Australia's federal government is considering legislation to allow companies working with critical infrastructure to monitor employees e-mail and instant messages without their consent to prevent a debilitating cyberattack, reports The Sydney Morning Herald.
... Attorney-General, Robert McClelland, .... told the Herald he had been advised that an attack to disable computer networks that sustained the financial system, stock exchange, electricity grid and transport system "would reap far greater economic damage than would be the case of a physical [terrorist] attack".
The Government is developing counter-measures, including amending the Telecommunications (Interceptions) Act to allow companies and others operating critical infrastructure to monitor emails and other internet communications without their workers' consent.
The act allows only security agencies to monitor their employees' communications without consent. That power expires at the end of June next year and Mr McClelland said he wanted the new legislation to include companies providing services critical to the economy.
The Attorney General believes these new powers are necessary given the risk, which was exemplified by a recent successful cyberattack launched against Estonia's infrastructure. There, authorities discovered that a 20-year-old student used a botnet attack to cripple the country's digital infrastructure for two weeks. The event, as Ars Technica notes, showed how much power one individual can wield in the virtual world, with dire real-world consequences.
McClelland said he would consult with civil liberties advocates, unions, and privacy experts before introducing legislation.
Civil liberties advocates are opposed to the granting of such sweeping powers to spy on workers.
"These new powers will facilitate fishing expeditions into employees' e-mails and computer use," rather than being used to protect critical infrastructure, said Dale Clapperton, the chairman of the Internet rights organization Electronic Frontiers Australia (EFA), to the Herald.
The EFA said on its Web site today that it fears that the Attorney General's plan to extend Internet communications surveillance powers to private employers will be used "to engage in inappropriate eavesdropping or to conduct corporate witch-hunts" while no evidence has been presented to show that the proposed changes "would have any significant positive effect on the security of corporate networks."
In the United States, courts have ruled that employees should not have an expectation of privacy when it comes to communications on the corporate network, as long as they have been given notice to that effect as a matter of policy.