House of Representatives Committees

| House of Representatives Standing Committee on Communications

Footnotes

Chapter 1 Introduction

[1]       Cyber Space Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, White House, 29 May 2009.

[2]       Cyber Security Strategy of the United Kingdom: safety, security and resilience in cyber space, Cabinet Office (UK), June 2009.

[3]       Cyber Security Strategy, Australian Government, 2009.

[4]       Parliamentary Joint Committee on the Australian Crime Commission, Cybercrime, The Parliament of the Commonwealth of Australia, March 2004.

[5]       Drug and Crime Prevention Committee, Final Report of the Inquiry into Fraud and Electronic Commerce, Parliament of Victoria, January 2004.

[6]       Science and Technology Committee, Personal Internet Security, Volume 1 Report, House of Lords, August 2007.

[7]       Australian Communications and Media Authority, Australia in the Digital Economy: Trust and Confidence, ACMA, March 2009, p.39; AusCERT, AusCERT Home Users Computer Security Survey 2008, AusCERT, 2008, p.3.

[8]       Australian Bureau of Statistics, 2007 Personal Fraud Survey, ABS Catalogue No 4528.0, ABS, 2007, p. 21.

Chapter 2 Nature, Prevalence and Economic Impact of Cyber Crime

[1]       Mr Peter Watson, Microsoft Pty Ltd, Transcript of Evidence, 9 October 2009, p.18.

[2]       CSIRO, Submission 26, p.4; Dr Paul Twomey, Internet Corporation for Assigned Names and Numbers (ICANN), Transcript of Evidence, 8 October 2009, p.2.

[3]       See for example: Australian Computer Society, Submission 38, p.2. Dr Paul Twomey, ICANN, Transcript of Evidence, 8 October 2009, p.2; Australian Communications Consumer Action Network (ACCAN), Submission 57, p.53; Mr Stephen Wilson, Lockstep Technologies Pty Ltd, Transcript of Evidence, 9 October 2009, p.44; Symantec Asia Pacific Pty Ltd, Submission 32, p.19; Microsoft Australia, Submission 35, p.1; Internet Safety Institute, Submission 37, p.5.

[4]       See for example: Dr Russell Smith, Australian Institute of Criminology (AIC), Transcript of Evidence, 19 August 2009, p.3; AIC, Submission 41, p.10; Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence, p.49; Dr Paul Twomey, ICAAN, Transcript of Evidence, 8 October 2009, p.6; Organisation for Economic Cooperation and Development (OECD), Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.17.

[5]       See for example: Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.3; Mr Peter Coroneos, Internet Industry Association (IIA), Transcript of Evidence, 11 September 2009, p.13; Dr Paul Twomey, ICANN, Transcript of Evidence, 8 October 2009, p.6; Australian Federal Police (AFP), Submission 25, p.3; PayPal Incorporated, Submission 60, Symantec Asia Pacific Pty Ltd, Submission 32, p.3; Department of Broadband, Communications and the Digital Economy (DBCDE), Submission 34, p.6.

[6]       See for example: G Urbas and KR Choo, Resource materials on technology-enabled crime, AIC, Canberra, 2008, p.83; AIC, High tech crime brief: Hacking offences, AIC, 2005, p.1.

[7]       OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.10.

[8]       See for example: OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.91; G Urbas and KR Choo, Resource materials on technology-enabled crime, AIC, Canberra, 2008, p.87; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.91.

[9]       OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.90.

[10]     OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.90;

[11]     See for example: OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.90-91; G Urbas and KR Choo, Resource materials on technology-enabled crime, AIC, Canberra, 2008, pp.79-87.

[12]     OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.12;

[13]     See for example: Australian Communications and Media Authority (ACMA), Submission 56, p.14; Symantec Corporation, Submission 32, p.2.

[14]     OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.12;

[15]     Symantec Asia Pacific Pty Ltd, Submission 32, p.20.

[16]     AIC, High Tech Crime Brief: More malware – adware, spyware, spam and spim, AIC, Canberra, 2006, p.1.

[17]     K Howard, Mallesons Stephen Jacques, Computers and Law, March 2006, p.17.

[18]     Cyberspace Law and Policy Centre (CLPC), Submission 62, p.3.

[19]     OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.15. See also: G Urbas and KR Choo, Resource materials on technology-enabled crime, AIC, Canberra, 2008, pp.81; KR Choo, Trends and issues in crime and criminal justice: Zombies and Botnets, AIC, Canberra, 2007, p.4.

[20]     See for example: RSA Security Inc, Exhibit 2, p.2; MT Banday, JA Quadri and NA Shah, ‘Study of Botnets and their threats to Internet Security’, Sprouts: Working papers on information systems, 2009, p.8, viewed 22 December 2009, <http://sprouts.aisnet.org>; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.23.

[21]     Symantec Asia Pacific Pty Ltd, Submission 32, p.6.

[22]     Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.6.

[23]     IIA, Submission 54, p.3. See also: OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.37.

[24]     See for example: OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.24; AFP, Submission 25, p.9; JB Grizzard, VS Sharma, C Nunnery, BBH Kang and D Dagon, Peer-to-Peer Botnets: Overview and Case Study, in proceedings of USENIX Association First Workshop on Hot Topics in Understanding Botnets, 10 April 2007, Cambridge, USA,  pp.5-6, viewed 24 December 2009, <http://www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzard.pdf>.

[25]     JB Grizzard, VS Sharma, C Nunnery, BBH Kang and D Dagon, Peer-to-Peer Botnets: Overview and Case Study, in proceedings of USENIX Association First Workshop on Hot Topics in Understanding Botnets, 10 April 2007, Cambridge, USA,  p.1, viewed 24 December 2009, <http://www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzard.pdf>.

[26]     Symantec Asia Pacific Pty Ltd, Submission 32, p.6; CLPC, Submission 62, p.6.

[27]     See for example: RSA Security Inc., Exhibit 3, p.2; Dr Paul Twomey, ICANN, Transcript of Evidence, 8 October 2009, p.8; Fortinet, Submission 29, p.9; Symantec Asia Pacific Pty Ltd, Submission 32, p.15.

[28]     AIC, High Tech Crime Brief: More malware – adware, spyware, spam and spim, AIC, Canberra, 2006, p.1.

[29]     See for example: P Wood, A spammer in the works, MessageLabs, Hong Kong, 2003, p.6; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.27; MessageLabs, The Dark Art of Spam, MessageLabs, 2009, pp.3-4.

[30]     P Wood, A spammer in the works, MessageLabs, Hong Kong, 2003, p.6.

[31]     See for example: P Wood, A spammer in the works, MessageLabs, Hong Kong, 2003, p.6; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.27; AIC, High Tech Crime Brief: More malware – adware, spyware, spam and spim, AIC, Canberra, 2006, p.1; Mr Anthony Burke, Australian Bankers Association NSW Inc., Transcript of Evidence, 8 October 2009, p.59.

[32]     P Wood, A spammer in the works, MessageLabs, Hong Kong, 2003, p.1,5. See also: AIC, High Tech Crime Brief: More malware – adware, spyware, spam and spim, AIC, Canberra, 2006, p.1.

[33]     ACCC, Exhibit 16, p.43.

[34]     OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.27.

[35]     Educause, 7 things you should know about DNS, Educause, January 2010, p.1, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.

[36]     Educause, 7 things you should know about DNS, Educause, January 2010, p.1, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.

[37]     F Hacquebord and C Lu, Rogue Domain Name System Servers, blog post, TrendLabs Malware Blog, Trend Micro, 27 March 2007, viewed 26 February 2010, <http://blog.trendmicro.com/rogue-domain-name-system-servers-5breposted5d>.

[38]     ICANN Security and Stability Advisory Committee, Domain name hijacking: incidents, threats, risks, and remedial actions, ICANN, 12 July 2005, p.8.

[39]     See for example: G Urbas and KR Choo, Resource materials on technology-enabled crime, AIC, Canberra, 2008, p.85; Symantec Corporation, Symantec Report on the Underground Economy July 07 – June 08, Symantec Corporation, November, 2009, p.19.

[40]     Dr Russel Smith, AIC, Transcript of Evidence, 19 August 2009, p.6.

[41]     See for example: Symantec Corporation, Symantec Report on the Underground Economy July 07 – June 08, Symantec Corporation, November, 2009, pp.19, 24; Australian Bureau of Statistics, 2007 Personal Fraud Survey, ABS, Cat. No. 4528.0, 2007, p.8; Australian Government, Dealing with identity theft: Protecting your identity, Attorney General’s Department (AGD), 2009, p. 4; AusCERT, Computer Crime and Security Survey, AusCERT, 2006, p.28.

[42]     Symantec Corporation, Symantec Report on the Underground Economy July 07 – June 08, Symantec Corporation, November 2009, p.19.

[43]     See for example: AIC, Submission 41, p.4; Mr Scott Gregson, Australian Competition and Consumer Commission (ACCC), Transcript of Evidence, 18 November 2009, p.1; ACCC, Exhibit 16, p.10.

[44]     KR Choo, Trends and issues in crime and criminal justice: Zombies and Botnets, AIC, Canberra, 2007, p.4.

[45]     OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.16.

[46]     Symantec Corporation, Symantec Report on the Underground Economy July 07 – June 08, Symantec Corporation, November 2009, p.9.

[47]     Australian Broadcasting Corporation (ABC), Fear in the Fast Lane, Four Corners program transcript, ABC, 17 August 2009, viewed 11 January 2010, <http://www.abc.net.au/4corners/content/2009/s2658405.htm>; Australian Bankers’ Association, Submission 7.1, p.2. See also: Mr John Geurts, Transcript of Evidence, 8 October 2009, p.57; Mr Craig Scroggie, Transcript of Evidence, 9 October 2009, p.54-55.

[48]     Northern Territory Government, Submission 53, p.1.

[49]     AIC, Submission 41, p.8-9.

[50]     See for example: Internet Safety Institute, Submission 37, p. 7; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.16; AFP, Submission 25, pp.4,6; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.8.

[51]     See for example: Detective Superintendent Brian Hay, quoted in ABC, Fear in the Fast Lane, Four Corners program transcript, ABC, 17 August 2009, viewed 11 January 2010, <http://www.abc.net.au/4corners/content/2009/s2658405.htm>; Symantec Corporation, Symantec Report on the Underground Economy July 07 – June 08, Symantec Corporation, November 2009, pp.4-5; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.8; Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p.55.

[52]     Symantec Corporation, Symantec Global Internet Security Report Trends for 2008, Symantec Corporation, April 2009, p.10.

[53]     See for example: Symantec Corporation, Symantec Report on the Underground Economy July 07 – June 08, Symantec Corporation, November 2009, pp.4-5; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.16; AIC, Submission 41, p.7.

[54]     See for example: Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p.54; Dr Russell Smith, AIC, Transcript of Evidence, pp.6-9; AIC, Submission 41, p.9.

[55]     See for example: Internet Safety Institute, Submission 37, p. 7; Mr David Zielezna, ACMA, Transcript of Evidence, 21 October 2009, p.5; Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.14.

[56]     Symantec Corporation, Web Based Attacks February 2009, Symantec Corporation, February 2009, p.10.

[57]     P Coogan, Zeus, King of the underground crimeware toolkits, blog post, Symantec Security Blogs, Symantec Corporation, 25 August 2009, viewed 14 January 2009, <http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits>.

[58]     P Coogan, Zeus, King of the underground crimeware toolkits, blog post, Symantec Security Blogs, Symantec Corporation, 25 August 2009, viewed 14 January 2009, <http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits>.

[59]     See for example: OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.20; Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.3.

[60]     AFP, Submission 25, p.4.

[61]     See for example: Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence, 11 September 2009, p.47; Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.11.

[62]     See for example: Dr Russell Smith, AIC, Transcript of Evidence, p.9; AFP, Submission 25, p.3.

[63]     AFP, Submission 25, p.3.

[64]     See for example: Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p.61; Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.7; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009; Mr Richard Johnson, Westpac Banking Corporation, Transcript of Evidence, 8 October 2009, p.56.

[65]     See for example: OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.20; Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.20.

[66]     See for example: AusCERT, Submission 30, p.4; AGD, Submission 44, p.3.

[67]     See for example: Australian Taxation Office (ATO), Submission 59, p.4; Australian Seniors Computers Clubs Association (ASSCA), Submission 63, p.5; Mr Michael Cranston, ATO, Transcript of Evidence, 16 September 2009, p.2; Lockstep, Submission 36, p.10; AusCERT, Submission 30, p.9.

[68]     See for example: ATO, Submission 59, p.4; ASSCA, Submission 63, p.5; Mr Michael Cranston, ATO, Transcript of Evidence, 16 September 2009, p.2; Lockstep, Submission 36, p.10; AusCERT, Submission 30, p.9.

[69]     See for example: Mr Christopher Hamilton, Transcript of Evidence, p.71; Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p. 52; Symantec Corporation, Submission 32, p.9; KR Choo, Trends and issues in crime and criminal justice: Zombies and Botnets, AIC, Canberra, 2007, p.4; ABC, Fear in the Fast Lane, Four Corners program transcript, ABC, 17 August 2009, viewed 11 January 2010, <http://www.abc.net.au/4corners/content/2009/s2658405.htm>.

[70]     AFP, Submission 25, p.5; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.13; ACCC, Submission 46, p.4; Mrs Nancy Bosler, ASSCA, Transcript of Evidence, p.1; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.14.

[71]     Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.14.

[72]     Mr Anthony Burke, Australian Bankers Association NSW Inc, Transcript of Evidence, 8 October 2009, p.62.

[73]     AFP, Submission 25, p.5.

[74]     See for example: Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.2; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.16.

[75]     Mr Alistair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.63; ACMA, Submission 56, p.4.

[76]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.15.

[77]     DBCDE, Submission 34.1, p.7.

[78]     ACMA, Submission 56, p.4.

[79]     Mr Mike Rothery, AGD, Transcript of Evidence, 25 November 2009, p.10.

[80]     See for example: Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009 p.3; Mr Graham Ingham, AusCERT, Transcript of Evidence, 11 September 2009, p.11; Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.14; Mr Richard Johnson, Westpac Banking Corporation, Transcript of Evidence, 8 October 2009, p.56; Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence, 11 September 2009, p.47.

[81]     Mr Graham Ingham, AusCERT, Transcript of Evidence, 11 September 2009, p.3.

[82]     See for example: Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.3; Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.22; Internet Safety Institute, Submission 37, p.4; Mr Anthony Burke, Australian Bankers Association NWS Inc., Transcript of Evidence, 8 October 2009, p.55; Mr Terry Hilsberg, ROAR Film Pty Ltd, Transcript of Evidence, 8 October 2009, p.66; Mr John Galligan, Microsoft Pty Ltd, Transcript of Evidence, 9 October 2009, Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p.15; ABS, Household Use of Information Technology 2008-09, ABS, Cat. No. 8146.0, 16 December 2009, p.37.

[83]     Mr Graham Ingham, AusCERT, Transcript of Evidence, 11 September 2009, p.3; ATO, Submission 59, p.6; ROAR Film Pty Ltd, Submission 64, p.5; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.5; McAfee Australia, Submission 10, p.2.

[84]     Microsoft Australia, Submission 35, p.4.

[85]     Symantec Corporation, Symantec Global Internet Security Threat Report: Trends for 2008, Symantec Corporation, April 2009, p.10.

[86]     See for example: Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.7; Mr Bruce Matthews, ACMA, Transcript of Evidence, p.5.

[87]     Telstra, Submission 43, p.2.

[88]     The ICANN, Submission 40, p.1.

[89]     See for example: AIC, Submission 41, pp.2-3;  AFP, Submission 25, p.3; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.13; Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p.52; DBCDE, Submission 34, p.3.

[90]     See for example: OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.30; ACS, Submission 38, p.6.

[91]     OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.30.

[92]     Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.69.

[93]     DBCDE, Australia’s Digital Economy: Future Directions, DBCDE, 2009, p.2.

[94]     DBCDE, Australia’s Digital Economy: Future Directions, DBCDE, 2009, pp.2-3.

[95]     DBCDE, Australia’s Digital Economy: Future Directions, DBCDE, 2009, p.1.

[96]     See for example: AusCERT, Submission 30, p.11; IIA, Submission 54, p.4; Microsoft Australia, Submission 35, p.5; Symantec Corporation, Submission 32, p.8; Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.10; Lockstep Technologies Pty Ltd, Submission 36, p.10; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, pp.41-42.

[97]     Ms Loretta Johnson, Australian Information Industry Association, Transcript of Evidence, 11 September 2009, p.24.

[98]     OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.7.

[99]     Cyber Security Industry Alliance, ‘Survey: Lack of confidence in cyber security has economic, political effects’, Insurance Journal, Wells Publishing, June 2006, viewed 29 January 2009, <http://www.insurancejournal.com/news/national/2006/06/07/69215.htm>.

[100]   ACMA, Australia in the Digital Economy: Trust and Confidence, ACMA, March 2009, p.1.

[101]   ABS, Household Use of Information Technology 2008-09, ABS, Cat. No. 8146.0, 16 December 2009, p.30.

[102]   Mr Allan Asher, ACCAN, Transcript of Evidence, 8 October 2009, p.16.

[103]   OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, pp.40-41.

[104]   AM Freed, Another Payment Card Processor Hacked, Information Security Resources,  Infosec Island Network, February 14 2009, viewed 29 January 2009, <http://information-security-resources.com/2009/02/14/another-payment-card-processor-hacked/>.

[105]   OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, pp.40-41.

[106]   K Richards, The Australian Business Assessment of Computer User Security: a national survey, AIC, 2009, p.iii.

[107]   See for example: OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, p.38; K Richards, The Australian Business Assessment of Computer User Security: a national survey, AIC, 2009, p.xi

[108]   See for example: AIC, Submission 41, p.16; Australian Information Industry Association, Submission 22, p.9; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, OECD, June 2008, pp.42-43.

Chapter 3 Research and Data Collection

[1]       See for example: Australian Bureau of Statistics (ABS), Submission 16, p.1; Northern Territory Government, Submission 53, p.1; AusCERT, Submission 30, p.11; Internet Safety Institute, Submission 37, p.7.

[2]       The 2004 Cybercrime inquiry by the Joint Committee on the Australian Crime Commission accepted that there is a lack of independent cyber crime trend information available to the finance industry and law enforcement agencies. The Australian Government’s response cited the secondment of specialists to, and information sharing through, the Australian High Tech Crime Commission as new measures. See: Parliamentary Joint Committee on the Australian Crime Commission, Cybercrime, March 2004, pp. 40, 49 and 66; Australian Government, Australian Government Response to the Recommendations of the Parliamentary Joint Committee inquiry on Cybercrime, 9 February 2006, pp.5 and 7.

[3]       See for example: ABS, Submission 16, p.1; Australian Institute of Criminology (AIC), Submission 41, p.22; Australian Payments Clearing Association (APCA), Submission 50, p.7; ACMA, Submission 56, p.17; Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, pp.63-64.

[4]       ACMA, Submission 56, p.17.

[5]       AGD, Submission 44.1, p.3.

[6]       Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010, p.7.

[7]       See for example: McAfee Australia Pty Ltd, Submission 10, pp.13-14; RSA, Submission 2, p.2; Threatmetrix Pty Ltd, Submission 19, p.3; Sophos Pty Ltd, Submission 66, p.2.

[8]       Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p.50.

[9]       AusCERT, Submission 30, pp.3, 12.

[10]     ACMA, Submission 56.1, p.2.

[11]     ACMA, Submission 56, pp.3-4.

[12]     AGD, Submission 44, pp.7-9; ASIO, Submission 47, pp.4-5; Department of Defence, Submission 20, p.1.

[13]     See for example: Australian Competition and Consumer Commission (ACCC), Submission 46, pp.2-3; AFP, Submission 25, p.20; Queensland Government, Submission 67, p.7.

[14]     ACCC, Supplementary Submission 46.1, p.2; South Australian Police, Submission 10, p.4.

[15]     AGD, Submission 44.1, p.3.

[16]     Mr Anthony Burke, ABA, Transcript of Evidence, 8 October 2009, p.54; Mr Christopher Hamilton, APCA, Transcript of Evidence, 11 September 2009, p.70; Mr Richard Johnson, Transcript of Evidence, 8 October 2009, p.52.

[17]     AIC, Submission 41, p.1.

[18]     ABS, Submission 16, pp.2-3.

[19]     See for example: AIC, Submission 41, p.41.

[20]     Queensland Government, Submission 67, pp.4 and 6; Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010, pp.2-3.

[21]     DBCDE, Submission 34.1, p.7.

[22]     AusCERT, Australian Computer Crime and Security Surveys, AusCERT, 22 May 2006, viewed 19 March 2010, <http://www.auscert.org.au/render.html?it=2001>.

[23]     AusCERT, Submission 30, pp.3, 12.

[24]     Symantec Corporation, Submission 32, p.9; McAfee, Datagate: The Next Inevitable Corporate Disaster, McAfee, viewed 24 March 2010, <http://www.mcafee.com>.

[25]     ABS, Submission 16, p.1.

[26]     ABS, Submission 16, p.1; Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.2.

[27]     ABS, Submission 16, p.1.

[28]     ABS, Submission 16, p.2.

[29]     ABS, Submission 16, p.1.

[30]     AGD, Submission 44, p.3.

[31]     AIC, Submission 41, pp.3-4; AFP, Technology Enabled Crime, AFP, 2 September 2009, viewed 15 March 2010, <http://www.afp.gov.au/national/e-crime.html>.

[32]     ABS, Submission 16, p.1.

[33]     ABS, Submission 16, p.1.

[34]     The Australian Standard Offence Classification is used in ABS statistical collections, and by Australian police, criminal courts and corrective services agencies, to provide uniform classifications of criminal behaviour in crime and justice statistics.

[35]     ABS, Submission 16, p.2.

[36]     See for example: Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence, 11 September 2009, p.51; Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, pp.2 and 6; ABS, Submission 16, p.2; Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010, p.7.

[37]     Ms Alana Maurushat, Cyberspace Law and Policy Centre, Transcript of Evidence, 8 October 2009, p.33.

[38]     Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence, 11 September 2009, p.51.

[39]     See for example: Office of the Privacy Commissioner, Submission 3, pp.11-12; Symantec Corporation, Submission 32, p.11; Fujitsu Australia Ltd, Submission 13, p.7; Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010, p.7.

[40]     AFP, Submission 25, p.20; Queensland Government, Submission 67, p.7; ACCC, Submission 46, pp.5-7.

[41]     Mr Paul Brooks, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.6; Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.2; Mr David Ready, Submission 6, p.1; Mr Mike Rothery, AGD, Transcript of Evidence, 25 November 2009, p.14.

[42]     ABS, Submission 16, p.1.

[43]     Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010, p.3.

[44]     ACMA, Submission 56, p.18.

[45]     ABS, Submission 16, p.1.

[46]     Internet Safety Institute, Submission 37, p.11.

[47]     Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010, p.7.

[48]     See for example: AIC, Submission 41, pp.16-17; ABS, Submission 16, p.2; Australian Computer Society, Submission 38, p.9.

[49]     ABS, Submission 16, p.2; Symantec Corporation, Submission 32.1, p.9.

[50]     See for example: Fujitsu Australia Ltd, Submission 13, p.7; Mr Alastair MacGibbon, Cyber security: Threats and responses in the information age, Australian Strategic Policy Institute, December 2009, pp.11-12; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15.

[51]     AIC, Submission 41, p.22; Telstra, Submission 43, p.3.

[52]     The Business Longitudinal Database comprises financial data sourced from the ABS Business Characteristics Survey, the Australian Taxation Office and the Australian Customs Service.

[53]     ABS, Submission 16, pp.2-3.

Chapter 4 Community Awareness and Vulnerability

[1]       Mr Alistair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.63.

[2]       ACMA, Click and connect: Young Australians’ use of online social media – 02: Quantitative research report, ACMA, July 2009, p.10.

[3]       ACMA, Australia in the Digital Economy: Trust and Confidence, ACMA, March 2009, p.29.

[4]       AVG, Australia Tops Global Cyber Crime Impact Survey, media release, AVG, 10 June 2008, viewed 21 January 2010, <http://www.avg.com.au/news/avg_cyber_crime_impact_survey/>.

[5]       Consumers’ Telecommunications Network (CTN), Surfing on thin ice: consumers and malware, adware, spam and phishing, CTN, November 2009, p.9.

[6]       Consumers’ Telecommunications Network, Surfing on thin ice: consumers and malware, adware, spam and phishing, CTN, November 2009, p.33.

[7]       Symantec Corporation, Submission 32, p.9

[8]       K Richards, The Australian Business Assessment of Computer User Security: a national survey, Australian Institute of Criminology, 2009, p.xii.

[9]       AusCERT, Computer Crime and Secuirty Survey, AusCERT, 2006, p.8.

[10]     See for example: Australian Computer Society (ACS), Submission 38, p.8; Dr Russell Smith, Australian Institute of Criminology (AIC), Transcript of Evidence, 19 August 2009, p.9; Mr Peter Coroneos, Internet Industry Association (IIA), Transcript of Evidence, 11 September 2009, p.18; Australian Federal Police (AFP), Submission 25, p.10; AusCERT, Submission 30, p.12.

[11]     ACMA, Australia in the Digital Economy: Trust and Confidence, ACMA, March 2009, p.39.

[12]     AusCERT, AusCERT Home Users Computer Security Survey 2008, AusCERT, 2008, p.3.

[13]     AusCERT, AusCERT Home Users Computer Security Survey 2008, AusCERT, 2008, p.3.

[14]     Symantec Corporation, Symantec Survey Reveals More than Half of Small and Midsized Businesses in Australia and New Zealand Experience Security Breaches, media release, Symantec Corporation, 12 May 2009, p.1.

[15]     AusCERT, Computer Crime and Security Survey, AusCERT, 2006, p.4.

[16]     Mr Anthony Burke, Australian Bankers Association NSW Inc, and Mr John Guerts, Commonwealth Bank of Australia, Tanscript of Evidence, 8 October 2009, p.59.

[17]     Australian Bureau of Statistics (ABS), 2007 Personal Fraud Survey, ABS, Cat. No. 4528.0, 2007, pp.14, 21.

[18]     ABS, 2007 Personal Fraud Survey, ABS, 2007, pp.14, 21, 24.

[19]     Mr Scott Gregson, Australian Competition and Consumer Commission (ACCC), Transcript of Evidence, 18 November 2009, p.1.

[20]     ABS, 2007 Personal Fraud Survey, ABS, 2007, pp.14, 21, 24.

[21]     Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010, pp.3-4.

[22]     Mr Peter Shenwun, Nigerian High Commission, Transcript of Evidence, 17 March 2010, p.1.

[23]     See for example: AusCERT, Submission 30, p.12; AusCERT, AusCERT Home Users Computer Security Survey 2008, AusCERT, 2008, p.3.

[24]     Tasmanian Government, Submission 51, p.3.

[25]     ACS, Submission 38, p.8.

[26]     Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010, p.4.

[27]     See for example: Consumers’ Telecommunications Network, Surfing on thin ice: consumers and malware, adware, spam and phishing, CTN, November 2009, p.21; Internet Safety Institute, Submission 37, p.10; Mr Terry Hilsberg, ROAR Film Pty Ltd, Transcript of Evidence, 8 October 2009, p.69; Telstra, Submission 43, p.4.

[28]     See for example: Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15; Mr Mike Rothery, Attorney General’s Department (AGD), Transcript of Evidence, 25 November 2009, p.14; Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.2; Internet Safety Institute, Submission 37, p.8; Fujitsu, Submission 13, p.7; IIA, Submission 54, p.5.

[29]     See for example: Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.9; Mr Scott Ridgway, ACCC, Transcript of Evidence, 18 November 2009, p.7; Dr Paul Brooks, Transcript of Evidence, 9 October 2009, p.11; Mr Mike Rothery, AGD, Transcript of Evidence, 25 November 2009, p.12.

Chapter 5 Domestic and International Coordination - Introduction

[1]       AGD, Submission 44, p.6.

[2]       Attorney General Hon Robert McClelland MP; Minister for Broadband, Communications and the Digital Economy, Senator The Hon Stephen Conroy; Minister for Defence, Senator the Hon John Faulkner, Joint Media Release, Australian Cyber Security Strategy Launched, 23 November 2009; Cyber Security Strategy, Australian Government, p.vi.

[3]       Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.4; Cyber Space Law and Policy Centre, Submission 62, p.6.

[4]       AGD, Submission 44, p.2.

[5]       AGD, Submission 44, p.7

[6]       Cyber Security Strategy, Australian Government, 2009, p.30.

[7]       AGD, Submission 44, pp. 22-23.

[8]       AGD, Submission 44, p.14.

[9]       Internet Safety Institute, Submission 37, p.11.

[10]     CLPC, Supplementary Submission 62.1, p.5.

[11]     CLPC, Supplementary Submission 62.1, p.5.

[12]     Microsoft Australia, Submission 35, p.6.

[13]     Mr James Shaw, Telstra Corporation Ltd., Transcript of Evidence, 11 September 2009, pp.44-45.

[14]     Telstra Corporation Ltd, Submission 43, p.3.

[15]     Mr James Shaw, Telstra Corporation Ltd., Transcript of Evidence, 11 September 2009, p.44.

[16]     ACCAN, Submission 57, p.1.

[17]     ACCAN, Submission 57, p.5.

[18]     ACCAN, Submission 57, p.5.

[19]     AusCERT, Submission 30, pp. 14 and 17; see also, Transcript of Evidence, 11 September 2009, p.5.

[20]     Mr Alastair MacGibbon, Transcript of Evidence, 11 September 2009, pp.60-61.

[21]     Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.5.

[22]     Sophos, Submission 66, p.6.

[23]     DBCDE, Submission 34, p.15.

[24]     AGD, Submission 44, p.13.

[25]     AGD, Submission 44, p.13; DBCDE, Submission 34, pp.16-17.

[26]     Internet Safety Institute, Submission 37, p.9.

[27]     Queensland Government, Submission 67, p.7.

[28]     Northern Territory Government, Submission 53, p.1.

[29]     AusCERT, Submission 30, p.11.

[30]     For example, Internet Safety Institute, Submission 37, p.11; OECD, Malicious Software (Malware): A Security Threat to the Internet Economy, 2008, pp.22-29; AusCert, Submission 30, p.11;                   Ms Penelope Musgrave, Director, Criminal Law Review, NSW Government, Transcript of Evidence, 8 October 2009, p.76.

[31]     ACCC, Submission 46, p.3.

[32]     Internet Safety Institute, Submission 37, p.7; see also, Ms Penelope Musgrave, Director Criminal Law Review, NSW Government, Transcript of Evidence, 8 October 2009, p.76.

[33]     AFP, Supplementary Submission 25.1, p.9.

[34]     CLPC, Submission 62.1, p.9.

[35]     CLPC, Submission 62.1, p.9.

[36]     AGD, Supplementary Submission 44.1, p.3.

[37]     Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15.

[38]     Internet Safety Institute, Submission 37, p.7.

[39]     CLPC, Supplementary Submission 62.1, p.5.

[40]     Mr Alastair MacGibbon, Cyber security: Threats and responses in the information age, APSI, December 2009, p.11.

[41]     South Australia Police, Submission 2, p.3.

[42]     Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15.

[43]     Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.2.

[44]     The AHTCC no longer exists. However, the website remains live and accessible via: <http://www.ahtcc.gov.au/tech_crimes_types/computer_intrusion.htm#report>, viewed 11 January 2009.

[45]     Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.1.

[46]     South Australia Police, Submission 2, p.3.

[47]     Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.2.

[48]     RSA, Submission 28, p.3.

[49]     AFP, Submission 25, p.16.

[50]     AFP, Submission 25, p.16.

[51]     AFP, Clarification regarding High Tech Crime Operations article, National Media Release, 23 September 2009.

[52]     AGD, Supplementary Submission 44.2, p.14; note this data does not indicate whether these offences have been prosecuted by Commonwealth or State or Territory authorities.

[53]     CLPC, Submission 62, p.3.

[54]     For example, a large scale DDOS attack on a Commonwealth Government website or hacking and theft from a bank system may warrant an investigation.

[55]     AFP, Submission 25, p.20.

[56]     The assessment of whether an investigation will be undertaken is considered under the framework of the Case Categorisation and Prioritisation Model (November 2009).

[57]     As noted above, the former AHTCC website did provide for online reporting of a DDOS attack and malware intrusion. The Committee notes that this website is still accessible via a general Internet search but the model is, in fact, defunct.

[58]     Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.6.

[59]     Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.62.

[60]     Mr Paul Brooks, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.6.

[61]     Mr Paul Brooks, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.6.

[62]     Mr Paul Brooks, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.6.

[63]     Mr David Ready, Submission 6, p.1.

[64]     Mr David Ready, Submission 6, p.1.

[65]     Mr Paul Brooks, Director, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.7.

[66]     Queensland Government, Submission 67, p.7.

[67]     Detective Superintendent Brian Hay, Queensland Police Service, Transcript of Evidence, 17 March 2010, p.3.

[68]     Queensland Government, Submission 67, p.6.

[69]     Detective Superintendent Brian Hay, Queensland Police Service, Transcript of Evidence, 17 March 2010, p.2.

[70]     Queensland Government, Submission 67, p.6.

[71]     The Australasian Consumer Fraud Taskforce is comprised of nineteen government regulatory agencies and departments with responsibility for consumer protection regarding frauds and scams; ACCC, Submission 46, p.5.

[72]     ACCC, Submission 46, p.4.

[73]     ACCC, Supplementary Submission 46.1, p.2.

[74]     Mr Peter Kell, Deputy Chair, ACCC, ACFT Consumer Fraud Research Forum, Consumer Complaints about Scams: Managing and Sharing Information, October 2009.

[75]     Mr Peter Kell, Deputy Chair, ACCC, ACFT Consumer Fraud Research Forum, Consumer Complaints about Scams: Managing and Sharing Information, October 2009.

[76]     ACCC, Submission 46, p.7.

[77]     ICPEN, viewed 18 January 2009, <http://www.econsumer.gov/english/report/overview.shtm>.

[78]     ICPEN, viewed 18 January 2009, <http://www.econsumer.gov/english/report/overview.shtm>.

[79]     Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15.

[80]     Queensland Government, Submission 67, p.7.

[81]     The SOCA e-Crime Unit is separate from the Child Exploitation and Online Protection Centre. Cases that fall within the PCeU Case Acceptance Criteria include: significant intrusions into government, commercial or academic networks; denial of service attacks, and other criminal use of Botnets; significant data breaches; significant false identity websites; mass victimisation e-crimes, such as large scale phishing, and electronic attacks on the Critical National Infrastructure, ACPO e-Crime Strategy, 2009, p.8.

[82]     ACPO e-Crime Strategy, 2009, p.2.

[83]     The City of London Police, which has been designated the National Lead Police Force for Fraud, hosts the facility.

[84]     Jeremy Kirk, IDG New Service, UK Police to Track E-Crime, Fraud Down to the Last Pence, 25 March, 2009.

[85]     NSW Government, Submission 49, p.6.

[86]     Detective Inspector William van der Graff, NSW Police Force, Transcript of Evidence, 8 October 2009, p.77.

[87]     Queensland Government, Submission 67, p.7.

[88]     Queensland Government, Submission 67, p.7; By contrast, the UK Police Service has already established standards for professional practice within e-crime, such as the ACPO Good Practice Guide for Computer Based Evidence and the ACPO Managers Guide to e-Crime; ACPO e-Crime Strategy, 2009, p.18.

[89]     Mr Graham Ingram,  Director, AusCERT, Transcript of Evidence, 11 September 2009, p.5;         Mr Alastair MacGibbon, Director, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.62.

[90]     AusCERT, Submission 30, p.15; Internet Safety Institute, Submission 37, pp.3 and 10.

[91]     Mr Alastair MacGibbon, Cyber security: Threats and responses in the information age, Australian Strategic Policy Institute, December 2009, p.11.

[92]     Mr Alastair MacGibbon, Director, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.62.

[93]     Mr Alastair MacGibbon, Director, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.62.

[94]     Mr Alastair MacGibbon, Cyber security: Threats and responses in the information age, Australian Strategic Policy Institute, December 2009, p.11.

[95]     McAfee, Submission 10, pp.11-12.

[96]     McAfee, Supplementary Submission 10.1, pp.2-4.

[97]     McAfee, Supplementary Submission 10.1, p.3.

[98]     McAfee, Supplementary Submission 10.1, pp.1-3.

[99]     McAfee, Supplementary Submission 10.1, p.3.

[100]   McAfee, Supplementary Submission 10.1, p.2.

[101]   McAfee, Supplementary Submission 10.1, p.3.

[102]   McAfee, Supplementary Submission 10.1, p.2.

[103]   McAfee, Supplementary Submission 10.1, p.3

[104]   Detective Superintendent Brian Hay, Queensland Police Service, Transcript of Evidence, 17 March 2010, p.9.

[105]   McAfee, Submission 10, p.7.

[106]   McAfee, Submission 10, p.7.

[107]   Section 1030 Title 18 of the United States Code; Roy Jordan, Client Memorandum, Department of Parliamentary Services, 12 January 2010; the penalty for computer offences resulting in an aggregated loss to one or more person of at least $5,000 (over a twelve month period) attracts a fine of up to 5 years imprisonment (or both).

[108]   CLPC, Supplementary Submission 62.1, p.9.

[109]   NSW Government, Submission 49, p.4.

[110]   Tasmanian Government, Submission 51, p.4.

[111]   NT Government, Submission 53, p.2.

[112]   AFP, Submission 25, p.15.

[113]   Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, pp.2-3.

[114]   ABA, Submission 7, p.6.

[115]   ABA, Submission 7, p.7.

[116]   ABA, Submission 7, p.6.

[117]   South Australian Police, Submission 10, p.4.

[118]   South Australian Police, Submission 10, p.4.

[119]   NSW Government, Submission 49, p.4.

[120]   South Australia Police, Submission 2, p.1.

[121]   Tasmanian Government, Submission 51, pp.1-5.

[122]   Tasmanian Government, Submission 51, p.5.

[123]   Tasmanian Government, Submission 51, p.4.

[124]   Tasmanian Government, Submission 51, p.4.

[125]   Tasmanian Government, Submission 51, p.4.

[126]   South Australia Police, Submission 2, p.3.

[127]   South Australia Police, Submission 2, p.3.

[128]   South Australia Police, Submission 2, p.3.

[129]   Detective Inspector William van der Graff, NSW Police Force, Transcript of Evidence, 8 October 2009, p.77.

[130]   Detective Inspector William van der Graff, NSW Police Force, Transcript of Evidence, 8 October 2009, p.77.

[131]   Detective Inspector William van der Graff, NSW Police Force, Transcript of Evidence, 8 October 2009, p.77.

[132]   AGD, Supplementary Submission 44.2, p.11.

[133]   AGD, Supplementary Submission 44.2, p.11.

[134]   AGD, Supplementary Submission 44.2, p.11.

[135]   See for example: Microsoft, Submission 35, p.11; Australian Information Industry Association, Submission 22, p.12; AGD, Submission 44, p.11.

[136]   AGD, Submission 44, p.10.

[137]   AGD, Submission 44, p.11.

[138]   Telstra, Submission 43, p.3.

[139]   Mr Tony Burke, ABA, Transcript of Evidence, 8 October 2009, p.51.

[140]   Mr Tony Burke, ABA, Transcript of Evidence, 8 October 2009, p.51.

[141]   ABA, Submission 7, p.13.

[142]   ABA, Submission 7, p.14.

[143]   Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8 October 2009, p.52.

[144]   RSA, Submission 28, p.3.

[145]   Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8 October 2009, p.52.

[146]   Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8 October 2009, p.53.

[147]   Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8 October 2009, p.53.

[148]   Symantec, Supplementary Submission 32.1, p.8.

[149]   Symantec, Supplementary Submission 32.1, p.9.

[150]   AGD, Supplementary Submission 44.2, pp.1-2.

[151]   These include section 70 of the Crimes Act 1914 (Cth) which deals with disclosure of information by Commonwealth officers, the Australian Public Service Code of Conduct set out in the Public Service Act 1999 (Cth) and the Australian Government’s Protective Security Manual.

[152]   Symantec, Supplementary Submission 32.1, p.9.

[153]   Symantec, Supplementary Submission 32.1, p.9.

[154]   CLPC, Submission 62, p.11.

[155]   Ms Alana Maurushat, CLPC, Transcript of Evidence, 8 October, 2009, p.33.

[156]   CLPC, Submission 62, p.11.

[157]   Ms Alana Maurushat, CLPC, Transcript of Evidence, 8 October, 2009, pp.32-33.

[158]   Dr Paul Brooks, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.13.

[159]   Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8 October 2009, pp.54-55.

[160]   Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8 October 2009, pp.54-55.

[161]   The national information infrastructure is made up of those key communications and information technology systems that support critical industries and government services, such as the telecommunications, transport, distribution, energy, utilities, banking and finance industries and defence and emergency services.

Chapter 6 Criminal and Law Enforcement Framework

[1]       AFP, Submission 25, p.13.

[2]       Russell Smith, Impediments to the Successful Investigation of Transnational High Tech Crime, Trends and Issues in Crime and Criminal Justice No. 285, Australian Institute of Criminology, October 2004, p.1.

[3]       Attorney-General’s Department, Submission 44, p.16; Telecommunications (Interception and Access) Act 1979 (Cth); Crimes Act 1914 (Cth).

[4]       Part 10.7 Divisions 477 and 478 of the Criminal Code; AGD, Submission 44, p.18.

[5]       Model Criminal Code Officers Committee of the Standing Committee of Attorneys-General, Chapter 4 Damage and Computer Offences, Report of the Committee, February 2001.

[6]       Commonwealth criminal law is ancillary to the performance of the Commonwealth of its powers to protect itself, the Constitution, its institutions and to enforce its own laws; Sir Garfield Barwick, Crimes Bill 1960, Second Reading Speech, House of Representatives, Debates, 8 September 1960 pp.1020-1021 reported in Research Paper No.12, Department of Parliamentary Library, Canberra, 2002, p.4.

[7]       AGD, Supplementary Submission 44.2, p.10.

[8]       AGD, Supplementary Submission 44.2, p.10; Microsoft Australia, Submission 35, p.7.

[9]       For example, section 480.4 of the Commonwealth Criminal Code makes it an offence to dishonestly obtain or deal in personal financial information without consent of that person to access funds, credit or other financial benefits.

[10]     MCLOC, Final Report: Identity Crime, Commonwealth of Australia, 2008.

[11]     AGD, Supplementary Submission 44.1, p.3.

[12]     AGD, Submission 44, p.4; Criminal Law Consolidation (Identity Theft) Amendment Act 2003 (SA); Criminal Code and Civil Liability Amendment Act 2007 (Qld); Note that under section 144B of the Criminal Law Consolidation Act 1935 (SA) it is an offence to assume a false identity or falsely pretend to be entitled to act in a particular capacity. Unlike the model provisions this offence does not require proof of an intention to commit a serious criminal offence.

[13]     The WA Bill ‘utilises and builds upon (but does not specifically implement) the model provisions’; WA Legislative Council, Standing Committee on Uniform Legislation and Statutes Review Report No 44, March 2010, p. 14, viewed 17 March 2010, <http://www.parliament.wa.gov.au/parliament/commit.nsf>.

[14]     AFP, Submission 25, p.9.

[15]     AGD, Submission 44, p.7; The E-Security Review did recommend: agency collaboration to address ‘legal issues associated with the blocking of user access to Internet sites by law enforcement and other agencies’; better coordination of crime reporting; and training and information for the legal profession.

[16]     AGD, Supplementary Submission 44.2, p.10.

[17]     AGD, Submission 44, p.4.

[18]     IIA, Submission 54, p.2.

[19]     Symantec, Supplementary Submission 32.1, p.2.

[20]     Symantec, Supplementary Submission 32.1, p.2.

[21]     Symantec, Supplementary Submission 32.1, p.2.

[22]     Symantec, Supplementary Submission 32.1, p.2.

[23]     AGD, Supplementary Submission 44.1, p.1.

[24]     Microsoft Australia, Submission 35, p.7.

[25]     Microsoft Australia, Submission 35, p.7

[26]     Tasmanian Government, Submission 51, p.4.

[27]     ABA, Submission 7, p.7.

[28]     Parliamentary Joint Committee on the Australian Crime Commission, Cybercrime, March 2004, p.vii and p.15.

[29]     ABA, Submission 7, p.7.

[30]     Telecommunications (Interception and Access) Amendment Bill 2009; see also, AGD, Discussion Paper and Exposure Draft Legislation: Computer Network Protection, July 2009; The Senate Legal and Constitutional Affairs Legislation Committee, Telecommunications (Interception and Access) Amendment Bill 2009 [Provisions], November 2009.

[31]     AFP, Supplementary Submission 25.1, p.8; Russell Smith, Impediments to the Successful Investigation of Transnational High Tech Crime, Trends and Issues in Crime and Criminal Justice No. 285, Australian Institute of Criminology, October 2004, pp.1-6.

[32]     CLPC, Submission 62, p.3.

[33]     AFP, Supplementary Submission 25.1, pp.8-9.

[34]     Section 3LA of the Crime Act 1914 (Cth).

[35]     AGD, Supplementary Submission 44.2, p.8.

[36]     The offence must carry a maximum penalty of three or more years.

[37]     AGD, Submission 44, p.19.

[38]     In 2005 the TIA was reviewed by Mr Anthony Blunn AO. The report, tabled in Parliament on 14 September 2005, recommended that legislation dealing with access to telecommunications data for security and law enforcement purposes be established, viewed 23 March 2010, <http://www.ag.gov.au/www/agd/agd.nsf/Page/Publications_Blunnreportofthereviewoftheregulationofaccesstocommunications-August2005>. The TIA was amended in 2006 to establish a warrant regime for access to stored communications. In 2007 the TIA was further amended to implement a two-tier regime for access to historic and prospective (real-time) telecommunications data. The provisions of the Telecommunications Act 1997 (Cth), that regulated access to telecommunications data for national security and law enforcement purposes, were also transferred to the TIA. See, Sue Harris-Rimmer, Telecommunications (Interception) Bill 2006, Bills Digest No. 102, 2005–06, 28 February 2006, Parliamentary Library; and, Bronwyn Jaggers, Telecommunications (Inception and Access) Amendment Bill 2008, Bills Digest No. 71, 7 March 2008 for further detail.

[39]     AFP, Supplementary Submission 25.1, p.9.

[40]     The Communications Access Coordinator is a statutory position performed by the First Assistant Secretary of the National Security Law and Policy Division in AGD; AGD, Supplementary Submission, 44.2, p.3.

[41]     AGD, Supplementary Submission 44.2, p.3.

[42]     NSW Government, Submission 49, p.6.

[43]     AGD, Supplementary Submission 44.2, p.7.

[44]     AGD, Supplementary Submission 44.2, p.7.

[45]     AFP, Supplementary Submission 25.1, pp.9-10.

[46]     AGD, Supplementary Submission 44.2, p.7.

[47]     AGD, Supplementary Submission 44.2, p.7.

[48]     AGD, Supplementary Submission 44.2, p.7.

[49]     AGD, Supplementary Submission 44.2, p.7.

[50]     Foreign Evidence Amendment Bill 2008; AGD, Supplementary Submission 44.2, p.8.

[51]     AGD, Supplementary Submission 44.2, p.8

[52]     AFP, Supplementary Submission 25.1, pp.8-9.

[53]     AusCERT, Submission 30, p.15.

[54]     AFP, Supplementary Submission 25.1, pp.8-9.

[55]     AFP, Supplementary Submission 25.1, pp.8-9.

[56]     AFP, Supplementary Submission 25.1, pp.8-9.

[57]     AGD, Supplementary Submission, 44.2, p.4.

[58]     AGD, Supplementary Submission 44.2, p.4.

[59]     AGD, Supplementary Submission, 44.2, p.5.

[60]     AGD, Supplementary Submission, 44.2, p.5.

[61]     AGD, Supplementary Submission, 44.2, p.5.

[62]     AGD, Supplementary Submission, 44.2, p.4.

[63]     Internet Safety Institute, Submission 37, p.7; Microsoft Australia, Submission 35, p.1.

[64]     ABA, Submission 7, pp.9-12.

[65]     ABA, Submission 7, pp.9-12.

[66]     Convention on Cybercrime, European Treaty Series No.185 (opened for signature Budapest 23.11.2001 entered into force 1.7.2004).

[67]     Directorate General of Human Rights and Legal Affairs, Council of Europe, Submission 31, p.3.

[68]     Council of Europe, Submission 31, p.3; at the time of writing 27 countries had signed and ratified or acceded to the treaty and 19 had signed the treaty but not yet proceeded to ratification, viewed 11 March 2010, <http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=1&DF=11/03/2010&CL=ENG>.

[69]     Council of Europe, Submission 31, p.3.

[70]     Microsoft Australia, Submission 35, p.9; Queensland Government, Submission 67, p.7; AIIA, Submission 22, p.3; AusCERT, Submission 30, p. 15.

[71]     Council of Europe, Submission 31, p.4.

[72]     Project Cybercrime, viewed 23 March 2010 <www.coe.int/cybercrime>. Adopted by the Global Conference Cooperation against Cybercrime, Council of Europe, Strasbourg, 1-2 April 2008.

[73]     Council of Europe, Submission 31, p.5.

[74]     Council of Europe, Submission 31, p.5

[75]     Council of Europe, Submission 31, p.4.

[76]     Council of Europe, Submission 31, p.4.

[77]     AGD, Submission 44, p.14.

[78]     AFP, Transcript of Evidence, 9 September 2009, p.11.

[79]     Section 13A of the Mutual Assistance in Criminal Matters Act 1987 (Cth) expressly excludes material obtained under the TIA from being provided to a requesting foreign country to assist in an investigation or proceedings for a serious offences against that country’s domestic law.

[80]     Council of Europe, Submission 31, p.4.

[81]     Microsoft Australia, Submission 35, pp. 6-10; Microsoft Corporation Ltd, Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws: A Study by Microsoft, November 2007, viewed 10 March 2010, <www.microsoft.com/asia>.

[82]     Microsoft Australia, Submission 35, p.7.

[83]     Microsoft Australia, Submission 35, p.7.

[84]     Microsoft Australia, Submission 35, p.8.

[85]     Microsoft Australia, Submission 35, p.7.

[86]     Microsoft Australia, Submission 35, p.8.

[87]     CLPC, Submission 62.1, p.3.

[88]     CLPC, Submission 62, p.3; Rychlicki T., Legal Issues of Criminal Acts Committed Via Botnets (2006) Computer and Telecommunications Law Review 12 (5), p.163 as cited CLPC, Submission 62, p.3.

[89]     Microsoft Australia, Submission 35, p.

[90]     For example, IIA, Submission 54, p.2.

[91]     IIA, Submission 54, p.5.

[92]     See CLPC, Submission 62; Microsoft Australia, Submission 35; Sophos, Submission 66.

[93]     CLPC, Submission 62, p.3.

[94]     CLPC, Submission 62, p.3.

[95]     AFP, Submission 25, p.9.

[96]     AFP, Supplementary Submission 25.1, pp. 9-10.

[97]     AGD, Supplementary Submission 44.2, p.8.

[98]     Fujitsu, Submission 13, p.7.

[99]     ThreatMetrix Pty Ltd, Submission 19, p.14.

[100]   AGD, Supplementary Submission 44.2, p.2.

[101]   NSW Government, Submission 49, p.5.

[102]   NSW Government, Submission 49, p.5.

[103]   NSW Government, Submission 49, p.6.

[104]   NSW Government, Submission 49, p.6.

Chapter 7 Protecting the Integrity of the Internet

[1]       The ACMA was established on 1 July 2005 by the merger of the Australian Broadcasting Authority and the Australian Communications Authority.

[2]       ACMA, Submission 56, p.3.

[3]       Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October, 2009, p.2.

[4]       Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.10.

[5]       ACMA, Submission 56, p.3.

[6]       Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.7.

[7]       ACMA, Submission 56, p.3.

[8]       ACMA, Submission 56, p.5.

[9]       Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October, p.2.

[10]     ACMA, Submission 56, p.5.

[11]     ACMA, Submission 56, p.8.

[12]     ACMA, Supplementary Submission 56.1, p.2.

[13]     ACMA, Supplementary Submission 56.1, p.2.

[14]     <http://www.shadowserver.org/>.

[15]     <http://www.honeynet.org.au/>.

[16]     <http://www.au.sorbs.net/>.

[17]     ACMA, Supplementary Submission 56.1, p.2.

[18]     Sophos, Submission 66, p.6.

[19]     Sophos, Submission 66, p.6.

[20]     Sophos, Submission 66, p.6.

[21]     Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.6.

[22]     See ALRC Report 108, pp.1330-1331; see also, Office of the Privacy Commissioner, Submission Draft Internet Industry Association eSecurity Code of Practice, p.3.

[23]     Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November, 2009, p.9.

[24]     ACMA, Submission 56, p.23.

[25]     IIA, Submission 54, p.7.

[26]     ACMA, Submission 56, p.3; Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.1.

[27]     <http://www.acma.gov.au>, viewed 27 May 2010.

[28]     <http://www.acma.gov.au>, viewed 27 May 2010.

[29]     Arbor Networks, Worldwide Infrastructure Security Report, Volume IV, October 2008, p.23 as cited in ACMA, Submission 56, p.23.

[30]     ACMA, Submission 56, p.22.

[31]     ACMA, Submission 56, p.5.

[32]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.15.

[33]     Mr Mike Rothery, AGD, Transcript of Evidence, 25 November 2009, p.10.

[34]     Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November, 2009, p.10.

[35]     Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November 2009, p.9; ACMA, Submission 56, p.3.

[36]     Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.6.

[37]     ACMA, Submission 56, p.22.

[38]     Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, pp.3-4.

[39]     Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.3.

[40]     Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.4

[41]     <http://www2.dreamtilt.com.au/index.php/internet-services/wireless-broadband/installation/159-aisi.html>, viewed 27 May 2010.

[42]    Correspondence to the Committee, Jamie Snashall, Senior Adviser Government Relations,Telstra Corporation Ltd, 1 June 2010.

[43]     ACMA, Submission 56, p.22.

[44]     In this context, placing an end user in a ‘walled garden’ means restricting Internet access from that computer only to approved IP addresses.

[45]     ACMA, Submission 56, p.22.

[46]     Sophos, Submission 66, p.6.

[47]     IIA, Submission 54, p.8.

[48]     ACMA, Submission 56, p.8.

[49]     AusCERT, Home Users Computer Security Survey 2008, p.30.

[50]     AusCERT, Home Users Computer Security Survey 2008, p.30.

[51]     ACMA, Supplementary Submission 56.1, p.3.

[52]     Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November, 2009, p.9.

[53]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, pp.15-16.

[54]     IIA, Submission 54, p.8; Mr Keith Besgrove, DBCDE, Transcript of Evidence, Wednesday 25 November, 2009, p.9.

[55]     IIA, Internet Service Providers Voluntary Code of Practice for Industry Self-Regulation in the Area of e-Security, (Consultation Version 1.0), September, 2009, p.9.

[56]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.15; see also, Ben Grubb, ZDNet.com.au, Privacy Commissioner delays zombie code, 27 January 2010.

[57]     IIA, Internet Service Providers Voluntary Code of Practice for Industry Self-Regulation in the Area of e-Security, (Consultation Version 1.0), September, 2009, p.9.

[58]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.17.

[59]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.16.

[60]     <www.tortoise.iia.net.au>.

[61]    Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.16.

[62]     Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence, 11 September 2009, p.54.

[63]     Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, pp.60-61.

[64]     AusCERT, Submission 30, pp.14-24.

[65]     Telstra, Submission 43, p.5.

[66]     Telstra, Submission 43, p.5.

[67]     Ms Alana Maurushat, CLPC, Transcript of Evidence, 8 October 2009, p.27.

[68]     DBCDE, Supplementary Submission 34.1, p.2.

[69]     Subsections 313 (1)(2)(3) of the Telecommunications Act 1997 (Cth).

[70]     Subparagraph 313(5)(a) of the Telecommunications Act 1997 (Cth).

[71]     Subsection 313(6) of the Telecommunications Act 1997 (Cth).

[72]     DBCDE, Supplementary Submission 34.1, p.2; subparagraph 313(5)(b) of the Telecommunications Act 1997 (Cth).

[73]     DBCDE, Supplementary Submission 34.1, p.3.

[74]     Clause 7.3 of the IISCP; as cited, ACMA, Supplementary Submission 56.1, p.1.

[75]     ACMA, Supplementary Submission 56.1, p.1.

[76]     That draft code set out to establish guidelines for cooperation in criminal and civil investigations and to promote positive relations between industry and law enforcement. It was also intended to give users confidence their privacy and the confidentiality of their transactions will be protected from unlawful intrusion; Internet Industry Code of Practice, paragraph 1.11, as cited, Joint Parliamentary Committee on the Australian Crime Commission, Cybercrime, March 2004, p.17.

[77]     Joint Parliamentary Committee on the Australian Crime Commission, Cybercrime, March 2004, p.17.

[78]    See, for example, existing law regulating ISPs: Telecommunications Act 1997 (Cth), Telecommunications (Intercept and Access) Act 1979 (Cth); and, the Spam Code of Practice.  In relation to prohibited classified content, the Internet industry Content Services Code was registered under the Broadcasting Act 1992 (Cth) in 2008; to block access to foreign online gambling sites, the IIA Interactive Gambling Industry Code was registered by ACMA in 2001.

[79]     See, AusCERT, Submission 30, pp.14-24; AusCERT, Exhibit 13, Internet Industry Code of Practice, pp.1-16.

[80]     AusCert, Exhibit 13, Internet Industry Code of Practice Submission, p.13.

[81]     AusCert, Exhibit 13, Internet Industry Code of Practice Submission, p.13.

[82]     AusCert, Exhibit 13, Internet Industry Code of Practice Submission, p.13.

[83]     Internet Engineering Task Force, Draft Recommendations for the Remediation of Bots in ISP Networks, September 15, 2009; see also, AusCert, Exhibit 13, Internet Industry Code of Practice Submission, p.3.

[84]     IIA, Supplementary Submission 54.1, p.1.

[85]     Symantec, Supplementary Submission 32.1, p.6.

[86]     AusCERT, Exhibit 13, Internet Industry Code of Practice, p.12.

[87]     AusCERT, Exhibit 13, Internet Industry Code of Practice, p.11.

[88]     IIA, Supplementary Submission 54.1, p.4

[89]     Symantec, Supplementary Submission 32.1, p.6.

[90]     Cited in Symantec, Supplementary Submission 32.1, p.6.

[91]     See <https://www.ccc.go.jp/en_ccc/index.html>; see also <http://blog.cytrap.eu/?p=287>; IIA Supplementary Submission 54.1, p.3.

[92]     AusCERT, Exhibit 13, Internet Industry Code of Practice, p.11

[93]     Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.14.

[94]     Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.14.

[95]     AusCERT, Exhibit 23, p.3; Eco-Association of the German Internet Industry, Quick remedy for botnet infections, 14 December 2009; John Leyden, German ISPs teams up with gov agency to clean up malware, The Register, 9 December 2009.

[96]     AusCERT, Exhibit 23, Eco-Association of the German Internet Industry, Quick remedy for botnet infections, 14 December 2009; John Leyden, German ISPs teams up with gov agency to clean up malware, The Register, 9 December 2009.

[97]     AusCERT, Exhibit 23, Comcast, Comcast Unveils Comprehensive ‘Constant Guard’ Internet Security Program, Press Release, 8 October 2009.

[98]     ACMA, Submission 56, p.15; Symantec, Submission 32, p.2.

[99]     Symantec, Submission 32, p.2.

[100]   ACMA, Submission 56, p.15.

[101]   Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.5.

[102]   ACMA, Submission 56, p.15.

[103]   ACMA, Supplementary Submission 56.1, p.5.

[104]   ACMA, Supplementary Submission 56.1, p. 5.

[105]   ACMA, Supplementary Submission 56.1, p.5.

[106]   AGD, Supplementary Submission 44.2, p.4.

[107]   Nick Wingfield, Microsoft wins ‘botnet’ order, The Wall Street Journal Asia, 26 February 2010, p.6; William Jackson, Microsoft unplugs spammer botnet with legal strategy, Government Computer News, 1 March 2010 http://gcn.com/Articles/2010/03/010, viewed 3 March 2010.

[108]   Australian Bureau of Statistics, Internet Activity, Australia, Cat. No. 8153.0, December 2008.

[109]   Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.

[110]   Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.

[111]   Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.

[112]   Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.

[113]   Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.

[114]   <http://www.us-cert.gov/nav/report_phishing.html>, viewed 1 March 2009.

[115]   Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.9.

[116]   Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.9.

[117]   Australian Computer Society, Transcript of Evidence, 9 October 2010, pp.34-35.

[118]   Clauses 6, 10.1 and 10.4, Spam Code of Practice.

[119]   DCITA, Report on the Spam Act 2003 Review, June 2006, p.77.

[120]   DCITA, Report on the Spam Act 2003 Review, June 2006, p.104.

[121]   Domain name servers (DNS) convert web addresses into Internet Protocol addresses and routes the computer user to the correct location. Thirteen root DNS servers cover the entire Internet along with a number of local servers. Once reconfigured, the DNS can send users to any number of websites and seriously compromise the entire Internet system. In the case of Domain Name Server poisoning, the list of addresses in a DNS server are altered so that a legitimate URL address points to an illegitimate Internet Protocol address, the fraudulent web site (Brody, R.G., Mulig, G., and Kimball, V. 2007, ‘Phishing, pharming and identity theft’, Academy of Accounting and Financial Studies Journal) as cited AFP, Submission 25, p.4.

[122]   <http://www.icann.org/en/topics/new-gtlds/strategy-faq.htm>, viewed 1 March 2010.

[123]   See, for example, AusCERT, Submission 30, p.15; Abacus – Australian Mutuals, Submission 55, p.4; Australian Computer Society, Transcript of Evidence, 9 October 2009, p.39.

[124]   Australian Computer Society, Transcript of Evidence, 9 October 2009, p.39.

[125]   Abacus – Australian Mutuals, Submission 55, p.4.

[126]   AusCERT, Submission 30, p.15.

[127]   The APWG is an international industry association focused on eliminating phishing.

[128]   AusCERT, Submission 30, p.15.

[129]   APWG, Best Practices Recommendations for Registrars, October 2008, p.1.

[130]   Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8 October 2009, p.1.

[131]   In fact, there are five country codes associated with Australia - .au for Australia, .cc for Cocos Islands, .cx for Christmas island, .hm for Heard and MacDonald Island and .nf for Norfolk Island.

[132]   ICANN, Submission 40, p.1.

[133]   Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8 October 2009, p.2; the domain name system security extension protocol is discussed in Chapter 11 of this report.

[134]   ICANN, Supplementary Submission 40.1, p.1.

[135]   Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8 October 2009, p.2

[136]   Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8 October 2009, p.1-12; DBCDE, Submission 34.1, p.1.

[137]   Mr Neil Brown QC, The New Internet – The Expansion of Top Level Domains – An Update, Domain Times, <http://www.domaintimes.info/>, viewed 1 March 2010.

[138]   Ms Holly Raiche, Executive Director, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.6.

[139]   Ms Holly Raiche, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.6.

[140]   As noted in Chapter 2, ‘domain hijacking’ is where a cyber criminal takes control of a domain name by stealing the identity of a domain name owner, then uses this domain name to host a malicious website. ‘Typo-squatting’ is also sometimes known as website hijacking. This where a person registers domain names with a common typographical error in an established domain name to divert traffic to an illegitimate site.

[141]   ICANN, Security and Stability Advisory Committee, Domain Name Hijacking: Incident, Threats, Risks and Remedial Actions, July 2005, p.5.

[142]   ICANN, New gTLD Program Explanatory Memorandum, Process for Amendments to New gTLD Registry Agreements, 15 February 2010; ICANN, New gTLD Explanatory Memorandum, Mitigating Malicious Conduct, 3 October 2009.

[143]   More detail is available at <http://www.icann.org/en/topics/new-gtlds/mitigating-malicious-conduct-04oct09-en.pdf>; ICANN, Supplementary Submission 40.1, p.1.

[144]   Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8 October 2009, p.9-10.

[145]   ICANN, Supplementary Submission 40.1, p.3.

[146]   Ms Holly Raiche, Executive Director, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.1; see also, ICANN, Supplementary Submission 40.1, p.3.

[147]   For example, the gov.au Domain Name Registrar function is delegated to the Australian Government Information Management Office.

[148]   .auDA, Proposed Changes to the Regulation of Registrar-Appointed Resellers, October 2003, pp.1-3.

[149]   DBCDE, Supplementary Submission 34.1, p.1.

[150]   See, clause 3 of the .au Domain Name Supplies Code of Practice, 2004-04, 14 October 2004.

[151]   Clause 15.4 of the .auDA Registrar Agreement (Approved Version 3-1 June 2008).

[152]   Ms Holly Raiche, Internet Society of Australia, Transcript of Evidence, 9 October 2009, p.39.

[153]   DBCDE, Supplementary Submission 34.1, p.1.

[154]   DBCDE, Supplementary Submission 34.1, p.1.

[155]   DBCDE, Supplementary Submission 34.1, p.1.

[156]   DBCDE, Supplementary Submission 34.1, p.1.

[157]   DBCDE, Supplementary Submission 34.1, p.1.

[158]   ACCC, Submission 46, p.7.

[159]   ACCC, Submission 46, p.7.

[160]   ACCC, Submission 46, p.7.

[161]   ACCC v Chen [2003] FCA 897 at 25; ACCC, Submission 46, p.7; Justice Sackville granted declaratory relief and an injunction under the Trade Practices Act 1952 (Cth) to mark its disapproval. The injunction in this case was granted to facilitate cooperation with the US Federal Trade Commission to take measures under US law to prevent Mr Chen from publishing misleading or deceptive material relating to the Sydney Opera House.

[162]   The standard definition of ‘phishing’ is fraudulent activity to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

[163]   The APWG best practice guide applies only to domain names registered solely for a fraudulent or criminal purpose. The procedures recommended do not apply to websites of a legitimate domain that is compromised and used by criminals to attack or compromise other computers; APWG, Best Practices Recommendations for Registrars, October 2008, p.3.

[164]    British Telecommunications plc v One in a Million Ltd [1998] 4 All ER 476, [1999] 1 WLR 903, [1999] FSR 1, [1998] NLJR 1179, [1998] All ER (D) 362 (Held: the court has jurisdiction in a passing off action to injunct the registration of a domain name calculated to infringe the rights of others. The registration was regarded as having equipped another with an instrument of fraud. A threat to infringe the trade mark of another was established because the defendant (registrant) sought to sell domain names which were confusingly similar to registered trademarks); see also .auDomain Administration Ltd v Network.com.au Pty Ltd [2004] ATMO 36 (29 June 2004) where the registration of www.network.com.au as a trade mark was opposed on the grounds that the company was not the licence holder of the domain name.

 

Chapter 8 Consumer Protection

[1]       ACCC, Submission 46, p.2.

[2]       ACCC, Submission 46, p.3.

[3]       ACCC, Submission 46, p.3.

[4]       ACCC, Submission 46, p.2.

[5]       ACCC, Submission 46, p.6.

[6]       ACCC, Supplementary Submission 46.1, p.7.

[7]       ACCC, Submission 46, p.5.

[8]       ACCC, Supplementary Submission 46.1, p.1.

[9]       ACCC, Supplementary Submission 46.1, p.1.

[10]     ACCC, Supplementary Submission 46.1, p.1.

[11]     Detective Inspector William van der Graff, NSW Police Force, Transcript of Evidence, 8 October 2009, p.77.

[12]     ACCC, Submission 46, p.6.

[13]     See Article 4 (a) to (f) of Memorandum on the Establishment and Operation of the International Consumer Protection and Enforcement Network, agreed to at the Conference in Jeju, Republic of Korea, 26-28 March 2006.

[14]     Available at <http://www.ftc.gov/os/2000/07/ftcacccagrmnt.htm>, viewed 10 April 2010.

[15]     ACCC, Supplementary Submission 46.1, p.14.

[16]     ACCC, Supplementary Submission 46.1, p.14.

[17]     ACCC, Supplementary Submission 46.1, p.1.

[18]     ACCC, Submission 46, p.1.

[19]     Mr Scott Gregson, Group General Manager, Enforcement Operations, ACCC, Transcript of Evidence, 18 November 2009, p.6.

[20]     ACCC, Submission 46, p.7.

[21]     ACCC, Supplementary Submission 46.1, p.3.

[22]     ACCC v Bindert (Ben) Loosterman & Ors FCA 1391/2008; Resolved by consent with final orders available on the Federal Court Website at: <https://www.comcourts.gov.au/file/Federal/P/NSD1391/2008/3549912/event/25652026/document/150771>, viewed 10 April 2010.

[23]     The Trade Practices Amendment (Australian Consumer Law) Bill 2009 passed both Houses of Parliament on 17 March 2010.  State and Territory Governments will introduce application legislation to apply the entire Australian Consumer Law in each jurisdiction.

[24]     The Foreign Judgments Act 1991 (Cth) provides a mechanism for the registration and enforcement of overseas judgments on the basis of ‘substantial reciprocity of treatment’ (s.5(1)).

[25]     ACCC v Chen [2003] FCA 897 at 62.

[26]     CLPC, Supplementary Submission 62.1, p.4.

[27]     CLPC, Supplementary Submission 62.1, p.5.

[28]     CLPC, Supplementary Submission 62.1, p.5.

[29]     DCITA, Taking Care of Spyware, September 2005, p.3.

[30]     K Howard, Mallesons Stephen Jacques, Computers and Law, March 2006, p.17.

[31]     CLPC, Submission 62, p. 7.

[32]     Paul Clarke, Do we need a Spyware Act?, Internet Law Bulletin, Volume 8 Issue 4, p. 58.

[33]     DICITA, Outcome of the Review of the Legislative Framework on Spyware, 2004

[34]     DICITA, Outcome of the Review of the Legislative Framework on Spyware, 2004.

[35]     CLPC, Supplementary Submission 62.1, p.8.

[36]     ACCC, Supplementary Submission 46.1, p.11.

[37]     CLPC, Supplementary Submission 62.1, p.8. Emphasis added.

[38]     CLPC, Supplementary Submission 62.1, p.7.

[39]     CLPC, Supplementary Submission 62.1, p.8.

[40]     CLPC, Supplementary Submission 62.1, p.6.

[41]     CLPC, Supplementary Submission 62.1, p.8.

[42]     CLPC, Supplementary Submission 62.1, p.5.

[43]     Note also that corporate liability can apply where the fault element is attributable to a body corporate that has expressly, tacitly or impliedly authorised the commission of the offence. See Chapter 2 of the Criminal Code.

[44]     CLPC, Submission 62, p. 6.

[45]     ACCAN, Submission 57, p.11.

[46]     ACS, Submission 38, p.4; ACCAN, Submission 57, Surfing on Thin Ice: Consumers and Malware, Adware, Spam & Phishing, p.11.

[47]     ASCCA, Submission 63, p.4.

[48]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.19.

[49]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.20.

[50]     Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.19.

[51]     ACS, Submission 38, p.10; AusCERT, Submission 30, p.4; Internet Safety Institute, Submission 37, p.6; see also, C Wilson, Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress, CRS Congress Research Paper, Updated January 29, 2008, p.26.

[52]     Internet Safety Institute, Submission 37, p.6; viewed 13 April 2010, <http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf page 18>.

[53]     AusCERT, Submission 30, p.4.

[54]     AusCERT, Submission 30, p.4.

[55]     AusCERT, Submission 30, p.4.

[56]     ACS, Submission 38, p.10.

[57]     ACS, Submission 38, p.10.

[58]     ACCAN, Surfing on Thin Ice: Consumers and Malware, Adware, Spam & Phishing, p.24.

[59]     Sensis,  E-Business Report: The Online Experience of Small and Medium Enterprises, July 2008, p.5; Sensis,  E-Business Report: The Online Experience of Small and Medium Enterprises, August 2009, pp.5 and 11.

[60]     ACS, Submission 38, p.11.

[61]     Australasian Information Security Evaluation Program.

[62]     <http://www.commoncriteriaportal.org/theccra.html>

[63]     AusCERT, Submission 30, p.21.

[64]     AusCERT, Submission 30, p.21.

[65]     Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009, p.7.

[66]     ACS, Submission 38, p.11.

[67]     AusCERT, Submission 30, p.20.

[68]     AusCERT, Submission 30, p.20.

[69]     Microsoft Australia, Submission 35, p.1.

[70]     Symantec, Submission 32, p.12.

[71]     Science and Technology Committee, Personal Internet Security, Volume 1 Report, House of Lords, August 2007, pp.41-42.

[72]     See discussion, Transcript of Evidence, 18 November 2009, pp.12-15.

[73]     The latter means the goods should be free from defects not obvious at the time of purchase and be of reasonable quality and performance taking into account the price and description at the time of purchase.

[74]     Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009, p.15.

[75]     Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009, p.15.

Chapter 9 Privacy Measures to Combat Cyber Crime

[1]       See for example: Australian Merchant Payments Forum, Submission 17, p.1; Internet Industry Association, Submission 54, p.4; Internet Society of Australia, Submission 45, p.5.

[2]       OVPC, Submission 33, p.2.

[3]       OPC, Submission 3, pp.3-7.

[4]       ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.263-264.

[5]       ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.267.

[6]       ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.2381-2382.

[7]       ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.2382.

[8]       ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.2382.

[9]       See: ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.2377-2412.

[10]     OVPC, Submission 33, p.3.

[11]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.110-129.

[12]     Department of the Prime Minister and Cabinet, ALRC Privacy Report, DPMC, 19 March 2010, viewed 12 April 2010, <http://www.dpmc.gov.au/privacy/alrc.cfm>.

[13]     OVPC, Submission 33, pp.4-8; OPC, Submission 3, p.8; Symantec Corporation, Submission 32.1, p.3; Australian Communications Consumer Action Network, Submission 57, p.72.

[14]     Employee records are protected by law in some States, such as Victoria.

[15]     OVPC, Submission 33, p.4.

[16]     OVPC, Submission 33, p.4.

[17]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.1356.

[18]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.1392-1398, 1355-1356.

[19]     Department of the Prime Minister and Cabinet, ALRC Privacy Report, DPMC, 19 March 2010, viewed 12 April 2010, <http://www.dpmc.gov.au/privacy/alrc.cfm>.

[20]     OVPC, Submission 33, p.4.

[21]     Symantec Corporation, Submission 32.1, p.3.

[22]     Fujitsu Australia Ltd, Submission 13, p.7.

[23]     OPC, Guide to handling personal information security breaches, OPC, August 2008.

[24]     Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009, p.41; Ms Alana Maurushat, Cyberspace Law and Policy Centre, Transcript of Evidence, 8 October 2009, p.33; Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence, 11 September 2009, p.5.

[25]     OPC, Submission 3, p.12; OVPC, Submission 33, p.8.

[26]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.1696.

[27]     Department of the Prime Minister and Cabinet, ALRC Privacy Report, DPMC, 19 March 2010, viewed 12 April 2010, <http://www.dpmc.gov.au/privacy/alrc.cfm>.

[28]     OPC, Submission 3, p.12; OVPC, Submission 33, p.8; Symantec Corporation, Submission 32.1, p.3; Australian Communications Consumer Action Network, Submission 57, p.72.

[29]     RSA, Submission 28, p.4.

[30]     Symantec Corporation, Submission 32, p.11.

[31]     OVPC, Submission 33, pp.5-6.

[32]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.710.

[33]     OVPC, Submission 33, pp.4-7.

[34]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.732.

[35]     Australian Government, First Stage Response to the Australian Law Reform Commission Report 108, Australian Government, October 2009, p.39.

[36]     Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009, p.40.

[37]     OVPC, Submission 33, pp.4-5.

[38]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.706.

[39]     OVPC, Submission 33, pp.4-5.

[40]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.706.

[41]     OVPC, Submission 33, p.5.

[42]     Australian Government, First Stage Response to the Australian Law Reform Commission Report 108, Australian Government, October 2009, p.40.

[43]     Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009, pp.39-40.

[44]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.219, 224-225.

[45]     Department of the Prime Minister and Cabinet, ALRC Privacy Report, DPMC, 19 March 2010, viewed 12 April 2010, <http://www.dpmc.gov.au/privacy/alrc.cfm>.

[46]     OPC, Submission 3, pp.9-10.

[47]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.263-264.

[48]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.264.

[49]     See for example: Yahoo! Group Australia & New Zealand, Submission 18, p.2; PayPal, Submission 60, pp.8-9.

[50]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, p.1356.

[51]     IIA, Privacy Code Draft, IIA, 2010, viewed 13 April 2010, <http://www.iia.net.au>.

[52]     IIA, Internet Industry Privacy Code of Practice Consultation Draft 1.0, IIA, pp.3-4.

[53]     OPC, Privacy Codes Register, OPC, 2010, viewed 13 April 2010, <http://www.privacy.gov.au>.

[54]     OPC, Submission 3, p.10.

[55]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.1081-1082.

[56]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.1104.

[57]     Australian Government, First Stage Response to the Australian Law Reform Commission Report 108, Australian Government, October 2009, p.77.

[58]     OPC, Submission 3, pp.10-11.

[59]     Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009, p.45.

[60]     OPC, Submission 3, p.6.

[61]     The Hon Nicola Roxon, Personally Controlled Health Records for all Australians, media release, Parliament House, 11 May 2010, viewed 12 May 2010.

[62]     Government 2.0 Taskforce, Engage: Getting on with Government 2.0, Australian Government, December 2009, pp.xvii-xviii.

[63]     AusCERT, Submission 30, p.9; Lockstep, Submission 36, p.10; ATO, Submission 59, p.4; Mr Michael Cranston, ATO, Transcript of Evidence, 16 September 2009, p.2.

[64]     OVPC, Submission 33, pp.7-8.

[65]     ALRC, For Your Information: Australian Privacy Law and Practice, ALRC, Report 108, May 2008, pp.1569-1570, 1580.

[66]     Australian Government, First Stage Response to the Australian Law Reform Commission Report 108, Australian Government, October 2009, p.86.

[67]     Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009, p.41.

[68]     Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009, p.41.

Chapter 10 Community Awareness and Education Initiatives

[1]       Attorney General’s Department (AGD), Cyber Security Strategy, Australian Government, 2009, p.vii.

[2]       AGD, Cyber Security Strategy, Australian Government, p.30.

[3]       ACCC, Submission 46, p.2.

[4]       ACMA, Cybersmart program, ACMA, 6 October 2009, viewed 2 March 2010, <http://www.acma.gov.au>.

[5]       See for example: Australian Council of State School Organisations, Submission 42, p.6; ROAR Film Pty Ltd, Submission 64, p.19.

[6]       DBCDE, Submission 34, p.5.

[7]       Parliament of the Commonwealth of Australia, House of Representatives, Votes and Proceedings, No. 152, 11 March 2010, p.1687; Parliament of the Commonwealth of Australia, Senate, Journals of the Senate, No. 115, 11 March 2010, p.3296.

[8]       AGD, Cyber Security Strategy, Australian Government, p.17; DBCDE, Submission 34, p.12; Senator the Hon Helen Coonan, Launch of collaborative online security initiative, media release, Parliament House, 23 October 2006, viewed 2 February 2009, <http://www.minister.dbcde.gov.au/coonan/media/media_releases/launch_of_collaborative_online_security_initiative>.

[9]       DBCDE, Submission 34, p.12.

[10]     DBCDE, Submission 34, p.12; Australian Government, Stay Smart Online Alert Service User Guide, Australian Government, 2008, p.1.

[11]     ACCC, Submission 46, p.4.

[12]     ACCC, Submission 46, p.4; Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009, p.11.

[13]     The ACFT is a partnership of nineteen Australian and New Zealand government regulatory agencies and departments including the ACCC (chair), AGD, ACMA, AFP, DBCDE, ATO and State and Territory fair trading agencies.

[14]     See for example: NSW Government, Submission 49, p.3.

[15]     Australian Government, Cyber smart website, 2010, <http://www.cybersmart.gov.au/>.

[16]     See for example: ACCC, Submission 46, p.4; AFP, Technology Enabled Crime, AFP, 2 September 2009, viewed 4 February 2010, <http://www.afp.gov.au/national/e-crime.html>; AGD, Identity security, AGD, updated 2 February 2010, viewed 4 February 2010, <http://www.ag.gov.au/identitysecurity>; NSW Government, Submission 49, p.3; ATO, Submission 59, pp.9-11; ACCC, ‘The Little Black Book of Scams’, Exhibit 16, p.43; DBCDE, Submission 34.1, p.8.

[17]     ATO, Submission 59, pp.9-11; AFP, Submission 25, p.11; NSW Government, Submission 49, p.3; NT Government, Submission 53, p.3; Tasmanian Government, Submission 51, p.3; WA Government, Submission 48, p.2; Queensland Government, Submission 67, p.4; Mr Bruce Matthews, ACMA, Transcript of Evidence, 21 October 2009, p.6.

[18]     AGD, Dealing with Identity theft: protecting your Identity, Australian Government, 2009.

[19]     ACCC, Little Black Book of Scams, Exhibit 16.

[20]     See for example: Mr Bruce Matthews, ACMA, Transcript of Evidence, 21 October 2009, p.6; Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.20; McAfee Australia, Submission 10, p.6; Symantec Corporation, Symantec Exposes the Truth about the Internet Black Market and Takes a Stand against Cyber Crime, media release, Symantec Corporation, 11 September 2009, p.2; APCA, Submission 50, p.5; Telstra, Submission 43.1, p.3; ASCCA, Submission 63, p.12.

[21]     Mr Allan Asher, ACCAN, Transcript of Evidence, 8 October 2009, pp.14-15; ACCAN, Submission 57.1, p.2.

[22]     See for example: AusCERT, Submission 30, p.12; ASCCA, Submission 63, p.3.

[23]     Mr Bill Gibson, ATO, Transcript of Evidence, 16 September 2009, p.8.

[24]     ACCAN, Submission 57.1, p.5.

[25]     See for example: Consumers’ Telecommunications Network, Surfing on thin ice: consumers and malware, adware, spam and phishing, CTN, November 2009, p.25; Internet Safety Institute, Submission 37, p.10.

[26]     Mrs Nancy Bosler, ASCCA, Transcript of Evidence, 28 October 2009, p.5.

[27]     AGD, Cyber Security Strategy, Australian Government, p.17; DBCDE, Submission 34, pp.11-12; AFP, Submission 25, p.11.

[28]     DBCDE, Submission 34, pp.11-12; Australian Government, National E-security Awareness Week 2009 partnerships, Stay Smart Online, 2009, viewed 5 March 2009, <http://www.staysmartonline.gov.au/news-events/partners>.

[29]     DBCDE, Submission 34, p.12.

[30]     Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November 2009, p.5.

[31]     ACCC, Submission 46, p.5; NSW Government, Submission 49, p.4.

[32]     Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009, p.10.

[33]     ACCAN, Submission 57.1, p.5; Telstra, Submission 43, p.4;  Microsoft Australia, Submission 35, p.16; Internet Safety Institute, Submission 37, p.10.

[34]     Internet Society of Australia, Submission 45, p.5.

[35]     South Australia Police (SAP), Submission 2, p.2.

[36]     See for example: ACCAN, Submission 57.1, p.5; Telstra, Submission 43, p.4; Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.18; Ms Johnson, Australian Information Industry Association, Transcript of Evidence, 11 September 2009, p.29; Mr Bill Gibson, ATO, Transcript of Evidence, 16 September 2009, p.8; Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.64.

[37]     See for example: Mr Bill Gibson, ATO, Transcript of Evidence, 16 September 2009, p.8; Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.64.

[38]     Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009, p.18.

[39]     Mr Allan Asher, ACCAN, Transcript of Evidence, 8 October 2009, p.19.

[40]     DBCDE, Submission 34.1, p.9.

[41]     DBCDE, Submission 34.1, p.9.

[42]     DBCDE, Submission 34, pp.12-13.

[43]     Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November 2009, p.5.

[44]     ASCCA, Submission 63.1, p.1; Department of Families, Housing, Community Services and Indigenous Affairs, Broadband for Seniors, FAHCSIA, 2009, viewed 4 March 2010, <http://fahcsia.gov.au>.

[45]     See for example: AFP, Submission 25, pp.12-13; Microsoft Australia, Submission 35, p.17.

[46]     ThinkUKnow Australia, What is ThinkUKnow?, 2010, viewed 4 March 2009, <http://www.thinkuknow.org.au>.

[47]     Telstra, Submission 43.1, p.3.

[48]     Mrs Nancy Bosler, ASCCA, Transcript of Evidence, 28 October 2009, p.3; ASCCA, Submission 63, p.12.

[49]     See for example: ACCAN, Submission 57.1, p.5; Queensland Government, Submission 67, p.7.

[50]     ACMA, Australia in the Digital Economy: Report 1 – Trust and Confidence, ACMA, March 2009, p.35.

[51]     ASCCA, Submission 63, p.3.

[52]     Microsoft Australia, Submission 35, p.17; Mr Terry Hilsberg, ROAR Film Pty Ltd, Transcript of Evidence, 8 October 2009, p.68.

[53]     Telstra, Submission 43, p.4; Microsoft Australia, Submission 43, p.17.

[54]     ROAR Film Pty Ltd, Submission 64, pp.2-4, 19.

[55]     Mr Terry Hilsberg, ROAR Film Pty Ltd, Transcript of Evidence, 8 October 2009, p.68.

[56]     ACCAN, Submission 57.1, p.5.

[57]     EXIN South Pacific, EXIN to take over International Computer Driving Licence (ICDL) in Australia, media release, July 10 2008, viewed 4 March 2010, <http://www.acs.org.au/icdl/>.

[58]     ACCAN, Submission 57.1, p.5.

[59]     DBCDE, Submission 34.1, p.8.

[60]     See for example: ACCAN, Submission 57.1, p.5; Mr Bill Gibson, ATO, Transcript of Evidence, 16 September 2009, p.7; Mr Tony Burke, ABA, Transcript of Evidence, 8 October 2009, pp.50-51; SAP, Submission 2, p.2; Mr Darren Kane, Telstra, Transcript of Evidence, 11 September 2009, p.34; Internet Safety Institute, Submission 37, p.10.

[61]     See for example: ROAR Film Pty Ltd, Submission 64, p.2; Microsoft Australia, Submission 35, p.16; SAP, Submission 2, p.2; ABA, Submission 7, p.12.

[62]     See for example: ASCCA, Submission 63, p.3; Mr Bill Gibson, ATO, Transcript of Evidence, 16 September 2009, p.7; Microsoft Australia, Submission 35, p.16; Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p.53.

[63]     ACCAN, Submission 57.1, p.5; UK Cabinet Office, Cyber Security Strategy of the United Kingdom, UK Cabinet Office, June 2009, p.18.

[64]     ABA, Submission 7, p.12.

[65]     See for example: ACCAN, Submission 57, p.3; ASCCA, Submission 63, p.4; ACCAN, Submission 57.1, pp.5-6; Microsoft Australia, Submission 35, p.16; IIA, Submission 54, p.6; Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence, 11 September 2009, p.64; IIA, Submission 54, p.6.

[66]     See for example: ACCAN, Submission 57, p.3; Telstra, Submission 43, p.4.

[67]     Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009, p.53; ROAR Film Pty Ltd, Submission 64, pp.2-3,19.

[68]     See for example: ACCAN, Submission 57.1, p.5; Queensland Government, Submission 67, p.7.

Chapter 11 - Emerging Technical Measures to Combat Cyber Crime

[1]       See for example: Commonwealth Scientific and Industrial Research Organisation (CSIRO), Submission 26, p.4; Australian Institute of Criminology (AIC), Submission 41, p.17; Australian Security Intelligence Organisation, Submission 47, p.4; AusCERT, Submission 30, pp.21-22.

[2]       See for example: AusCERT, Submission 30, p.21; Mr Stephen Wilson, Lockstep Technologies Pty Ltd, Transcript of Evidence, 9 October 2009, p.45; Smart Card Alliance, Smart Card Primer, Smart Card Alliance, 2010, viewed 28 January 2010, <http://www.smartcardalliance.org/pages/smart-cards-intro-primer>.

[3]       Lockstep Technologies Pty Ltd, Submission 36, p.16.

[4]       See for example: AusCERT, Submission 30, p.21; Australian Payments Clearing Association (APCA), Submission 50, p.5.

[5]       Mr Stephen Wilson, Lockstep Technologies Pty Ltd, Transcript of Evidence, 9 October 2009, p.45

[6]       Lockstep Technologies Pty Ltd, Submission 36, p.16.

[7]       See for example: AusCERT, Submission 30, p.22; APCA, Submission 50, p.6.

[8]       AusCERT, Submission 30, p.22.

[9]       AIC, Submission 41, p.17.

[10]     See for example: Australia Post, Submission 27, p.7; Z Ramzan, Phsihing and Two-Factor Authentication, blog entry, Symantec  Security Blogs, July 11 2006, viewed 28 January 2009, <http://www.symantec.com/connect/blogs/phishing-and-two-factor-authentication>.

[11]     See for example: Australia Post, Submission 27, p.6.; Mr John Geurts, Commonwealth Bank of Australia, Transcript of Evidence, 8 October 2009, p.59.

[12]     Lockstep Technologies Pty Ltd, Submission 36, pp.13-14.

[13]     Australia Post, Submission 27, p.6.

[14]     Australian Taxation Office, Submission 59, p.15.

[15]     Biometrics Institute Ltd, FAQ – Answers, Biometrics Institute Ltd, 2 July 2009, viewed 28 January 2009, <http://www.biometricsinstitute.org>.

[16]     See for example: Mr Wilson, Lockstep Technologies Pty Ltd, Transcript of Evidence, 9 October 2009, p.42; Ms Caroline Pearce, APCA Ltd., Transcript of Evidence, 11 September 2009, p.73.

[17]     Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.16.

[18]     Mr Peter Watson, Microsoft Pty Ltd, Transcript of Evidence, 9 October 2009, p.17.

[19]     Microsoft Corporation, Microsoft’s vision for an identity metasystem, Web services technical articles, Microsoft Corporation, May 2005, viewed 28 January 2009, <http://msdn.microsoft.com/en-us/library/ms996422.aspx>. See also: Microsoft Australia, Submission 35, pp.14-15.

[20]     See for example: Mr Peter Watson, Microsoft Australia, Transcript of Evidence, 9 October 2009, p.17; Microsoft Corporation, Microsoft’s vision for an identity metasystem, Web services technical articles, Microsoft Corporation, May 2005, viewed 28 January 2009, <http://msdn.microsoft.com/en-us/library/ms996422.aspx>.

[21]     See for example: Mr Peter Watson, Microsoft Australia, Transcript of Evidence, 9 October 2009, p.17; Microsoft Corporation, Microsoft’s vision for an identity metasystem, Web services technical articles, Microsoft Corporation, May 2005, viewed 28 January 2009, <http://msdn.microsoft.com/en-us/library/ms996422.aspx>.

[22]     See for example: Mr Peter Watson, Microsoft Australia, Transcript of Evidence, 9 October 2009, p.17; Microsoft Corporation, Microsoft’s vision for an identity metasystem, Web services technical articles, Microsoft Corporation, May 2005, viewed 28 January 2009, <http://msdn.microsoft.com/en-us/library/ms996422.aspx>.

[23]     Educause, 7 things you should know about DNS, Educause, January 2010, p.1, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.

[24]     See for example: Dr Paul Twomey, Internet Corporation for Assigned Names and Numbers (ICCAN), Transcript of Evidence, 8 October 2009, p.3; Educause, 7 things you should know about DNS, Educause, January 2010, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.

[25]     See for example: Dr Paul Twomey, ICCAN, Transcript of Evidence, 8 October 2009, p.3; Educause, 7 things you should know about DNS, Educause, January 2010, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.

[26]     CSIRO, Submission 26, pp.12-14.

[27]     See for example: Office of the Privacy Commissioner (OPC), Submission 3, p.13; Office of the Victorian Privacy Commissioner, Submission33, p.7.

[28]     Dr Peiyuan Zhu, Submission 61, pp.1-4.

[29]     OPC, Submission 3, pp.13-14.

[30]     Australian Bankers’ Association (ABA), Submission 7.1, p.2; Sophos Pty Ltd, Submission 66, p.5.

[31]     Symantec Corporation, Symantec delivers groundbreaking reputation-based security technology, media release, Symantec Corporation, 10 September 2009, p.2; McAfee, Submission 10, pp.9-10.

[32]     Threat Matrix Pty Ltd, Submission 19, p.16.

[33]     Senator the Hon Stephen Conroy (Minister for Broadband, Communications and the Digital Economy), Measures to improve safety of the internet for families, Parliament House, 15 December 2009, viewed 29 January 2009, <http://www.minister.dbcde.gov.au/media/media_releases/2009/115>.

[34]     Web Management Interactive Technologies, Submission 68, p.3.

[35]     See for example: ABA, Submission 7.1, p.2; Sophos Pty Ltd, Submission 66, p.5; ICANN, Submission 40.1, p.3.

[36]     ABA, Submission 7.1, pp.2-3.

[37]     See for example: ABA, Submission 7.1, p.3; ICANN, Submission 40.1, p.3.

[38]     See for example: Mr Bruce Matthews, Australian Communications and Media Authority, Transcript of Evidence, 21 October 2009, p.4; AusCERT, Submission 30.1, p.3.

[39]     Detective Inspector William van der Graaf, NSW Police, Transcript of Evidence, 8 October 2009, p.79.

[40]     CSIRO, Submission 26, p.10.

[41]     CSIRO, Submission 26, p.11.

[42]     CSIRO, Submission 26, p.10.

[43]     See for example: Fujitsu Australia Ltd, Submission 13, p.8; C Patrikakis, M Masikos and O Zouraraki, ‘Distributed Denial of Service Attacks’, Internet Protocol Journal, Vol.7(4), December 2004, viewed 1 February 2010, <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-4/dos_attacks.html>.

[44]     CPatrikakis, M Masikos and O Zouraraki, ‘Distributed Denial of Service Attacks’, Internet Protocol Journal, Vol.7(4), December 2004, viewed 1 February 2010, <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-4/dos_attacks.html>.

[45]     Timesavers International Pty Ltd, Submission 14, pp.3-10.

[46]     Timesavers International Pty Ltd, Submission 14, p.11.

[47]     Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9 October 2009,  p.53.

[48]     See for example: Sophos, Submission 66, p.4; Lockstep Technologies Pty Ltd, Submission 36, p.14; Mr Peter Watson, Microsoft Australia, Transcript of Evidence, 9 October 2009, p.17.

[49]     Mr Andrew Littleproud, McAfee Australia Pty Ltd, Transcript of Evidence, 9 October 2009, p.70.

[50]     See for example: ABA, Submission 7, p.15; Mr Peter Coroneos, Internet Industry Association, Transcript of Evidence, 8 October 2009,  p.23.

[51]     Dr Paul Twomey, ICCAN, Transcript of Evidence, 8 October 2009, p.6.

[52]     Symantec Corporation, Submission 32, p.12.

[53]     Australian Computer Society Inc., Submission 38, p.11.

[54]     Symantec Corporation, Submission 32, pp.10-11.

Supplementary Remarks — The Hon Tony Smith MP

[1]       Emphasis added.

Appendix D — Commonwealth Computer Offences

[1]       The offence set out in subsection 477.1 (1) applies where conduct is caused by means of a carriage service and involves an intention to commit or facilitate a serious offence under Commonwealth, State or Territory law. Subsection 477.1(4) does not require the use of the Internet and is limited to the intention to commit or facilitate a crime under Commonwealth law.

[2]       Subsection 477.2(9) of the Criminal Code.

[3]      AGD, Submission 44, p.19.

Appendix E — Proposed Commonwealth Identity Fraud Offences -  

[1]       AGD, Supplementary Submission 44.1, p.3.

Back to top

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Aboriginal and Torres Strait Islander people are advised that this website may contain images and voices of deceased people.