Net cybercrime code released

21/07/2003 Written by Simon Hayes

LAW enforce­ment agen­cies have wel­comed today’s release of the Inter­net Indus­try Association’s draft cyber­crime code of con­duct, which will gov­ern rela­tions between ISP and offi­cial investigators.

The 28-​page code, devel­oped over 18 months, cov­ers issues rang­ing from the reten­tion of inter­net access records to the type of assis­tance access providers should give police in their investigations.
The code’s release was delayed after fed­eral Pri­vacy Com­mis­sioner Mal­colm Cromp­ton wanted to review its pri­vacy impli­ca­tions.

Devel­oped between the IIA and law enforce­ment agen­cies, the code requires ISPs to col­lect and store data includ­ing dynamic IP allo­ca­tion records, log-​in times, caller ID details and total data trans­ferred.

That data will be stored for six months ISPs may also retain infor­ma­tion includ­ing proxy logs, email senders, recip­i­ents and size, news­group logs and FTP logs, for a one-​week period.


The Aus­tralian Secu­ri­ties and Invest­ments Com­mis­sion direc­tor of online enforce­ment Keith Inman said ISP code of con­duct was a step for­ward in inves­ti­gat­ing crime online.

“There will be cost impli­ca­tions for indus­try par­tic­i­pants, there is no doubt about it,” he said.

“The IIA cyber­crime code of prac­tice is world-​leading.” The code stressed that not all ISPs have access to caller ID, and account details can­not always be linked to per­sonal iden­ti­fi­ca­tion.

IIA chief exec­u­tive Peter Coro­neos said CND was not always widely avail­able.

”(The code says) to the extent that they have it they should retain it under strict pri­vacy pro­vi­sions for six months,” he said. “This (code) is slanted towards pri­vacy.”

Mr Coro­neos’ com­ments came as Elec­tronic Fron­tiers Aus­tralia exec­u­tive direc­tor Irene Gra­ham claimed in some cases law enforce­ment agen­cies were access­ing ISP records with­out war­rants.

She declined to iden­tify in a pub­lic hear­ing of the Joint Com­mit­tee into the Aus­tralian Crime Com­mis­sion the ISPs who had given her the infor­ma­tion, but agreed to do so in an in-​camera hear­ing.

“I am told that they are doing it with­out a war­rant,” she said, adding that she had heard ISPs were assign­ing fixed IP addresses to peo­ple of inter­est to police to make it eas­ier to track their online activ­i­ties.


Addi­tional report­ing by Kate Mackenzie