Two Birds, One Stone and a PC: Cyberterrorism and the Trouble with Our Response

Margaret Cai analyses Australia’s legal response to cyberterrorism.

It’s June in 2015 and the United States of America is pre-occupied.

Caitlyn Jenner is trending, China’s stock market is crashing, Donald Trump has just announced his intention to seek the Republican nomination in the US Presidential Race.

Some 15,000 kilometres away in Kuala Lumpur, a 20-year old student hacks into the database of an unnamed American retailer and filters through tens of thousands of customer details. He settles on the locations, phone numbers and emails of 1351 US military and government personnel.

At an instant, this information is sent to ISIL.

Grabosky and Stohl declare that ‘few terms in contemporary conventional discourse are used as loosely as cyber and terrorism’. Naturally then, a definition is even more difficult to arrest when they are compounded. At its crux cyberterrorism and information warfare immobilises computer systems with the purpose of debilitating existing infrastructures. Its effect is both unpredictable and profound, causing governments to negotiate the delicate balance between maintaining security mechanisms against personal liberties.

In Australia, cyberterrorism can be captured by the Criminal Code Act 1995 insofar as it assumes an action or threat of action underpinned by an objective of advancing a political, religious or ideological cause. This must further be accompanied by the intention to intimidate the government or public. The Criminal Code Amendment (Terrorism) Act 2003 then reified the legislature’s position in the digital landscape by expressly providing that terrorist activities encompass that which seriously interferes with, disrupts or destroys an electronic system.

On a broader level, the legal responses to deal with terror threats largely subscribe to one of two categories — regulation and amelioration. While regulation refers to the prevention, enquiry and punitive reactions to terrorist activities, the latter plays a moderating role in relieving the social burdens of implemented counter-measures. This position is coloured by perspectives of human rights and the rule of law, as well as ideas concerning public resourcing. The result is the subversion of a utilitarian approach to terrorism; it deviates from a calculus where the rights and interests of individuals are compromised to suit the preservation of social institutions and comforts.

An example of the difficulty in negotiating the two is ‘Operation Titstorm’, a cyberattack perpetuated by online hacktivist group Anonymous on the Parliament House website. This involved the distribution of pornographic material to parliamentary email addresses in response to government proposals to ban select pornographic content from being accessed. Here, Hardy exposes the low threshold for prosecuting electronic terrorism in Australia as championed by the s 100.1(3) of the Criminal Code Act. The broad nature of this earlier outlined definition means that incidences such as digital protesting are at risk of being categorised as cyberterrorism.

While Malcolm Turnbull aptly observed that ‘the cyber sphere demands reactions as rapid as the kinetic battlefield’, Australia’s commitments to cybersecurity appear rhetorical. In 2016, American policy afforded $19billion of ‘emergency spend’ into enhancing cybersecurity in the civil sector, equating to 400 times the annualised, Australian spend. It is thus unsurprising that internationally, and in light of discourse surrounding terrorism, the notion of ‘liberty’ is situated in a pejorative dialogue where its forfeiture is justified and absolute. This again, occurs as a compelling juxtaposition from earlier Australian readings of terror threats, best epitomised by the conception of the Commonwealth’s Cybercrime Bill.

In his second reading speech, the Attorney-General notably tied cybercrime in with its economic costs to companies worldwide — positioning it as a corporate and financial imperative rather than an issue of national security. An examination of the current Australian approach towards cyberterrorism will suggest that the legal position is both stagnant and imperfect, despite its wider-global, political context.

In many ways cyberterrorism assumes the character of a recontextualised, reimagined form of guerrilla warfare. In August 2015, ISIL disseminated the details of 1351 individuals onto Twitter. It contained the following warning:

‘…we have your names and addresses…we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!’

What is clear is that the encroachment of terror activity onto cyberspace presents new challenges for both international and national governments. If Australia continues to take a reactionary back-seat against cyberterrorism through statute and funding, we’ll risk sinking in a kinetic battlefield.