Computer access and computer crimes

Nicolas Suzor provides an overview of crimes against computer systems

The Cybercrime Act 2001 introduced a series of computer-related offences into the Commonwealth Criminal Code. These were later expanded after Australia joined the Cybercrime Convention. There are also numerous provisions in State law that prohibit unauthorised access and misuse of computers.

Lucy Jorgensen explains the Convention on Cybercrime

The key components of the Convention on Cybercrime and how it helps Australia

The Council of Europe’s Convention on Cybercrime was the first international treaty on crimes committed via the Internet and other computer networks. It was ratified by Australia on the 1st March 2013 and currently has 47 ratifications worldwide.

What is the Conventions main objective?

Its main objective is to promote a common criminal policy, which aims to protect society against cybercrime, by adopting legislation and promoting international co-operation.

What does crimes does the Convention primarily deal with?

  • Copyright Infringement
  • Computer-related fraud and forgery
  • Child pornography
  • Violations of network security

Requirements of Signatories

In order to achieve the goal of establishing a common criminal policy, the Convention requires signatories to:

  1. Define criminal offenses and sanctions under their domestic laws according to the four categories of computer crimes listed above.
  2. Establish domestic procedures for detecting, investigating and prosecuting computer crimes and collecting electronic evidence of any criminal offence.
  3. Establish a rapid and effective system for international cooperation. This includes allowing law enforcement authorities in one country to collect computer-based evidence for those in another country.

The success of international co-operation is highlighted in the following example: ‘Operation Rescue led to the arrest of nearly 200 suspected pedophiles and rescued 230 children. Operation Rescue began as an investigation undertaken by the Australian Federal Police alone. It then spread to a British investigation. In response, the Federal Police and British police formed a joint investigation, which involved sharing intelligence with police in Thailand and the subsequent discovery of a website publishing child abuse material. It then led to other countries: the Netherlands, the involvement of Europol, Canada, Italy, the United States, New Zealand. People were arrested in Chile, Brazil and France.’

Mr McDonald, Attorney-General's Department, Transcript of Evidence, Canberra, 25 March 2011, p. 7.

How does the Convention help Australia?

Australia’s ratification of the Convention complements existing laws, increasing the capacity for international co-operation to deal with increasingly sophisticated forms of computer-related criminal activity.

Practical Points:

• Being a party to the Convention will help Australia combat criminal offences related to fraud, child pornography, copyright infringement and network security violations.

• Under the Convention, Australia participates in a 24/7 global network of high tech crime points of contact, allowing for speedy assistance between signatory countries.

• It enables domestic agencies to access and share information to facilitate international investigations.

• The Convention will ensure vital evidence is not lost before a mutual assistance request can be complete.

Definitions

  • “unauthorised”: “not entitled to cause that access, modification or impairment.” (s 476.2)
  • But access, modification, or impairment is “not unauthorised merely because he or she has an ulterior purpose for causing it.”

Fault elements

Default fault elements are included in Criminal Code 1995 (Cth) s 5.6. Except where explicitly stated, all these offences require: * Intent to access or modify; and * Recklessness as to whether data was actually modified or access impaired.

Jurisdiction

These offences now apply to all conduct in Australia, against Australian computer systems, or by Australian citizens (s 15.1) There is some overlap with State laws. In many cases, conduct will be prohibited under both State and Federal law.

Unauthorised access

Friedrich Kuepper explains the unauthorised access offences

Section 477.1 creates the offence of “Unauthorised access, modification or impairment with intent to commit a serious offence”

  • Maximum penalty: 10 years imprisonment
  • Requires intent to gain access (default fault element - s 5.6)
  • Requires knowledge that access is unauthorised
  • Requires intent to commit a serious offence (5+ years imprisonment)

478.1 Unauthorised access to, or modification of, restricted data

  • Maximum penalty: 2 years imprisonment
  • Requires knowledge that access is unauthorised
  • Requires intent to gain access or modify
  • Restricted data is any data within a computer that is protected by an access control system.

477.2 Unauthorised modification of data to cause impairment

  • Maximum penalty: 10 years imprisonment
  • Requires knowledge that the modification is unauthorised
  • Requires intent to modify (default fault element - s 5.6)
  • Requires recklessness as to whether the modification impairs or will impair access to data, reliability, security, or operation.

Impairment

477.3 Unauthorised impairment of electronic communication

  • Maximum penalty: 10 years imprisonment
  • Requires knowledge that impairment was unauthorised
  • Requires intent to cause impairment

Telecommunications Interception

Telecommunications (Interception and Access) Act 1979 (Cth), s 7

  • Maximum penalty: 2 years imprisonment (s 105)
  • There is also a summary offence: 6 months imprisonment (s 105)

A person shall not:

  • intercept;
  • authorize, suffer or permit another person to intercept;
  • or do any act or thing that will enable him or her or another person to intercept;

a communication passing over a telecommunications system.

Other computer offences

478.2 Unauthorised impairment of data held on a computer disk etc.

478.3 Possession or control of data with intent to commit a computer offence

478.4 Producing, supplying or obtaining data with intent to commit a computer offence

Other crimes involving computers

474.14 Using a telecommunications network with intention to commit a serious offence

474.15 Using a carriage service to make a threat

474.17 Using a carriage service to menace, harass or cause offence

Future student video: explain cyberstalking and the Queensland Stalking offence

Access to computer systems is typically constrained by both code and contract law. The code that makes computer systems interactive will often have some system for controlling access to the system. For example, websites are often made accessible to the public, but webservers can be configured to ensure that different parts of the website are only accessible to logged-in users with the correct permissions. Similarly, login controls prevent people from gaining access to computer systems without the correct password or credentials. Accessing computer systems by breaking these authentication mechanisms will usually be an offence under the unauthorised access or computer trespass provisions in the criminal law.

Future student video topic: browsewrap, clickwrap, shrinkwrap

The link between access control systems and private law is typically made through a contract. Many websites now have contractual terms of use that purport to limit access to the website upon acceptance of those terms. When this is done in the registration process, where a user must affirmatively agree to contractual terms (typically by checking a box or clicking a button), this is called a 'clickwrap' contract. When contractual terms are instead incorporated by reference (for example, a link at the bottom of the page entitled 'terms of use'), this is called a 'browsewrap' contract.

Terms of Use documents typically deal with a series of different legal issues. They might include limitations of liability clauses, standards of acceptable conduct, copyright and other intellectual property policies, dispute resolution mechanisms, and many other terms. These can be very useful for online service providers. Because users must agree to the terms to use the website, these terms become enforceable through contract law and, in some cases, also through the criminal prohibitions on unauthorised access. In practice, the contractual component is the most important: through electronic contracts, online service providers are able to structure their rights and exposure to potential liability in a standardised, low cost manner.

Matthias Klepper explains the authority in US v Drew that breach of Terms of Service does not constitute 'unauthorised' access

Terms of Use documents are often criticised for the problems they pose for consumers. Clickwrap contracts are generally enforceable, regardless of whether the consumer has actually read the terms or not. Many firms abuse this system by including quite harsh terms in the fine print of the contract in order to minimise their potential risk. In response to this general concern, Australia has recently introduced unfair terms legislation that will limit the enforceability of standard form contracts that are deemed to be unfair.

MissTakingTruth explains the eBay v Creative Festival Entertainment contract dispute

Future student video topic: unfair terms

  • cyberlaw/crime.txt
  • Last modified: 4 months ago
  • (external edit)