KEY POINTS:
CANBERRA - The federal Government is drawing up plans to allow companies to spy on their employees' emails in a controversial upgrading of the nation's ability to protect vital sectors of the economy from cyber-attack.
The proposal, which would vastly extend powers previously allowed in legislation only for security agencies, has been attacked by civil liberties groups already alarmed by the welter of anti-terrorism laws that have stripped rights from Australians since the September 11, 2001, terror attacks on the United States. But analysts have also noted that outside of New South Wales - which requires companies to notify employees if emails are intercepted or blocked - no states have laws specifically protecting the privacy of electronic communications on company computers.
The decision to draw up new laws enabling the monitoring of employees' emails without their consent was revealed by Attorney-General Robert McClelland in an interview with the Sydney Morning Herald, and confirmed later by Deputy Prime Minister Julia Gillard.
Both emphasised that the move was considered crucial for national security, and that safeguards would be put in place to prevent abuse of the powers.
"I promise we're not interested in the email that you send out about who did what at the Christmas Party," Gillard told Channel Nine yesterday.
McClelland said the move followed advice that attacks on computer networks sustaining the financial system, stock exchange, electricity grid and transport systems would cause far greater economic damage than a physical attack by terrorists.
He said hackers had already tried to infiltrate sensitive systems in Australia and that breaches of both Government and private sector computer networks had occurred.
In some instances these had been a result of "mischief", in others to obtain security-sensitive information, and in some to obtain commercial information.
A cyber attack in Estonia last year had effectively shut down its Government for almost two weeks.
The attackers had used botnets - thousands of computers controlled by viruses - to simultaneously access an Estonian government website, overwhelming the server and crashing the entire network.
"At least 90 per cent of [Australian] networks exist outside government, but there are no powers for corporate network supervisors to intercept such communications unless they have specific authority from the employee," McClelland said.
"It's unquestionable that it's necessary from time to time for network supervisors to open emails addressed to people to identify viruses and the like.
"There need to be protocols and guidelines developed so companies can protect their own networks [which] will need new legislation."
Gillard said:
"When we think of infrastructure we think of roads and bridges and big things, but our technology is a big infrastructure issue these days.
"If our banking system collapsed, if our government electronic systems collapsed, obviously that would have huge implications for society, so we want to make sure they are safe from terrorist attack. Part of doing that is to make sure we have the right powers to ensure that we can tell if there is something unusual going on in the system so it's a national security move, not a move about an unseemly interest in people's private emails."
But Australian council of Civil Liberties president Terry O'Gorman told ABC radio that existing laws already provided sufficient protection against terrorism, and that Australia was already at risk of losing the balance between necessary anti-terrorism powers and civil liberties.
Dale Clapperton, chairman of the internet rights organisation Electronic Frontiers Australia, said he feared the new powers were more likely to be used for eavesdropping and corporate witch-hunts than protecting the nation from cyber-attack.