Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Parliamentary Joint Committee on Law Enforcement
29/03/2018
Impact of new and emerging information and communications technology

GEORGE, Ms Esther, Lead Cybercrime Consultant, International Association of Prosecutors

[15:19]

CHAIR: Welcome. Thank you for appearing before us today. We know that you've been here following proceedings from the start. The committee has received your submission as submission No. 19. Firstly, do you wish to make any corrections to your submission?

Ms George : No, thank you.

CHAIR: Do you have any comments to make on the capacity in which you appear?

Ms George : I'm appearing as the lead cybercrime consultant for the International Association of Prosecutors and the Global Prosecutors E-Crime Network.

CHAIR: We did have a set time of 45 minutes, but we'll see how we go. Would you like to make an opening statement and maybe give a brief synopsis of your submission?

Ms George : Thank you, Mr Chairman and the committee, for this opportunity to address you on behalf of the International Association of Prosecutors and the Global Prosecutors E-Crime Network. Cybercrime is a most fluid and hard-to-trace crime nowadays, allowing criminals to stay far ahead, unfortunately, of law enforcement. In the end, this will lead to enormous social problems. We need to work on this, and we should work on it fast. It is actually a very topical subject. Hardly a day goes by now when there is not a story in the press of cybercrime being perpetrated somewhere in the world. Because of this, I'm very glad to be addressing you today.

Our submission sets out, briefly, some of the general problems that we think are facing governments and prosecutors generally. We actually do fill our days as the International Association of Prosecutors training others on how to deal with cybercrime and to look at these problems. One of the major problems, we think, is dealing with electronic evidence. But there are others, and I'll just briefly list them: the lack of expertise—that's not just with law enforcement but with prosecutors and also with judges—in how to deal with these crimes; the problem of the integrity of evidence, to ensure admissibility of it; the problem of the complexity of the cases themselves; the involvement, which is ever increasing, of organised crime; and the increasing professionalism of criminals.

There's underreporting of the crime itself. This is sometime due to lack of awareness, as you've seen in the press; sometimes organisations are not aware that they've been attacked until years afterwards. And sometimes it's due to, unfortunately, the fact it would be commercial damage—where some organisations have been attacked and it's immediately in the press, their share price goes down. So you can see why it's not being reported.

There are also the problems you've been hearing about today, which are the borderless nature of the internet, and jurisdiction, which is a real problem. You've mentioned yourselves the problem of safe havens, and that we're only as strong as our weakest link. But there are also gaps in international cooperation which need to be fixed. There is the problem, which has come across in a number of speakers, that the evidence is very fragile and can be altered, and the slow speed of mutual legal assistance. The volume of the material that the police are dealing with is ever increasing, and that becomes a problem. You've mentioned encryption throughout the day, which is a problem in extracting the evidence; cross-border investigations; and investigations of cloud material, and how do you access the material once it's stored in the cloud. There's the problem of legislation—the fast development of the technology actually makes the problem of legislation even worse. These are the problems we set out.

In our submission, we set out a whole host of problems. We didn't, if I remember correctly, put in many solutions, but we did set out the problems. But you've been hearing most of them today, to be honest.

CHAIR: Thank you for that. On the first subject, about the capacity of criminals, are you finding that this is becoming more or less something that organised crime is involved in? Or is it like smaller actors operating from their basements?

Ms George : When I do my training, what I usually say is—when I look back to when I first started working with this, which was about 1999-2000—it is what I used to call disorganised crime. You had a lot of individuals on the internet hacking, et cetera, and you had the classic idea, which everybody had, that they were in their bedrooms with their pizza—'teenager on the internet' kind of thing—

CHAIR: But there was some truth in that idea?

Ms George : There was some truth in it back in the really early days when we weren't calling it computer crime, or anything, really. What we do today is really the beginning of it. What you had was—I called it disorganised crime because you had individuals who probably didn't know each other who came together, did one crime and then dispersed, and then got together with somebody else and did another crime. But it was just little patches, and it wasn't very organised at all. What you've got now is something completely different. You've got the fact that organised crime has woken up to the fact that crooks go to where the money is, and the money is online. They've woken up to the fact that the likelihood of you being caught—they think—is a lot harder online. Why would you go to a bank with a shotgun, put a stocking over your head and say, 'Hand over your money', and get a few thousand when you can stay at home, hack in and get a lot more? The likelihood of getting caught is lower.

CHAIR: Doesn't that then require some type of specialist skill, to, you say, go online and hack? I'm not saying anybody can pull a stocking over their head—it doesn't take much skill today to pull a stocking over your head and try to hold up a bank, other than stupidity!—but it's a small cohort of the population that would have the technology skills to be involved in this and perpetuate these crimes. Is that true?

Ms George : It used to be before; now, not really. With the darknet—and you've heard a lot about the darknet today, and you were talking about innovation earlier—I would say it's very innovative; it's like a start-up. What they're doing now is selling crime as a service. I wouldn't need to know how to hack; so far as I can read and follow instructions, I could do it. If I didn't know how to do it, they would actually allow me to pay them to do it for me. If I had any problems doing it, I could actually ring up—as you would if you bought anything online—and they would have people there who would talk me through it. So they have care and attention. But it's developed beyond what we're thinking.

CHAIR: Where you say it is organised crime behind these activities, that organised crime group would still need some form of high-level technical expertise; is that right? And then they could direct others to go and do it?

Ms George : I'm not sure whether they're buying it in or whether they've developed it in-house, but they are getting it. You're seeing it through most of the countries we're dealing with, and most of the prosecutors who are dealing with organised crime now will tell you it's very much moving to the internet—even with people trafficking, drugs and guns. Everything's on there.

CHAIR: Say, for example, a criminal network wants to get involved in producing drugs. They need specialist chemists with specialist knowledge. Is it similar in cybercrime, where they need people with specialist IT knowledge?

Ms George : To be honest, I'm not sure about that. But what we are seeing is that, on the darknet, they are buying and selling drugs, effectively. They're buying and selling nearly anything that moves on there.

CHAIR: So it's not only the cybercrime in itself as an activity; it's assisting other illicit activities?

Ms George : Yes. To be honest—and I wasn't sure—in the evidence that came before you, you had what I call pure cybercrime. Before computers were invented, you couldn't hack into a computer—it just did not exist. I call that pure cybercrime. You've got cyber-enabled crime, which is other crimes that have been committed forever, like fraud, and computers have made it easier for you to commit them. I think what you'll find is that pure cybercrime is growing, but cyber-enabled crime has really taken over. I said the major problem is electronic evidence because, for all crimes—especially cyber-enabled—you need electronic evidence to prove them to some degree.

CHAIR: You also talked about gaps in international cooperation. Could you expand on that a little bit, please?

Ms George : Yes. You've mentioned already the Council of Europe cybercrime convention, which, although it began in Europe, has actually spread and taken over quite a few countries. They have about 56 countries as signatories now, and that includes Australia, US, Turkey, Chile, Costa Rica, Dominican Republic, Israel, Japan, Mauritius, Senegal, Sierra Leone, Tonga and the Philippines. I understand that Tunisia has recently been invited to join. As you can see, it's gone outside Europe. The reason that I think this convention is very good is not just because I'm a Council of Europe expert—I also work with them training up prosecutors, judges and law enforcement in how to deal with this—but also because the Council of Europe convention is the only treaty you have that actually deals with is. It's been around since 2001 and it covers what I think are the main pillars that need to be covered. It sets out the offences, and you've got countries that have not signed up to the convention that actually have taken onboard the principles in their legislation and they've actually criminalised the offences.

I usually give this as an example when I am training: I'm not sure if you remember the ILOVEYOU virus that went around ages ago in the early days of the internet, which was an email saying, 'ILOVEYOU'. You would expect everybody to delete it. Unfortunately, most people opened it. It was a virus that caused millions of dollars' worth of problems. The Americans—I think it was the FBI—actually traced the person to the Philippines. They wanted to extradite him, but they couldn't because it wasn't an offence in the Philippines. It brings back the idea that what you need for international cooperation is for every country to criminalise the same offences. It doesn't have to be the same wording. What you need is that if I'm based in, let's say, the UK, and there's unauthorised access to a computer there by someone in Australia, it has to be an offence to do that, and it doesn't matter where. I think that's the beauty of things like the Council of Europe Convention on Cybercrime. I said that there are gaps because there are still countries, unfortunately, where they maybe haven't got the right offences in place.

CHAIR: In that respect, you said there are still countries that are not pulling their weight in this area. As you said, often the weakest link affects the strength of the chain. For those countries that are not pulling their weight, is there any talk of international sanctions or international pressure on those countries to do so?

Ms George : I must admit, from my point of view, I wouldn't go on the idea of sanctions or pressure. I would think there is a position of actually putting the problems in front of them. If you think about it, the Philippines did not necessarily want this to happen, and they didn't want to not have the offences; they weren't aware that this was a problem. Once it was brought to their attention, they then subsequently got the legislation. So I think it's really information, awareness and training. That's the beauty of what the Council of Europe do. They have a capacity-building program with the IEP. We do a lot of capacity-building as well. In Australia, you're doing capacity-building. The UK is. I think that is the way around it.

CHAIR: You're saying it should be sugar rather than stick?

Ms George : I think it's really very much encouraging other countries. I think it's helping them to develop this. If you think about it, if you've got a different country where they've got a whole host of problems, you could see the cyber problem as being too difficult—'There are some easier problems, so let's look at those.' But if you've got the development already and you've developed programs, why don't you share those programs? That's part of what we do as the IEP—we actually share our knowledge and we encourage our prosecutors to share their knowledge with others in their region.

Senator SINGH: Following from that, obviously we're located in the Indo-Pacific region. I would imagine there are a number of countries that haven't signed up to this convention or haven't got the kinds of laws that Australia has or other jurisdictions have. Yet some of those developing countries have quite Silicon Valley-type industries emerging or developed. Can you share with us where some of those kinds of threats are in our own region? I guess I'm thinking diplomatically of how we can work with those regions to help them, or at least encourage them or build a relationship with them in strengthening their laws or being part of this convention.

Ms George : What we advise and what we can actually encourage is regional support—so, regional networking, regional supports. It would be you working with your region. The International Association of Prosecutors worked with the Council of Europe, the Commonwealth Secretariat and the government of Tonga in February 2016. We held a conference in Tonga for judges, prosecutors and law enforcement. PILON was also a party to that. We did some basic training on cybercrime and things like that, mainly to build up the network. That's already happening in your region.

I was about to say 'in March', but I just realised we're still in March. On 5 March and 8 March, I was in Indonesia, and the IAP was working with a company, the Indonesian government and the Croatian government. We did a conference in Jakarta and in another city, and what we did was cybercrime. We invited prosecutors, but we also invited academics and industry, et cetera. So this is already happening in your region. I think what needs to happen is things like networks. You've already got the network, because you've got PILON, and you've got the ASEAN group, and they're already networking. The Philippines is working quite a bit with the Council of Europe.

As a Council of Europe expert, I've been to the Philippines quite a number of times, and one of the things that we did was invite the Council of Europe to send representatives to the training we held in Indonesia. They sent a judge who was one that I was privileged to have trained in how to deal with basic cybercrime and how to deal with advanced cybercrime. I was one of the trainers, and she was there as a trainer. That's the sustainability of the whole program. She's been off to train in Sri Lanka and South Africa. So that's one of the examples. There was also a prosecutor from the Philippines who I'd only trained in the advanced; somebody else trained her in the basic. She was very good. She trained on one brief subject. So the thing is that it's not just training; it's making it sustainable. It's really encouraging countries to train others in their region. It's very much a regional international cooperation.

Senator SINGH: What are the countries that don't want to cooperate? You can take it on notice.

Ms George : I'm not sure—

Senator SINGH: You can request it in camera as well, if you don't want to share it now.

Ms George : I'm not sure that I'll be able to say which countries wouldn't want to cooperate, because I'm not sure that they do not necessarily want to cooperate. I think it depends on where you're standing. As a trainer, I go to a lot of countries which tell me that, actually, it's the developed countries that are the problem for them, that they make applications for mutual legal assistance requests, and some of them do not get answers and some of them are waiting months to get anything back. If you think about the fact that, with computer data, it's something that you need results on very, very quickly to make the investigation, then, for them, we are the problem, as developed nations. So I think it depends on where you're standing as to what the problem is; it's quite wide.

Senator COLBECK: I have just a couple of quick questions to finish up from my perspective. Firstly, it's good to see that this space is being filled, given some of the earlier evidence that we got from other witnesses about the capacity in prosecutors and judiciary. Some law enforcement agencies still have a concern about that, even here in Australia. You said that we are involved in doing some work, and you've obviously done a fair bit of work here. What sort of effort do you think is required to really change that? It is a very complex area of law. You talk about the storage of data, the interpretation of data and the management of it through the legal process. How much more do we need to do in the area of capacity, in that sense, here?

Ms George : I think I would take a step back. I was a prosecutor in the UK—I'm no longer a prosecutor—but what I would say is that, in the UK, we looked at what our strategy was going to be, and the strategy formulated all the other answers. So I would say: What is your strategy going to be? Are you looking at the fact that you want to have a small nucleus of experts in one little circle who will now deal with it all, or are you planning to have them dotted around the country?'

Senator COLBECK: A more general perspective.

Ms George : A more general perspective—because that will actually influence how you work out. To be honest, in different countries, I've seen both of them work. So I wouldn't say one works better than the other. I think both of them could work. It would be what is built around them and how they're supported financially and in training et cetera. But, from my point of view, what I do see is that a lot of countries are very good on international working and international training, but they're not doing much training in-house.

Senator COLBECK: Internally.

Ms George : Internally. It doesn't go really deep. I don't think it's either/or—I think you could do both. You could do it internally and make sure that you've trained your people, and also do it internationally. From my point of view, when you're looking at cybercrime—remember, I did put the definitions before—cyber-enabled crime is really rampant and it's going to get even greater. Every crime is going to have a cyber aspect to it. So I would say, in some shape or form, all of your law enforcement and your prosecutors would need to know at least the basics of this subject.

Senator COLBECK: One of the difficulties in that space is how quickly it evolves, so maintaining currency, if you like, is part of that process. Is that part of what you do as well?

Ms George : It's part of what we do. We train the trainer, but then we also run webinars every month and we train them on different topics. We can go back over topics—as you said, it keeps on changing, and the implications of it change et cetera, and sometimes you can get two different trainers with two different ideas of a subject and come at it from a different angle. So that is also very helpful to our members. We try to find out from our members what their current problems are. As I said, in some regions it will vary, but problems are generally across the board. What my view is, and what I usually say, is that the answer you get may not be the answer to all your problems, but it's something that you could take on board and adapt and utilise. Rather than starting from stage 1, 'How do we work this out?', why not take on board the things that other people have used—what works, what doesn't work and how it has worked. Instead of starting from stage 1, you start from a bit further up the line and it becomes a lot easier.

Senator COLBECK: Do you get called in in specific circumstances, on occasions, by judiciary or prosecutors when they're confronted with a specific circumstance, case or issue? Or are you a step back from that, in a broader sense?

Ms George : What usually happens for us as the International Association of Prosecutors is a that a lot of the time it will be the country. We work with governments that will ask us to come in and want us to run training. After we've run the training or something like that, I've given out my name et cetera, to others. The other day, I had somebody send me an email very much about a problem that the person had of getting material from abroad. So we get those kinds of queries where we will help them. With our network, we also have a contacts database. The idea of that very much is that we've got about 171 countries as members, and we encourage them all to nominate somebody as their contact.

Senator COLBECK: So it's about the network, and the capacities and skills within the network to do specific things if necessary?

Ms George : That's the idea.

Senator COLBECK: Okay.

CHAIR: You talked before about the ILOVEYOU email case and you gave the example of the Philippines, which did not have legislation on its books that actually made that a crime. They have since fixed that issue. Is there model legislation in this area that would be stress tested or benchmarked against each country's national legislation to see if a country falls below a certain standard? Is anything like that being undertaken?

Ms George : Yes. I think the closest that I've seen to that has been the work done by the Council of Europe. They've got a lot of that work in relation to the cybercrime convention. I believe that the UN have done some work on that as well, but I'm not sure how much.

Senator SINGH: The Council of Europe is not part of the EU or is it?

Ms George : The Council of Europe is a separate institution, but a lot of its funding for this capacity building is from the EU. So it's the Council of Europe and the EU that are funding the capacity building that the Council of Europe is doing.

CHAIR: You mentioned a couple of other subjects in your submission. I would imagine that cryptocurrencies or virtual currencies are making cybercrime easier.

Ms George : Yes, they are.

CHAIR: Is there anything that you think could be done in that space? Should governments be actively trying to avoid the use of these cryptocurrencies because of their potential to facilitate unlawful activity?

Ms George : I think the problem is that you are in the dual-use argument that somebody you spoke to earlier—I cannot remember which one, I'm sorry to say—put before you. A lot of these tools are not criminal per se, they are just being used in criminal ways. Bitcoin—and that's not the only virtual money; there is other virtual money—and things like that are being used for criminal purposes on the darknet et cetera.

CHAIR: I've always struggled to see what legitimate purposes they could have. Whether it is pound sterling, US dollars, euros or the good old Aussie dollar—

Ms George : I remember reading about a situation where people couldn't hold bank accounts. If you think about it, with bitcoin you do not need to go through the whole process of holding a bank account or being able to have a bank account, so you could actually be able to make transactions with bitcoin and not need all of that background—

CHAIR: That's a beneficial part, but does the potential for facilitating unlawful activity far outweigh the benefits of that?

Ms George : I must admit I wouldn't be able to say so, but I would align it to money. Let's be honest, a lot of money is being used for drug running, drug trafficking. Some say that, if you pick up certain currencies, there are drugs on them, but we haven't said, 'Let's say goodbye to money because it seems to be involved in so many crimes.'

Senator COLBECK: Cash in bigger transactions is a risk to crime.

CHAIR: You have a big bundle of cash stuffed down your trousers. You also mentioned radicalisation on the internet linked to terrorism. Could you expand on that and what you see could potentially be strengthened there? We've looked at this before and we've had submissions in other inquiries in other areas. They say that as soon as you close one website another one pops up.

Ms George : Yes. Those are the kinds of things that we have been observing. They are being used to recruit, to fundraise and things like that. They are the negatives that we are seeing the internet being used for.

CHAIR: What's the potential to be ahead of these things that crop up and closing them down?

Ms George : I think there's a lot of potential. If you've looked at social media recently, they've been actually quite willing to close them down, et cetera. But the problem you've got is that, once you close down one avenue, they seem to then think of another avenue and appear. I think there was this game called 'hit the mole' or something. That's what you're doing; you're trying to hit the mole. And that's, unfortunately, what it is at the moment.

CHAIR: There are other cases , where, if you have a couple of people playing 'hit the mole' and you've got 10 people with hammers, you can win the game. Is that a fair analogy in addressing this issue of radicalised sites on the internet or is it just forever increasing? You bring 10 people out, another game starts up, and they increase the number of holes and the number of moles that pop up?

Ms George : I think, to be honest, that we need to take a step back. We need to think of public-private cooperation and think about how we can work with social media sites and with organisations and how we can actually discuss with them and take to another level the conversation about how we can actually deal with this. Because, individually, we're not going to be able to do it; collectively, we could. That's what's being seen by the fact that some of these are being taken down now.

CHAIR: But is there still a time lag? Anecdotally, it seems that some of these social media networks are a little bit slow to close these things down or are not as proactive as perhaps they otherwise could be. Is that a fair comment?

Ms George : I think that it depends. What you have to look at is how quickly it is reported to them and what the material is. As a prosecutor, when I was working in prosecution, I used to deal with indecent images of children. That was never a problem. Once they were told it was there, they checked. It was closed. So I think that, if we can get it to that—but we had agreements with them. We had discussions—

CHAIR: But was that a formal agreement or an informal agreement?

Ms George : Actually, it was more informal, originally. It was an informal agreement. But then, remember, it was a crime anyway. It is just that, in some circumstances, the company itself may be afraid of being sued if it takes something down which it wasn't supposed to. A lot of times they might ask you to get a warrant or something that will allow them to take it down. Again, maybe that's why police officers and the public-private cooperation would work, because they could put this into perspective, set out steps about how this material should be taken down, within what time line it's taken down and things like that.

CHAIR: Is the issue that then they swing over to the dark web?

Ms George : To be honest, they probably will, but that's not a reason why we shouldn't do it, because—

CHAIR: At the moment, from what you're seeing, is that cooperation there? Is that happening today? Could that be improved?

Ms George : It can be improved. It's happening today in some countries. Some countries are working closer with public-private cooperation than others, to be honest. I think that it can definitely be improved, and I would like it to be improved. I think there is now probably the will on both sides to improve it, because I think they're beginning to realise that law enforcement cannot deal with this problem on their own, and the organisations are beginning to realise that they need our help.

CHAIR: You also raised the issue of online money laundering.

Ms George : With online money laundering, we've got police investigators and you've also got financial investigation units which deal with money laundering, and I think maybe you need to bring all of them to work closer together, because what you need—and I think this could happen in relation to all cybercrime—is more teamwork. I think somebody was talking about that earlier. There needs to be more of a team approach. So, you don't just look at it as cybercrime; you look at the fact that there are various elements of other crimes going on with it. Just because the person is a cybercrime specialist does not necessarily mean that they're going to know about online money laundering or how to adapt it or know all the powers that come with online money laundering. You wouldn't need to have them as permanent members of your team because that's a money/resource issue, but you could actually take up some of their time and bring them along for certain meetings so that they can add ideas and influence how you can actually deal with these crimes.

CHAIR: The last one you mentioned was cyberwarfare.

Ms George : I put that in very much because we need to think about what we can do to better protect critical national infrastructure, and also for you to have an idea of what your critical national infrastructure is.

CHAIR: Your power plants.

Ms George : Yes.

CHAIR: Thank you for your time today. We really appreciate it. I thought that at this time of day I'd be struggling, after a long sitting week, but I found it very important—entertaining is not the right word—educational and informative. Would you like to make any final comments or recommendations to our committee?

Ms George : There is one about encryption. When I was listening today, there was an earlier discussion about the problem with encryption. The UK has legislation similar to what I believe one of the data retention people said you had. We have section 49 of the Regulation of Investigatory Powers Act, which enables law enforcement to require the password be disclosed by either individuals or bodies. If they do not, it's five years imprisonment.

CHAIR: I think I remember a circumstance where if someone had been potentially involved in a crime and their iPhone or iPad was not accessible, because of a password, the actual provider was forced to provide the password to the law enforcement officials.

Ms George : It wouldn't be the provider; it would be the person concerned, because they're the ones that know the password. They would be asked to give the password. If they do not then technically they could be charged under section 49 of the Regulation of Investigatory Powers Act. That would be a maximum of five years imprisonment for national security and child indecency cases, and two years for any other case.

CHAIR: Who has the authority to request that of an individual citizen? Does it need a judicial warrant?

Ms George : Serving a notice on the individual has to be properly authorised by law enforcement, security or intelligence agencies.

CHAIR: Do you know if we have any similar legislation, or is that legislation unique to the UK?

Ms George : I know it works in the UK. I thought the earlier people said you had something like that.

CHAIR: The one we have is retention of metadata. We had a debate about this. They don't have the content of whatever telephone calls you make, but they could have the data that you made 3,000 telephone calls over the last two years to these people in Afghanistan or Iraq, and that helps. We debated a requirement that metadata must be kept for two years for law enforcement to access. The privacy groups think you shouldn't have that.

Senator COLBECK: The conversation may have been that some of our law enforcement agencies might want something like you have in the UK.

Ms George : It does work in the UK.

Senator COLBECK: That's useful.

CHAIR: How long has that legislation been in? Are there working, practical examples? Do you know if anyone has been arrested for refusing to give it?

Ms George : Yes, people have been arrested, prosecuted and sentenced, with various terms of imprisonment.

CHAIR: Is that because the only way to access information on that particular device is through the password?

Ms George : It's through the password. To be honest it could be on any device, even a laptop. If they ask you for the password, you're not willing to give it to them and they have reason to believe the device has this kind of material then there is a procedure they have to follow to serve this notice.

CHAIR: Does that require a judge to sign off?

Ms George : At one point there would be a judge.

CHAIR: It's not just a policeman on the street pulling someone over?

Ms George : No, it has proper safeguards.

Senator COLBECK: What about biometrics—a thumbprint on an iPhone?

Ms George : That would be a password. When made the definition of password, it could be characters et cetera. It wouldn't have to be a written password or anything.

Senator SINGH: Some identity.

Ms George : It would be an identity, yes.

CHAIR: Is that legislation in place in other EU countries or just the UK?

Ms George : It's in the UK. It has been noted by other countries. I'm not sure if anyone has followed it yet, to be honest, but it could be a solution to certain problems.

CHAIR: My colleagues have to go. They have flights to catch. They have to leave the mainland of Australia and venture down to the island of Tasmania—

Senator COLBECK: We're leaving the north island!

CHAIR: where I understand the interconnector is down, so I hope you have plenty of water in those dams to keep the electricity flowing.

Senator COLBECK: 37 per cent, mate.

Senator SINGH: Not a problem.

CHAIR: The other committee members and I really appreciate your coming here today. Thank you so much for your submission, your evidence and the work you do. That concludes today's proceedings. The committee has agreed that answers to questions taken on notice at today's hearing should be returned by 19 April 2018. I thank all witnesses for their evidence to the committee today. Thank you to Hansard, broadcasting and the secretariat.

Committee adjourned at 16 : 01