Australian Government agencies and state and territory agencies. (Source: https://www.homeaffairs.gov.au/about-us/our-portfolios/criminal-justice/cybercrime-identity-security)
Both substantive and procedural criminal law framework of Australia, as amended by Cybercrime Legislation Amendment Act No. 120/2012 (intended to fully implement the Budapest Convention on Cybercrime), is fully in line with the Convention requirements.
Substantive law
The Commonwealth has enacted a comprehensive set of offences to address cybercrime, contained in the Criminal Code Act 1995 (Criminal Code). These offences are based on model laws agreed to by Commonwealth, state and territory governments in 2001. The offences are consistent with those required by the Council of Europe Convention on Cybercrime and are drafted in technology-neutral terms to accommodate advances in technology.
Key Commonwealth offences are contained in Part 10.6 and Part 10.7 of the Criminal Code, which contains offences criminalizing the misuse of telecommunication networks, ‘carriage services’ (a term which includes the internet and online services, as well as wired and mobile services) and computers.
The Commonwealth computer offences are complemented by state and territory laws which criminalize the misuse of data and computer systems. (Source: https://www.homeaffairs.gov.au/about-us/our-portfolios/criminal-justice/cybercrime-identity-security)
Criminal Code Act 1995 contains more specifically provisions on the theft of confidential electronic records (in the context of espionage) and fraud involving a computer or other electronic device; and digital forgery.
Crimes Act 1914 contains provisions on access, search and seizure of computer and data storage devices; electronic surveillance and telecommunications interception; privacy; and offences related to child pornography and abuse.
Privacy Act 1988 contains provisions on data privacy principles, obligations, codes, interferences and management; data breaches; credit information and reporting; and Information Commissioner investigations and enforcement.
Cybercrime Act 2001 amends the law in relation to computer offences and law enforcement powers relating to electronic data.
Procedural law
Cybercrime Act 2001 – amends the law in relation to computer offences and law enforcement powers relating to electronic data.
Telecommunications (Interception and Access) Act 1979 – contains provisions on communications interception; access to stored communications; access to telecommunications data; and co-operation with agencies.
Mutual Assistance in Criminal Matters Act 1987 – covers evidence handling, search and seizure, and mutual assistance requests in relation to evidence, including proceeds of crime.
Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 - Amends the Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies via the issuing of technical assistance requests, technical assistance notices and technical capability notices.
Safeguards
Applicable conditions and safeguards in criminal investigations procedures are prescribed in Telecommunications (Interception and Access) Act 1979 as well as the Mutual Assistance in Criminal Matters Act 1987
Related laws and regulations
Specialised institutions
Australian Cyber Security Centre (ACSC) – leading agency on the investigation and reporting of cybercrime and other cyber threats, at a national and transnational level. Part of the Australian Signals Directorate (ASD) - set up in 2017 to use its offensive cyber capabilities to disrupt, degrade, deny and deter organized offshore cybercriminals. This capability is subject to stringent oversight, and consistent with domestic law and obligations under international commitments.
CERT Australia – national Computer Emergency Response Team, part of ACSC.
The Australian Federal Police (AFP) High Tech Crime Operations (HTCO) is responsible for investigating serious cyber offences throughout the country, while the AFP’s Specialist Operations’ forensics unit is responsible for digital forensics.
International cooperation
Competent authorities and channels
MLA Authority in the absence of other treaties (Art. 27)
International crime cooperation Central Authority
Attorney General’s Dept.,
3-5 National Circuit
Barton, ACT 2600
Authority for extradition and provisional arrests in the absence of other treaties (Art. 24)
International crime cooperation Central Authority
Attorney General’s Dept.,
3-5 National Circuit
Barton, ACT 2600
24/7 Point of contact (Art. 35)
AOCC Watchfloor Operations,
Australian Federal Police
GPO Box 401
Canberra ACT 2601
Australia
Member of the Association of Southeast Asian Nations (ASEAN). Party to the Budapest Convention.
Practical guides, templates and best practices
‘Australia’s International Cyber Engagement Strategy’ makes extensive reference to the Budapest Convention on cybercrime, noting it is a valuable mechanism to strengthen international cooperation on cybercrime, particularly through its MLA provisions. States operate together more effectively when domestic legal and LE operational frameworks are harmonized and in line with the provisions of the BC.
Jurisprudence/case law
Kennedy v Baker (2004) - seizure of electronic evidence
R v Scerba (2015) – unauthorised disclosure of classified Department of Defence data
Kenworthy v The Queen (2016) - subscriber data and the transmission of child pornography
Sources and links
- Cyber Security Strategy: Enabling Innovation, Growth & Prosperity
- National Plan to Combat Cybercrime
- ‘Australia’s International Cyber Engagement Strategy’
- Cybercrime Legislation Amendment Act No. 120/2012
- Criminal Code Act 1995
- Crimes Act 1914
- Privacy Act 1988
- Cybercrime Act 2001
- Telecommunications (Interception and Access) Act 1979
- Mutual Assistance in Criminal Matters Act 1987
- Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018
- Privacy Act 1988
- Telecommunications (Interception and Access) Act 1979
- Australian Cyber Security Centre (ACSC)
- Signals Directorate (ASD)
- CERT Australia
- Australian Federal Police (AFP) High Tech Crime Operations
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.