[Home] [Databases] [WorldLII] [Search] [Feedback]
New Zealand Law Commission

You are here: NZLII >> Databases >> New Zealand Law Commission >> Report >> R54 >> Appendix A

[Database Search] [Name Search] [Previous] [Next] [Download] [Help]

Appendix A

Legislation

Summary:

96 Appendix A is in two parts. In the first part of the Appendix the legislation from a number of jurisdictions is summarised. In the second part, the actual legislation is reproduced.

United Kingdom

97 In 1990 the United Kingdom enacted the Computer Misuse Act 1990 (UK). The Computer Misuse Act 1990 (UK) substantially implemented the recommendations contained in the English Law Commission’s report of 1989. Under section 1 it is an offence to cause a computer to perform any function for the purpose of securing unauthorised access to a computer and the person knows that such access is unauthorised. A person will be guilty of an offence under section 2 if they obtain unauthorised access to a computer (under section 1) with intent to commit or to facilitate the commission of another offence. A person will be guilty of an offence under section 3 if he or she does an act which causes an unauthorised modification of the contents of a computer. The person must know that any modification he or she intends to achieve is unauthorised.

98 The Computer Misuse Act 1990 (UK) also addresses jurisdiction in cases where the computer hacking is international (See s 4(2)).

Australia

99 Australia has a number of statutes which create computer related crimes. There is legislation at both the Commonwealth and the state levels.

100 At the Commonwealth level, Part VIA of the Crimes Act 1914 creates a number of offences in relation to computer misuse. The offences contained in the Crimes Act 1914 substantially mirror the recommendations made in the 1988 interim report of the Australian Attorney General’s Department. Under the Crimes Act 1914 it is an offence to:

intentionally obtain unauthorised access to a Commonwealth computer;
obtain unauthorised access to a Commonwealth computer with intent to defraud any person;
intentionally obtain unauthorised access to certain types of confidential data; and
intentionally destroy or interfere with data stored in a Commonwealth computer (sections 76A–76F Crimes Act 1914).

101 Most of the states and territories in Australia have legislation dealing with computer misuse.²³In the Australian Capital Territory and New South Wales offences of intentionally gaining unauthorised access to a computer (s309(1) Crimes Act 1900 (NSW), s135J Crimes Act 1900 (ACT)); accessing a computer with intent to obtain a benefit or to cause a loss (s309 Crimes Act 1900 (NSW); s135L Crimes Act 1900 (ACT)); and intentionally destroying, altering or interfering with a computer (s135K Crimes Act 1900 (ACT); s310 Crimes Act 1900 (NSW)) have been created. The New South Wales Act provides a higher penalty if a hacker gains unauthorised access to certain types of confidential information stored in a computer (ss309(3), (4) Crimes Act 1900 (NSW)).

Canada

102 Under s 342.1 of the Canadian Criminal Code an offence is committed when a person fraudulently and without colour of right either obtains a “computer service”, intercepts a function of a computer system, or uses a computer system to commit such an offence. Giving access to another to enable that other to commit such an offence is also covered. The offence of mischief under s 430(1.1) also covers computer hacking. It is an offence to interfere with “data”.

Singapore

103 Singapore has also introduced legislation to deal with computer misuse. The Computer Misuse Act 1993 (Sing.) is similar to the Computer Misuse Act 1990 (UK). However, under s6(1)(a) of the Singapore Act it is an offence to gain unauthorised access to a computer for the purpose of obtaining a “computer service”. “Computer service” is defined as including “computer time, data processing and the storage or retrieval of data” (s2). It is also an offence under s6 to intercept (which includes to listen to or to record) any computer function (s6(1)(b)). Unlike the United Kingdom Act therefore, the Singapore Act makes it an offence to eavesdrop on a computer.

LEGISLATION:

New Zealand

Crimes Bill 1989:

199 Interpretation –

For the purposes of this section and of sections 200 and 201 of this Act:

“Access”, in relation to any computer, computer system, or computer network, means instruct, communicate with, store data in, retrieve data from, or otherwise make use of any of the resources of the computer, computer system, or computer network.

“Computer” means an electronic device that performs logical, arithmetic, and memory functions by the manipulation of electronic or magnetic impulses; and includes all input, output, processing, storage, software, or communication facilities that are connected or related to such a device in a computer system or a computer network.

“Computer network” means

(a) An interconnection of communication lines with a computer through remote terminals; or

(b) A complex consisting of 2 or more interconnected computers.

“Computer programme” means an instruction or a statement or a series of instructions or statements, in a form acceptable to a computer, which permits the functioning of a computer system in a manner designed to provide appropriate products from the computer system.

“Computer software” means a set of computer programmes, procedures, and associated documentation concerned with the operation of a computer system.

“Computer system” means a set of related computer equipment, devices, and software, whether connected or unconnected to one another.

200 Accessing computer system for dishonest purpose

Every person is liable to imprisonment for 7 years who, directly or indirectly–

(a) Accesses any computer, computer system, or computer network, or any part of any computer, computer system, or computer network, with intent to dishonestly obtain for himself or herself or for any other person any privilege, benefit, pecuniary advantage, or valuable consideration; or

(b) Having accessed (whether with or without authority) any computer, computer system, or computer network, dishonestly uses the computer, computer system, or computer network to obtain for himself or herself or for any other person any privilege, benefit, pecuniary advantage, or valuable consideration.

201 Damaging or interfering with computer system–

Every person is liable to imprisonment for 5 years who, having accessed (with or without authority) any computer system, intentionally and without authority damages, deletes, modifies, or otherwise interferes with any data stored in the computer system.

Crimes Consultative Committee’s Recommendation (1991):

199 Interpretation–

“Access”, in relation to any computer system, means instruct, communicate with, store data in, retrieve data from, or otherwise make use of any of the resources of the computer system:

“Computer” means an electronic device that performs logical, arithmetic, and storage functions by the programmed manipulation of electronic, optical, or magnetic impulses or signals, or by a combination of these:

“Computer system” means –

(a) a computer; or

(b) two or more interconnected computers; or

(d) both (b) and (c) combined–

together with all related input, output, processing, storage, software,or communication facilities and stored data:

“Software” means a programme, procedure or instruction, or a set of procedures or instructions, together with associated statements and documentation, concerned with the operation of a computer system and designed to enable a computer system to function in the manner required.

200 Accessing computer system for dishonest purpose

Every person is liable to imprisonment for 5 years who, directly or indirectly, accesses any computer system, or any part of any computer system, with intent dishonestly or by deception –

(a) to obtain for himself or herself or any other person any property, privilege, benefit, service, pecuniary advantage, or valuable consideration; or

(b) to cause loss to any other person.

201 Damaging or interfering with computer system

Every person is liable to imprisonment for 5 years who, intentionally or recklessly, and without authority–

(a) Damages, deletes, modifies, or otherwise interferes with any data or software stored in any computer system; or

(b) causes any data or software stored in any computer system to be damaged, deleted, modified or otherwise interfered with.

ENGLAND (Computer Misuse Act 1990):

1 Unauthorised access to computer material

(1) A person is guilty of an offence if:

(a) he causes a computer to perform any function with intent to secure access to any program or data held in a computer;

(b) the access he intends to secure is unauthorised; or

(2) The intent a person has to commit an offence under this section need not be directed at

(a) any particular program or data;

(b) a program or data of any particular kind; and

(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or both.

2 Unauthorised access with intent to commit or facilitate commission of further offences

(1) A person is guilty of an offence under this section if he commits an offence under section 1 above (“the unauthorised access offence”) with intent:

(a) to commit an offence to which this section applies; or

(b) to facilitate the commission of such an offence (whether by himself or by any other person) and the offence he intends to commit or facilitate is referred to below in this section as the further offence.

(2) This section applies to offences

(a) for which the sentence is fixed by law; or

(b) for which a person of twenty one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or in England and Wales might be so sentenced but for the restrictions imposed by section 33 of the Magistrates Courts Act 1980).

(3) It is immaterial for the purposes of this section whether the further offence is to be committed on the same occasion as the unauthorised access offence or on any future occasion.

(4) A person may be guilty of an offence under this section even though the facts are such that the commission of the further offence is impossible.

(5) A person guilty of an offence under this section shall be liable:

(a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or both; and

(b) on conviction on indictment, to imprisonment for a term not exceeding five years, or to a fine, or both.

3 Unauthorised modification of computer material

(1) A person is guilty of an offence if:

(a) he does any act which causes the unauthorised modification of the contents of any computer; and

(b) at the time when he does the act he has the requisite intent and the requisite knowledge.

(2) For the purposes of subsection (1)b above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing

(a) to impair the operation of any computer;

(b) to prevent or hinder access to any program or data held in any computer; or

(3) The intent need not be directed at:

(a) any particular computer;

(b) any particular program or data or a program or data of any particular kind; or

(4) For the purpose of subsection (1)(b) above, the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.

(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.

(6) For the purposes of the Criminal Damage Act 1971 a modification of the contents of a computer shall not be regarded as damaging any computer or computer storage medium unless its effect on that computer or computer storage medium impairs its physical condition.

(7) A person guilty of an offence under this section shall be liable:

(a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or both; and

(b) on conviction on indictment, to imprisonment for a term not exceeding five years, or to a fine, or both.

4 Territorial scope of offences under this act

(1) Except as provided below in this section, it is immaterial for the purposes of any offence under section 1 or 3 above:

(a) whether any act or other event proof of which is required for conviction of the offence occurred in the home country concerned; or

(b) whether the accused was in the home country concerned at the time of any such act or event.

(2) Subject to subsection (3) below, in the case of such an offence at least one significant link with domestic jurisdiction must exist in the circumstances of the case for the offence to be committed.

(4) Subject to section 8 by where

(a) any such link does in fact exist in the case of an offence under section 1 above; and

(b) commission of that offence is alleged in proceedings for an offence under section 2 above;

section 2 above shall apply as if anything the accused intended to do or facilitate in any place outside the home country concerned which would be an offence to which section 2 applies if it took place in the home country concerned were the offence in question.

(5) This section is without prejudice to any jurisdiction exercisable by a court in Scotland apart from this section.

(6) References in this Act to the home country concerned are references –

(a) in the application of this Act to England and Wales, to England and Wales;

(b) in the application of this Act to Scotland, to Scotland; and

5 Significant links with domestic jurisdiction

(1) The following provisions of this section apply for the interpretation of section 4 above.

(2) In relation to an offence under section 1, either of the following is a significant link with domestic jurisdiction –

(a) that the accused was in the home country concerned at the time when he did the act which caused the computer to perform the function; or

(b) that any computer containing any program or data to which the accused secured or intended to secure unauthorised access by doing that act was in the home country concerned at that time.

(3) In relation to an offence under section 3, either of the following is a significant link with domestic jurisdiction –

(a) that the accused was in the home country concerned at the time when he did the act which caused the unauthorised modification; or

(b) that the unauthorised modification took place in the home country concerned.

...

8 Relevance of external law

(1) A person is guilty of an offence triable by virtue of section 4(4) above only if what he intended to do or facilitate would involve the commission of an offence under the law in force where the whole or any part of it was intended to take place.

(2) A person is guilty of an offence triable by virtue of section 1(1A) of the Criminal Law Act 1977 only if the pursuit of the agreed course of conduct would at some stage involve:

(a) an act or omission by one or more of the parties; or

(b) the happening of some other event;

constituting an offence under the law in force where the act, omission or other event was intended to take place.

(3) A person is guilty of an offence triable by virtue of section 1(1A) of the Criminal Attempts Act 1981 or by virtue of section 7(4) above only if what he had in view would involve the commission of an offence under the law in force where the whole or any part of it was intended to take place.

(4) Conduct punishable under the law in force in any place is an offence under that law for the purposes of this section, however it is described in that law.

(5) Subject to subsection (7) below, a condition specified in any of subsections (1) to (3) above shall be taken to be satisfied unless not later than rules of court may provide the defence serve on he prosecution a notice:

(a) stating that, on the facts as alleged with respect to the relevant conduct, the condition is not in their opinion satisfied;

(b) showing their grounds for that opinion; and

(6) In subsection (5) above “the relevant conduct” means:

(a) where the condition in subsection (1) above is in question, what the accused intended to do or facilitate;

(b) where the condition in subsection (2) above is in question, the agreed course of conduct; and

(7) The court, if it thinks fit, may permit the defence to require the prosecution to show that the condition is satisfied without the prior service of a notice under subsection (5) above.

(8) If by virtue of subsection (7) above a court of solemn jurisdiction in Scotland permits the defence to require the prosecution to show that the condition is satisfied, it shall be competent for the prosecution for that purpose to examine any witness or to put in evidence any production not included in the lists lodged by it.

(9) In the Crown Court the question whether the condition is satisfied shall be decided by the judge alone.

(10) In the High Court of Justiciary and in the sheriff court the question whether the condition is satisfied shall be decided by the judge or, as the case may be, the sheriff alone.

...

Interpretation

(1) The following provisions of this section apply for the interpretation of this Act.

(2) A person secures access to any program or data held in a computer if by causing a computer to perform any function he:

(a) alters or erases the program or data;

(b) copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held;

(d) has it output from the computer in which it is held (whether by having it displayed or in any other manner);

and references to access to a program or data (and to an intent to secure such access) shall be read accordingly.

(3) For the purposes of subsection (2)(c) above a person uses a program if the function he causes the computer to perform:

(a) causes the programme to be executed; or

(b) is itself a function of the program.

(4) For the purposes of subsection (2)(d) above:

(a) a program is output if the instructions of which it consists are output; and

(b) the form in which any such instructions or any other data is output (and in particular whether or not it represents a form in which, in the case of instructions, they are capable of being executed or, in the case of data, it is capable of being processed by a computer) is immaterial.

(5) Access of any kind by any person to any program or data held in a computer is unauthorised if:

(a) he is not himself entitled to control access of the kind in question to the program or data; and

(b) he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled [but this subsection is subject to section 10].

(6) References to any program or data held in a computer include references to any program or data held in any removable storage medium which is for the time being in the computer; and a computer is to be regarded as containing any program or data held in any such medium.

(7) A modification of the contents of any computer takes place if, by the operation of any function of the computer concerned or any other computer:

(a) any program or data held in the computer concerned is altered or erased; or

(b) any program or data is added to its contents;

and any act which contributes towards causing such a modification shall be regarded as causing it.

(8) Such a modification is unauthorised if:

(a) the person whose act causes it is not himself entitled to determine whether the modification should be made; and

(b) he does not have consent to the modification from any person who is so entitled.

(9) References to the home country concerned shall be read in accordance with section 4(6) above.

(10) References to a program include references to part of a program.

AUSTRALIA

Commonwealth (Crimes Act 1914)

76A. Interpretation

(1) In this Part, unless the contrary intention appears:

“carrier” means:

(a) a carrier (within the meaning of the Telecommunications Act 1997 ); or

(b) a carriage service provider (within the meaning of that Act).

“Commonwealth” includes a public authority under the Commonwealth.

“Commonwealth computer” means a computer, a computer system or a part of a computer system, owned, leased or operated by the Commonwealth.

“data” includes information, a computer program or part of a computer program.

(2) In this Part:

(a) a reference to data stored in a computer includes a reference to data entered or copied into the computer; and

(b) a reference to data stored on behalf of the Commonwealth in a computer includes a reference to:

(i) data stored in the computer at the direction or request of the Commonwealth; and

(ii) data supplied by the Commonwealth that is stored in the computer under, or in the course of performing, a contract with the Commonwealth.

76B. Unlawful access to data in Commonwealth and other computers

(1) A person who intentionally and without authority obtains access to:

(a) data stored in a Commonwealth computer; or

(b) data stored on behalf of the Commonwealth in a computer that is not a Commonwealth computer;

is guilty of an offence. Penalty: Imprisonment for 6 months.

(2) A person who:

(a) with intent to defraud any person and without authority obtains access to data stored in a Commonwealth computer, or to data stored on behalf of the Commonwealth in a computer that is not a Commonwealth computer; or

(b) intentionally and without authority obtains access to data stored in a Commonwealth computer, or to data stored on behalf of the Commonwealth in a computer that is not a Commonwealth computer, being data that the person knows or ought reasonably to know relates to:

(i) the security, defence or international relations of Australia;

(ii) the existence or identity of a confidential source of information relating to the enforcement of a criminal law of the Commonwealth or of a State or Territory;

(iii) the enforcement of a law of the Commonwealth or of a State or Territory;

(iv) the protection of public safety;

(v) the personal affairs of any person;

(vi) trade secrets;

(vii) records of a financial institution; or

(viii)commercial information the disclosure of which could cause advantage or disadvantage to any person;

is guilty of an offence. Penalty: Imprisonment for 2 years.

(3) A person who:

(a) has intentionally and without authority obtained access to data stored in a Commonwealth computer, or to data stored on behalf of the Commonwealth in a computer that is not a Commonwealth computer;

(b) after examining part of that data, knows or ought reasonably to know that the part of the data which the person examined relates wholly or partly to any of the matters referred to in paragraph (2)(b); and

is guilty of an offence. Penalty for a contravention of this subsection: Imprisonment for 2 years.

76C. Damaging data in Commonwealth and other computers

A person who intentionally and without authority or lawful excuse:

(a) destroys, erases or alters data stored in, or inserts data into, a Commonwealth computer;

(b) interferes with, or interrupts or obstructs the lawful use of, a Commonwealth computer;

(c) destroys, erases, alters or adds to data stored on behalf of the Commonwealth in a computer that is not a Commonwealth computer; or

(d) impedes or prevents access to, or impairs the usefulness or effectiveness of, data stored in a Commonwealth computer or data stored on behalf of the Commonwealth in a computer that is not a Commonwealth computer;

is guilty of an offence.

Penalty: Imprisonment for 10 years.

76D. Unlawful access to data in Commonwealth and other computers by means of Commonwealth facility

(1) A person who, by means of a facility operated or provided by the Commonwealth or by a carrier, intentionally and without authority obtains access to data stored in a computer, is guilty of an offence. Penalty: Imprisonment for 6 months.

(2) A person who:

(a) by means of a facility operated or provided by the Commonwealth or by a carrier, with intent to defraud any person and without authority obtains access to data stored in a computer; or

(b) by means of such a facility, intentionally and without authority obtains access to data stored in a computer, being data that the person knows or ought reasonably to know relates to:

(i) the security, defence or international relations of Australia;

(ii) the existence or identity of a confidential source of information relating to the enforcement of a criminal law of the Commonwealth or of a State or Territory;

(iii) the enforcement of a law of the Commonwealth or of a State or Territory;

(iv) the protection of public safety;

(v) the personal affairs of any person;

(vi) trade secrets;

(vii) records of a financial institution; or

(viii)commercial information the disclosure of which could cause advantage or disadvantage to any person;

is guilty of an offence.

Penalty: Imprisonment for 2 years.

(3) A person who:

(a) by means of a facility operated or provided by the Commonwealth or by a carrier, has intentionally and without authority obtained access to data stored in a computer;

is guilty of an offence. Penalty for a contravention of this subsection: Imprisonment for 2 years.

76E. Damaging data in Commonwealth and other computers by means of Commonwealth facility

A person who, by means of a facility operated or provided by the Commonwealth or by a carrier, intentionally and without authority or lawful excuse:

(a) destroys, erases or alters data stored in, or inserts data into, a computer;

(b) interferes with, or interrupts or obstructs the lawful use of, a computer; or

is guilty of an offence. Penalty: Imprisonment for 10 years.

76F. Saving of State and Territory laws

Sections 76D and 76E are not intended to exclude or limit the concurrent operation of any law of a State or Territory.

Australian Capital Territory (Crimes ACT 1900)

135H. Interpretation

(1) In this Division, unless the contrary intention appears:

“data” includes information, a computer program or part of a computer program.

(2) A reference in this Division to data stored in a computer includes a reference to data entered or copied into the computer, whether temporarily or permanently.

135J. Unlawful access to data in computer

A person who, intentionally and without lawful authority or excuse, obtains access to data stored in a computer is guilty of an offence punishable, on conviction, by imprisonment for 2 years.

135K. Damaging data in computers

A person who intentionally or recklessly, and without lawful authority or excuse–

(a) destroys, erases or alters data stored in, or inserts data into, a computer; or

(b) interferes with, or interrupts or obstructs the lawful use of, a computer; is guilty of an offence punishable, on conviction, by imprisonment for 10 years.

135L. Dishonest use of computers

(1) A person who, by any means, dishonestly uses, or causes to be used, a computer or other machine, or part of a computer or other machine, with intent to obtain by that use a gain for himself or herself or another person, or to cause by that use a loss to another person, is guilty of an offence punishable, on conviction, by imprisonment for 10 years.

(2) In this section, “machine” means a machine designed to be operated by means of a coin, bank-note, token, disc, tape or any identifying card or article.

New South Wales: (Crimes Act 1900)

308. Definitions

In this Part:

(a) a reference to data includes a reference to information; and

(b) a reference to a program or data includes a reference to part of the program or data; and

309. Unlawful access to data in computer

(1) A person who, without authority or lawful excuse, intentionally obtains access to a program or data stored in a computer is liable, on conviction before two justices, to imprisonment for 6 months, or to a fine of 50 penalty units, or both.

(2) A person who, with intent:

(a) to defraud any person; or

(b) to dishonestly obtain for himself or herself or another person any financial advantage of any kind; or

(d) obtains access to a program or data stored in a computer is liable to imprisonment for 2 years, or to a fine of 500 penalty units, or both.

(3) A person who, without authority or lawful excuse, intentionally obtains access to a program or data stored in a computer, being a program or data that the person knows or ought reasonably to know relates to:

(a) confidential government information in relation to security, defence or inter-governmental relations; or

(b) the existence or identity of any confidential source of information in relation to the enforcement or administration of the law; or

(d) the maintenance or enforcement of any lawful method or procedure for protecting public safety; or

(e) the personal affairs of any person (whether living or deceased); or

(f) trade secrets; or

(g) records of a financial institution; or

(h) information (other than trade secrets) that has a commercial value to any person that could be destroyed or diminished if disclosed, is liable to imprisonment for 2 years, or to a fine of 500 penalty units, or both.

(4) A person who:

(a) without authority or lawful excuse, has intentionally obtained access to a program or data stored in a computer; and

(b) after examining part of that program or data, knows or ought reasonably to know that the part of the program or data examined relates wholly or partly to any of the matters referred to in subsection (3); and

is liable to imprisonment for 2 years, or to a fine of 500 penalty units, or both.

(5) A prosecution for an offence under subsection (1) may be commenced at any time within 2 years after the time when the offence is alleged to have been committed.

310. Damaging data in computer

A person who intentionally and without authority or lawful excuse:

(a) destroys, erases or alters data stored in or inserts data into a computer; or

(b) interferes with, or interrupts or obstructs the lawful use of a computer, is liable to penal servitude for 10 years, or to a fine of 1,000 penalty Units, or both.

Northern Territory: (Criminal Code Act)

222. Unlawfully obtaining confidential information

Any person who unlawfully abstracts any confidential information from any register, document, computer or other repository of information with intent to cause loss to a person or with intent to publish the same to a person who is not lawfully entitled to have or to receive it, or with intent to use it to obtain a benefit or advantage for himself or another, is guilty of a crime and is liable to imprisonment for 3 years.

223. Unlawfully disclosing trade secrets

Any person who unlawfully publishes or discloses a trade secret with intent to cause loss to a person or to obtain a benefit or advantage for himself or another is guilty of a crime and is liable to imprisonment for 3 years.

276. Making false data processing material

(1) Any person who unlawfully alters, falsifies, erases or destroys any data processing material with any fraudulent intention is guilty of a crime and is liable to imprisonment for 3 years.

(2) If he does so with the intent that an incorrect data processing response will be produced and with the intent that it may in any way be used or acted upon as being correct, whether in the Territory or elsewhere, to the prejudice of any person or with intent that any person may, in the belief that it is correct, be induced to do or refrain from doing any act, whether in the Territory or elsewhere, he is liable to imprisonment for 7 years.

South Australia (Summary Offences Act 1953)

44. Unlawful operation of computer system

(1) A person who, without proper authorisation, operates a restricted-access computer system is guilty of an offence.

(2) The penalty for an offence against subsection (1) is as follows:

(a) if the person who committed the offence did so with the intention of obtaining a benefit from, or causing a detriment to, another-division 7 fine or division 7 imprisonment.

(b) in any other case-division 7 fine.

(3) A computer system is a restricted-access computer system if:

(a) the use of a particular code of electronic impulses is necessary in order to obtain access to information stored in the system or operate the system in some other way; and

(b) the person who is entitled to control the use of the computer system has withheld knowledge of the code, or the means of producing it, from all other persons, or has taken steps to restrict knowledge of the code, or the means of producing it, to a particular authorised person or class of authorised persons.

Queensland: (Criminal Code Act 1899)

408D. Computer hacking and misuse

(1) A person who uses a restricted computer without the consent of the computer’s controller commits an offence.

Maximum penalty: 2 years imprisonment.

(1) If the person causes or intends to cause detriment or damage, or gains or intends to gain a benefit, the person commits a crime and is liable to imprisonment for 5 years.

(2) If the person causes a detriment or damage or obtains a benefit for any person to the value of more than $5 000, or intends to commit an indictable offence, the person commits a crime and is liable to imprisonment for 10 years.

(3) It is a defence to a charge under this section to prove that the use of the restricted computer was authorised, justified or excused by law.

(4) In this section:

“benefit” includes a benefit obtained by or delivered to any person;

“computer” means all or part of a computer, computer system or computer network and includes, for example, all external devices connected to the computer in any way or capable of communicating with each other as part of a system or network.

“controller” means a person who has a right to control the computer’s use.

“damage” includes:

(a) damage to any computer hardware or software; and

(b) for information–any alteration, addition, removal or loss of, or other damage to, information.

“information” includes data, file, document, or computer language or coding.

“detriment” includes any detriment, pecuniary or otherwise, to any person.

“restricted computer” means a computer for which:

(a) a device, code or a particular sequence of electronic impulses is necessary in order to gain access to or to use the computer; and

(b) the controller:

(i) withholds or takes steps to withhold access to the device, or knowledge of the code or of the sequence or of the way of producing the code or the sequence, from other persons; or

(ii) restricts access or takes steps to restrict access to the device or knowledge of the code or of the sequence, or to the way of producing the sequence, to a person or a class of person authorised by the controller.

“use”, of a restricted computer, includes accessing or altering any information stored in, or communicate information directly or indirectly to or from, the restricted computer, or cause a virus to become installed on or to otherwise affect, the computer.

Tasmania (Criminal code 1924)

257A. Interpretation:

In this chapter:

“data” includes information, a computer programme or part of a computer programme;

“gain access” includes to communicate with a computer.

257B. Computer-related fraud

A person who, with intent to defraud:

(a) destroys, damages, erases, alters or otherwise manipulates data stored in, or used in connection with, a computer; or

(b) introduces into, or records or stores in, a computer or system of computers by any means data for the purpose of:

(i) destroying, damaging, erasing or altering other data stored in that computer or that system of computers; or

(ii) interfering with, interrupting or obstructing the lawful use of that computer or that system of computers or the data stored in that computer or system of computers; or

is guilty of a crime.

257C.Damaging computer data

A person who intentionally and without lawful excuse–

(a) destroys, damages, erases or alters data stored in a computer; or

(b) interferes with, interrupts or obstructs the lawful use of a computer, a system of computers or any part of a system of computers or the data stored in that computer or system of computers–

is guilty of a crime.

257D. Unauthorised access to a computer

A person who, without lawful excuse, intentionally gains access to a computer, system of computers or any part of a system of computers, is guilty of a crime.

257E. Insertion of false information as data

A person who dishonestly introduces into, or records or stores in, a computer or a system of computers, by any means, false or misleading information as data is guilty of a crime.

257F. Extra-territorial application of this chapter

(1) If:

(a) a person does an act or thing referred to in sections 257B to 257E (both inclusive) outside, or partly outside, Tasmania; and

(b) there is a real and substantial link within the meaning of subsection (2) between doing the act or thing and Tasmania

those sections apply in relation that act or thing as if it had been done wholly within Tasmania.

(2) For the purposes of subsection (1), there is a real and substantial link with Tasmania:

(a) if a significant part of the conduct relating to, or constituting, the doing of the act or thing occurred in Tasmania; or

(b) where the act or thing was done wholly outside Tasmania or partly within Tasmania, if substantial harmful effects arose in Tasmania.

Western Australia: (The Criminal Code Act Compilation Act 1913)

440A. Unlawful operation of a computer system

(1) In this section:

(a) “system” means a computer system or a part or application of a computer system;

(b) a system is a restricted-access system if–

(i) the use of a particular code, or set of codes, of electronic impulses is necessary in order to obtain access to information stored in the system or operate the system in some other way; and

(ii) the person who is entitled to control the use of the system has withheld knowledge of the code, or set of codes, or the means of producing it, from all other persons, or has taken steps to restrict knowledge of the code or set of codes, or the means of producing it, to a particular authorised person or class of authorised persons.

(2) A person who without proper authorisation –

(a)gains access to information stored in a restricted-access system; or

(b) operates a restricted-access system in some other way

is guilty of an offence and is liable to imprisonment for one year or a fine of $4,000.00.

(3) A prosecution for an offence under subsection (2) may be commenced at any time.

CANADA (CANADIAN CRIMINAL CODE):

342. (1) Unauthorised use of computer

Every one who, fraudulently and without colour of right,

(a) obtains, directly or indirectly, any computer service,

(b) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system.

(c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system, or

(d) uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph (a), (b) or (c)

is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction.

(2) In this section:

“computer password” means any data by which a computer service or computer system is capable of being obtained or used;

“computer program” means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function;

“computer service” includes data processing and the storage or retrieval of data;

“computer system” means a device that, or a group of interconnected or related devices one or more of which,

(a) contains computer programs or other data, and

(b) pursuant to computer programs,

(i) performs logic and control, and

(ii) may perform any other function;

“data” means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer system;

“electro-magnetic, acoustic, mechanical or other device” means any device or apparatus that is used or is capable of being used to intercept any function of a computer system, but does not include a hearing aid used to correct subnormal hearing of the user to not better than normal hearing;

“function” includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within a computer system;

“intercept” includes listen to or record a function of a computer system, or acquire the substance, meaning or purport thereof.

“traffic” means, in respect of a computer password to traffic, sell, export from or import into Canada, distribute or deal with in any other way.

430 (1.1) Mischief

Every one commits mischief who wilfully:

(a) destroys or alters data;

(b) renders data meaningless, useless or ineffective;

obstructs, interrupts or interferes with any person in the lawful use of data or denies access to data to any person who is entitled to access thereto.

...

(5) Everyone who commits mischief in relation to data

(a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or

is guilty of an offence punishable on summary conviction.

...

(8) In this section, “data” has the same meaning as in section 342.1

SINGAPORE (Computer Misuse Act 1993):

2. Interpretation:

(1) In this Act, unless the context otherwise requires–

“computer” means an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device or group of such interconnected or related devices, but does not include an automated typewriter or typesetter, a portable hand held calculator or other similar device which is non-programmable or which does not contain any data storage facility;

“computer output” or “output” means a statement or representation (whether in written, printed, pictorial, graphical or other form) purporting to be a statement or representation of fact:

(a) produced by a computer; or

(b) accurately translated from a statement or representation so produced;

“computer service” includes computer time, data processing and the storage or retrieval of data;

“data” means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer;

“electronic, acoustic, mechanical or other device” means any device or apparatus that is used or is capable of being used to intercept any function of a computer;

“function” includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within a computer;

“intercept”, in relation to a function of a computer, includes listening to or recording a function of a computer, or acquiring the substance, meaning or purport thereof;

“program or computer program” means data representing instructions or statements that, when executed in a computer, causes the computer to perform a function.

(2) For the purposes of this Act, a person secures access to any program or data held in a computer if by causing a computer to perform any function he –

(a) alters or erases the program or data;

(b) copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held;

(d) causes it to be output from the computer in which it is held (whether by having it displayed or in any other manner),

and references to access to a program or data (and to an intent to secure such access) shall be read accordingly.

(3) For the purposes of subsection (2)(c), a person uses a program if the function he causes the computer to perform–

(a) causes the program to be executed; or

(b) is itself a function of the program.

(4) For the purposes of subsection (2)(d), the form in which any program or data is output (and in particular whether or not it represents a form in which, in the case of a program, it is capable of being executed or, in the case of data, it is capable of being processed by a computer) is immaterial.

(5) For the purposes of this Act, access of any kind by any person to any program or data held in a computer is unauthorised or done without authority if –

(a) he is not himself entitled to control access of the kind in question to the program or data; and

(b) he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled.

(6) A reference in this Act to any program or data held in a computer includes a reference to any program or data held in any removable storage medium which is for the time being in the computer; and a computer is to be regarded as containing any program or data held in any such medium.

(7) For the purposes of this Act, a modification of the contents of any computer takes place if, by the operation of any function of the computer concerned or any other computer -

(a) any program or data held in the computer concerned is altered or erased;

(b) any program or data is added to its contents; or

and any act which contributes towards causing such a modification shall be regarded as causing it.

(8) Any modification referred to in subsection (7) is unauthorised if –

(a) the person whose act causes it is not himself entitled to determine whether the modification should be made; and

(b) he does not have consent to the modification from any person who is so entitled.

(9) A reference in this Act to a program includes a reference to part of a program.

3. Unauthorised access to computer material

(1) Subject to subsection (2), any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $2,000.00 or to imprisonment for a term not exceeding 2 years or to both.

(2) If any damage caused by an offence under this section exceeds $10,000.00, a person convicted of the offence shall be liable to a fine not exceeding $20,000.00 or to imprisonment for a term not exceeding 5 years or to both.

(3) For the purposes of this section, it is immaterial that the Act in question is not directed at:

(a) any particular program or data;

(b) a program or data of any kind; or

4. Unauthorised access with intent to commit or facilitate commission of further offences

(1) Any person who causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer with intent to commit an offence to which this section applies shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $50,000.00 or to imprisonment for a term not exceeding 10 years or to both.

(2) This section shall apply to offences involving property, fraud, dishonesty or which causes bodily harm punishable on conviction with imprisonment for a term of 2 years or more.

(3) For the purposes of this section, it is immaterial whether the offence to which this section applies is to be committed at the same time when the unauthorised access is secured or on any future occasion.

5. Unauthorised modification of computer material

(1) Subject to subsection (2), any person who does any act which he knows will cause an unauthorised modification of the contents of any computer shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $2,000.00 or to imprisonment for a term not exceeding 2 years or to both.

(3) For the purposes of this section, it is immaterial that the act in question is not directed at:

(a) any particular program or data;

(b) a program or data of any kind; or

(4) For the purposes of this section, it is immaterial whether an unauthorised modification is, or is intended to be, permanent or merely temporary.

6. Unauthorised use or interception of computer service

(1) Subject to subsection (2), any person who knowingly–

(a) secures access without authority to any computer for the purpose of obtaining, directly or indirectly, any computer service;

(b) intercepts or causes to be intercepted without authority, directly or indirectly, any function of a computer by means of an electromagnetic, acoustic, mechanical or other device; or

(c) uses or causes to be used, directly or indirectly, the computer or any other device for the purpose of committing an offence under paragraph (a) or (b),

shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $2,000.00 or to imprisonment for a term not exceeding 2 years or to both.

(3) For the purposes of this section, it is immaterial that the unauthorised access or interception is not directed at –

(a) any particular program or data;

(b) a program or data of any kind; or

a program or data held in any particular computer.

NZLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.nzlii.org/nz/other/nzlc/report/R54/R54-Appendix.html