Our submission to the Parliamentary Joint Committee on Law Enforcement into Cybercrime

 

In October 2023 Law & Cyber was invited by the Parliamentary Joint Committee on Law Enforcement to file a submission on the capability of law enforcement to respond to cybercrime.

You can access our full submission to the Parliamentary Joint Committee here.

Read our executive summary below.

Law & Cyber’s paper focusses on items [c] – [f] of the terms of reference (see the complete report).

 

It argues that the exponential growth in cybercrime against Australians cannot be prevented or addressed by law enforcement only, and that to have any meaningful impact on cybercrime impacting the community, the Parliament and regulators must address an ecosystem of factors that have led to the ongoing increase in cybercrime affecting Australians. 

In particular, these measures must address the ways in which:

1.
Technology companies and financial institutions have obtained and continue to obtain significant financial benefits from technology while passing on what can be serious risks to consumers, who do not appreciate the significance of those risks;

2.
Organisations collect vast amounts of data about Australians without sufficient clarity and understanding about how to keep their data secure, their legal obligations to keep that data secure or even why it is so important that this information be kept secure; and

3.
Few Australians have received effective education about how to protect themselves, their businesses and their customers from cyber threats.

Our submission argues that:

“ cybercrime represents an entirely new form of criminal activity with no jurisdictional boundaries, which means that a different approach is required to that which has traditionally underpinned the criminal law. In particular, the traditional focus on deterrence via law enforcement and punishment is unlikely to be effective in an era where it is easy to remain anonymous, Cybercrime-as-a-Service allows syndicates of cybercriminals to each perform part of a sequence of actions that contribute to a particular crime, without one person being solely responsible, and criminals may operate in regimes overseas that have no interest in supporting Australian law enforcement”

The submission argues that the law and law enforcement cannot keep up with exponential changes in technology, and accordingly Australia must take a different approach to protecting its citizens and residents than relying on laws and traditional law enforcement alone.

This approach would involve: 

  • Legal requirements for the banking and tech sectors to build in cybersecurity protections for

  • Their customers (“security by design”) and to be liable for certain customer losses when they do not;

  • Legislation preventing businesses from passing on certain risks to customers; and

  • An effective national education campaign and cyber resilience uplift program to make individuals, businesses and our nation safer from harm.


Simone Herbert-Lowe

AUTHOR

Simone Herbert-Lowe

Simone Herbert-Lowe is the founder and legal practitioner director of Law & Cyber, a provider of cyber-resilience education and cyber tabletop exercises for executive teams.


 
Previous
Previous

Australia’s largest law firm data breach - Lessons for the legal profession

Next
Next

The human factor: building a cyber-aware culture in your law firm