55
7.3.22 Australia has developed a means of clearly setting out the
responsibilities of Internet Service Providers to respond to requests for
authorised access by law enforcement authorities. The Internet industry,
working in cooperation with law enforcement agencies, developed a
Cybercrime Code of Practice.54 The Code sets out the sort of customerrelated personal data the ISPs would be expected to retain and thus make
available to authorities: name, address, e-mail address, billing records,
type of service, credit card data if collected, and other information
collected on an application for service. It identifies the operational data
that the ISP would be expected to retain, as well as other data if
collected. Minimum retention periods are set out, as well as what
responses to warrants would be required. Evidence collection and
handling guidelines are also established.
7.3.23 Canada is in the process of implementing new provisions for lawful
access, primarily through Criminal Code amendments. Canada has
signed the Convention but has not yet ratified it. The U.K. has passed
the Regulation of Investigatory Powers Act 2000 that compels assisted
disclosure of encrypted data and passwords; its stated target is child
pornography and human trafficking. There has been a strong
international push following the attacks on September 11th in the United
States for increased policing capacity to investigate crime and terrorist
activity that has resulted in more extensive lawful access provisions.
The U.S.A. PATRIOT Act, 200155 deals with lawful access to traffic data
over all media, including cable. It limits judicial oversight of electronic
surveillance, removing probable cause requirements and requiring
judges to authorise requests and implements roving wiretap orders. Its
provisions have been widely criticised as abuses of civil liberties and
may be subject to adjustment in the future.
7.3.24 The South African Regulation of Interception of Communications and
Provision of Communications-Related Information Act, 2002
(“Interception and Monitoring Act”) sets out a complex regime relating
to lawful access, prohibitions on access by unauthorised persons,
exceptions (e.g., to prevent serious bodily harm or locating an individual
in case of an emergency), real-time and archived information, provision
of warrants, and assistance to be provided by service providers. The Act
also prohibits the provisions of telecommunications services that do not
54
Internet Industry Association, Codes for Industry and Self Regulation and Rules of
Engagement with Law Enforcsment Agencies in Respect of Investigation Procedures Regarding
Online Fraud and Other Criminal and Terrorist Activity, Public Consultation Draft 2.0, July
2003; www.iia.net.au
55
Public Law No. 107-56, 115 Stat. 272.