Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Criminal Justice

6.1. Case Study: DPP v Sutcliffe - Cyberspace Law and Policy Centre

advertisement 
Cyberspace Law materials - Crime
1.
Introduction ...................................................................................................... 1
1.1.
2.
Cybercrime in Australia
2
Unlawful Access and Computer Trespass ...................................................... 3
2.1.
Case study: US v Robert Tappan Morris
5
3.
Modifying Data and Impairment of electronic communication .................. 6
4.
Theft of Data ..................................................................................................... 7
5.
Computer Fraud ............................................................................................... 7
6.
Cyber-Stalking and Harassment ..................................................................... 8
6.1.
6.2.
Case Study: DPP v Sutcliffe
Case Study: State of California v Dellapenta
9
10
7.
Possession of child pornography ................................................................... 10
8.
Cybercrime Act 2001 (Cth) and State Legislation ...................................... 11
9.
International Cybercrime Treaty ................................................................. 12
1.
Introduction
As society becomes ever more reliant on computers and the Internet, cyberspace crime
becomes increasingly prevalent.
The ‘2002 Australian Crime and Computer Survey’ revealed that 67% of organisations
surveyed experienced an electronic attack, twice the level experienced in 1999, and
higher than the US, with 35 % of these companies experiencing six or more attacks. Yet
despite the frequent occurrence of cyberspace crime there is a reluctance to report
offences, 61% of respondents choose not to take any legal action.
(http://www.auscert.org.au/download.html?f=11)
So what type of crimes are being committed? Federal Agent Mark Walters of the
Australian Federal Police reported that in 9 months in 2001 the AFP received 320 ecrime referrals.(http://www.austlii.edu.au/au/other/CyberLRes/2001/31/) Of these:

54% were in relation to online child pornography and paedophilia,

16% involved hacking, and denial of service attacks,

reports of Internet viruses, Trojans and worms accounted for 8% of referrals.
Cybercrime
1
06 - Cyberspace Law materials - Crime
Page 2

threats, harassment and stalking over the Internet (8%) and

fraud (6%).
For a paper looking at cybercrime from both an International and Australian perspective
read Australian Institute of Criminology’s paper Computer Crime
(http://www.aic.gov.au/conferences/fraud/smith.pdf). While slightly out of date in terms
of recently released policy and statistics it still serves as a good overview on cybercrime
and the need for regulation.
1.1.
Cybercrime in Australia
Under the Australian system of Government, all Australian States and Territories have a
general power to enact criminal laws to operate within their own borders.
The Commonwealth is limited to enacting criminal laws which fall within one of its
heads of constitutional power.
The Commonwealth’s constitutional power to enact laws with respect to "telephonic,
telegraphic and other like services" (s 51(v) of the Constitution) is of particular
relevance in the context of cyberspace crime.

Split between State and Federal Laws
In many areas, including cyberspace crime, Commonwealth and State and Territory
offences exist and operate side by side. See Commonwealth Constitution s51 (try
ComLaw) for the heads of power for Cth law - anything outside of these 35 is state
material.
State
The State and Territory offences applying generally to wrongful conduct within that
jurisdiction
Federal
The Commonwealth offences targeting particular aspects (for example, offences
involving computers owned or leased by the Commonwealth, and offences involving a
telecommunications carriage service).
In addition to this the Commonwealth’s Cybercrime Act 2001 offers more
comprehensive regulation of computer and Internet related offences.
The Cybercrime Act replaced previous section 76 of the Crimes Act 1914 (Cth) that
dealt with computer offences .
The Act amended the Criminal Code Act 1995 (Cth) with general offences concerning
unauthorised access, modification and impairment of data (see part 10.7 of the Code:
http://www.austlii.edu.au/au/legis/cth/consol_act/cca1995115/sch1.html )
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 3
Following the lead of their federal counterparts, many states have updated, or are in the
process of updating the law in this area.
Subsequent to the Cybercrime Act 2001 numerous legislative initiatives have been
made, including:
2.

Crimes Legislation Amendment (Telecommunications Offences and
Other Measures) Act (No. 2) 2004.
(http://www.comlaw.gov.au/ComLaw/Management.nsf/lookupindexpage
sbyid/IP200613231?OpenDocument)

Criminal Code Amendment (Suicide Related Material Offences) Act 2005
(Cth)
(http://www.comlaw.gov.au/ComLaw/Legislation/Act1.nsf/all/search/30
4ACF9E0F446FFDCA257038001821BF)

Security Legislation Amendment (Terrorism) Act 2002 (Cth):
(http://www.comlaw.gov.au/ComLaw/Legislation/ActCompilation1.nsf/
all/search/BF11D64CD73A126FCA256F7100572137).
Unlawful Access and Computer Trespass
"Hacker" and "cracker" are terms which are used to describe people who intentionally
seek to access computer systems or networks with dishonest intentions. A cracker may
access a system with destructive or malicious intentions, such as to alter data or to
spread a virus, whereas a hacker is generally motivated by curiosity. (Akindemowo,
Olujoke (1999) ‘Computer Crime, Telecommunications and Internet Abuse’, Chapter 5
Information Technology Law in Australia, Law Book Company)
Hackers and crackers may be criminally liable if they access, or access and continue to
examine ‘restricted data’. (see Division 477 and 478 Criminal Code 1995 (Cth)
(http://www.austlii.edu.au/au/legis/cth/consol_act/cca1995115/sch1.html )) .
Cracking may also involve damage to data and fraud.
The Commonwealth, the States and the ACT have enacted laws in relation to computer
trespass and the unauthorised access of data (try AustLII):

s478.1, 477.1 Criminal Code 1995 (Cth).

s 9A Summary Offences Act 1966 (Vic)

ss 308C – 308H Crimes Act 1900 (NSW)

s 44 Summary Offences Act 1953 (SA)

s 135J Crimes Act 1900 (ACT)

s 440A Criminal Code Act 1913 (WA)
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime

Page 4

s 408D Criminal Code 1899 (Qld)

s 257D Criminal Code Act 1924 (Tas)).
Commonwealth data
Most of the relevant provisions in the Commonwealth code relate specifically to
Commonwealth data, that is, data which is stored in a Commonwealth computer or data
which is stored on behalf of the Commonwealth in a computer that is not a
Commonwealth computer (see s476.1 Criminal Code 1995 (Cth)).For example, the
Commonwealth Act provides that a person who intentionally and without authority
obtains access to restricted Commonwealth data is guilty of an offence (s478.1 ) The
relevant Victorian Act states that a person must not gain access to, or enter, a computer
system or part of a computer system without lawful authority to do so (Summary
Offences Act 1966 (Vic), section 9A). In New South Wales a person who among other
things causes unauthorised access to or modification of restricted data held in a
computer is guilty of an offence (s 308H Crimes Act 1900 (NSW)).
Prior to the Cybercrime Act 2001 the Crimes Act 1914 had separate offences which
dealt with the unauthorised access of particularly sensitive data; Including data relating
to the ‘security, defence or international relations of Australia’, and ‘the personal
information of any person’.
The new Criminal Code doesn’t have such special offences relating to access to
particular data. Rather, it includes several new serious offences with penalties of up to
10 years imprisonment. Including:
Unauthorised access, modification or impairment with intent to commit a serious
offence (section 477.1) a serious offence includes both Commonwealth and State and
Territory crimes with maximum penalty’s of 5 years imprisonment.
Unauthorised impairment of electronic communication (section 477.3) This section was
included in an attempt to halt the growing rise of ‘denial of service attacks’, where a
particular service provider is forced offline by repetitive and constant legal accesses.The
Criminal Code extends unauthorised access crimes beyond instances were unauthorised
access has been acquired over data stored on Commonwealth (or Commonwealth
leased) computer systems.
It is a crime to access, modify or impair any ‘restricted data’ via a carriage service (as
defined in s7 Telecommunications Act 1997(Cth) as being ‘a service for carrying
communications by means of guided and/or unguided electromagnetic energy.’).
The broad definition of ‘carriage service’ means crimes can be proven with
unauthorised access of both private and public data.
It is a requirement under the Criminal Code to make out the unauthorised access offence
(478.1) that the data accessed is restricted data. Restricted data is defined (in section
477.1 (3)) as data:
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 5
(a) held in a computer; and
(b) to which access is restricted by an access control system associated with a
function of the computer.
Further Reading:
For a ‘A Brief History of Computer Hacking’ read
http://www.chiroweb.com/columnist/devitt/
For an example of someone being convicted of hacking read ‘Aussie hacker gets two
year sentence’
(http://www.zdnet.com.au/newstech/security/story/0,2000024985,20261598-1,00.htm)
(R v Boden [2002] QCA 164)
2.1.
Case study: US v Robert Tappan Morris
US v Robert Tappan Morris 1991 928 F2d 504 (United States Court of Appeals for the
Second Circuit)
Morris intended his worm to be benign, not to interfere with normal processing on
computers, but merely to demonstrate conclusively the security flaws in Unix (and the
technological potential of computer worms). The problem which he did not anticipate
was that if the worm duplicated itself numerous times on one computer it could bog it
down. Therefore, the worm would 'ask' the computer if it was already there and if so not
duplicate itself. However, Morris set the program so that it would still duplicate itself
once every 7 'yes's, just in case system controllers were trying to stop it by causing
computers to respond with false 'yes's. The problem was that the 1/7 ratio still caused
the bogging down that Morris was trying to avoid! This led to $100,000s costs to
internet server operators while computers everywhere on the Internet had to be shut
down in order to get rid of it.
Newman J held:
—
The requirement of intention only applied to obtaining unauthorised
access, not to causing damage (ie strict liability for damage flowing
from unauthorised access - M's benign intentions were irrelevant).
[See later concerning Australian provisions re damage]
—
The US Act was not only aimed at 'hackers'. Those with some
authorised access to Federal computers can be liable if they exceed it
to gain access to other 'federal interest' computers. Here, there were
two reasons why M exceeded his authority: (a) he had authority to use
SendMail and Finger to communicate with other federal computers,
but 'he did not use either of those features in a way related to their
intended function. He did not send or read mail nor discover
information about other users; instead he found holes in both
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 6
programs ...'; and (b) 'the worm was designed to spread to other
computers at which he had no account and no authority, express or
implied, to unleash the worm program' (including by guessing
passwords).
(http://www.austlii.edu.au/au/other/crime/Morris.html)
3.
Modifying Data and Impairment of electronic
communication
A variety of Commonwealth, State and Territory laws exist which make it an offence
for a person to alter or impair information stored on a computer, or to impede access to
a computer (s 9A Summary Offences Act 1966 (Vic); ss 308C – 308E Crimes Act 1900
(NSW); s 44 Summary Offences Act 1953 (SA); s 135K Crimes Act 1900 (ACT); s
257C Criminal Code 1924 (Tas)).
For example, the New South Wales Crimes Act provides that a person who intentionally
and without authority or lawful excuse destroys, erases or alters data stored, or inserts
data into a computer, or interferes with, or interrupts or obstructs the lawful use of a
computer is liable to imprisonment or a fine, or both (ss 308C and 308D).
The Commonwealth access offences (478.1 and 477.1 Criminal Code 1995) can also be
made out where the data has been ‘modified’. Modification is defined as (in section
476.1 Criminal Code):
a) the alteration or removal of the data; or
b) An addition to the data.
Before the Cybercrime Act 2001, offences in the Crimes Act 1914 (Cth) bundled
together unauthorised modification/deletion of data and impairment of access to
computers. However, now, in the Criminal Code several unique offences exist relating
to impairment of electronic communication.
Firstly, section 477.2 outlines that unauthorised modification of data to cause
impairment is a serious offence (max penalty 10 years imprisonment). The accused
merely needs to be reckless as to whether their modification will impair:
-
access to that or any other data held in the computer, or
-
the reliability, security or operation, of any such data.
Secondly, unauthorised impairment of electronic communication (s477.3) is also a
serious offence. An accused is guilty if they caused unauthorised impairment of
communications to or from a computer, and they intended to do so.
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 7
The Criminal Code also includes a new, minor offence (2 years imprisonment) of
‘Unauthorised impairment of data held on a computer disk’ (s478.2). The difference
between the effect of this section and section 477.3/477.2 is it doesn’t apply where
impairment of communications over a carriage service has occurred, rather only
applying where impairment has been made to data stored on a commonwealth computer
disk. However, since almost all computers are networked over carriage services and
most electronic communications are conducted over carriage services it is difficult
(though not impossible) to imagine situations where prosecutions would be made under
the less serious 478.2, rather than the more severe 477.3/477.2.
4.
Theft of Data
The question of whether there can be theft of computer data remains unsettled. An
intruder into a computer system who dishonestly appropriates information is likely to be
charged with unauthorised access or computer trespass, rather than theft.
Criminal Code Amendment (Theft, Fraud, Bribery and Related Offences) Act 2000
(Cth) (http://scaletext.law.gov.au/html/comact/10/6251/top.htm) provides that a person
is guilty of theft if they dishonestly appropriate property belonging to another with the
intention of permanently depriving that person of the property, and the property belongs
to a Commonwealth entity (s 131.1 Criminal Code (Cth)).
Property is defined by the Code to include "intangible property". It remains to be seen
whether computer data will fall within this definition.
Internetnews.com’s article (http://www.internetnews.com/busnews/article.php/1474961) highlights just how significant the problem of ‘stolen’ data
can be.
5.
Computer Fraud
Fraud in the off-line environment generally involves deception through the use of a
tangible object, such as a created document. In cyberspace, however, fraud may be
committed through the use of digital technology without the need for any such object.
Section 477.1 of the Criminal Code 1995 (Cth) allows for prosecutions to be made
where computers are used in attempts to commit serious criminal offences, for example:
fraud. If unauthorised access, modification or impairment of data occurs with intent to
commit a serious offence (one that an individual may receive a 5 year imprisonment
from) the individual commits a serious offence in accessing, modifying or impairing
that data. And is liable for the penalty that would be granted should the serious criminal
offence (fraud) have been committed (maximum 10 year’s imprisonment).
Laws dealing specifically with computer fraud have also been established under State
legislation. Victorian
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 8
(See also Part 1 Div 2 Crimes Act 1958 (Vic); Part 4 Div 1 Subdiv 7 Crimes Act 1900
(NSW); s 184 Criminal Law Consolidation Act 1935 (SA); Part 4 Crimes Act 1900
(ACT); Part 6 Criminal Code Act 1913 (WA); Part 6 Div 1 Criminal Code (Qld); Part 7
Criminal Code 1983 (NT), in relation to fraud generally). The Tasmanian Criminal
Code, for example, states that a person who, uses a computer with intent to defraud, is
guilty of the crime of computer-related fraud (s 257B). Victoria’s Crimes (Property
Damage and Computer Offences) Bill
http://www.dms.dpc.vic.gov.au/domino/Web_Notes/LDMS/PubPDocs_Arch.nsf/5da74
42d8f61e92bca256de50013d008/43de6d1c492085dfca2570d8001ba393!OpenDocumen
t) is currently (as at late March 2003) before the Legislative Assembly, having already
been certified by the Lower House. The Bill implements the recommendations of the
January 2001 Model Criminal Code report: Damages and Computer Offences. The Bill
is expected to pass through the Legislative Assembly given that the Government
possesses a clear majority.
For an article on computer fraud in NSW and law enforcement read Computer fraud on
the rise: experts (http://www.smh.com.au/articles/2002/06/04/1022982692576.html)
Australian Institute of Criminology’s paper Confronting Fraud in the Digital Age
(http://www.aic.gov.au/conferences/fraud/smith.pdf) looks at types of computer fraud,
how it is perpetrated and methods of regulation.
6.
Cyber-Stalking and Harassment
Stalking is commonly defined as the act of frequently giving unwanted attention to a
person with the intention of intimidating them or causing them to fear for their safety or
the safety of others. Cyber-stalking is comparable to traditional stalking in that it
involves persistent behaviours that instil fear in the victim, however it is executed
though the use of technologies such as email, the Internet, chat rooms, instant
messaging, bulletin boards, web-based discussion forums, IRC, and/or usenet groups.
So far Victoria is the only state that has specifically legislated against cyber-stalking
with its Crimes (Stalking and Family Violence) Bill
(http://www.dms.dpc.vic.gov.au/domino/Web_Notes/LDMS/PubPDocs_Arch.nsf/ee665
e366dcb6cb0ca256da400837f6b/F5D53F48603C0982CA2570D70018CECD/$FILE/55
1026exi1.pdf) that was introduced to parliament on the 25th of March 2003. It imposes a
maximum sentence of 10 years imprisonment for cyberstalking. Types of conduct that
will amount to stalking include:

Sending obscene, or harassing e-mails;

Posting false information or doctored images of people on the Internet; and

Assuming the identity of another person.
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 9
The key features of the Bill is include that it removes the essential requirement from
current stalking law that the victim is aware that they are being stalked by the defendant,
and once in operation the law will have extra-territorial effect.
Currently under Victorian legislation a ‘course of conduct’ that is considered stalking is
sending electronic messages (s 21A Crimes Act 1958 (Vic) and s 359B Criminal Code
Act 1899)
In other states cyber-stalking is covered by stalking legislation generally. For example,
it is an offence for a person to knowingly or recklessly use a carriage service supplied
by a carrier to menace or harass another person or to use a carriage service supplied by a
carrier in such a way as would be regarded by reasonable persons as being, in all the
circumstances, offensive (s 85ZE Crimes Act 1914 (Cth)). (Note: this provision does not
apply to Internet content which is regulated under the Broadcasting Service Act 1992
(Cth), and other offences of specific application such as those governing pornography).
Any conduct which could reasonably be likely to arouse an apprehension of fear in the
victim is an offence (See s 21A(2)(b) Crimes Act 1958 (Vic); s 562AB Crimes Act 1900
(NSW); s 19AA Criminal Law Consolidation Act 1935 (SA); s 34A Crimes Act 1900
(ACT); s 359A Criminal Code 1995 (Qld); s 338D Criminal Code 1913 (WA); s 192
Criminal Code 1924 (Tas); s 189 Criminal Code 1983 (NT)). Accordingly, sending
email or posting messages on interactive Internet forums such as bulletin boards or chat
rooms may constitute stalking.
An intervention order is the most common remedy for stalking. Breach of an
intervention order may result in imprisonment.
For a detailed look at cyber-stalking read the Australian Institute of Criminology Trends
and Issues Paper No. 166 ‘Cyberstalking’
(www.aic.gov.au/publications/tandi/ti166.pdf)
6.1.
Case Study: DPP v Sutcliffe
Apart from being an example of cyberstalking, DPP v Sutcliffe [2001] VSC 43
(http://www.austlii.edu.au/au/cases/vic/VSC/2001/43.html) also highlights the problem
cross-jurisdictional issues that often arise when the Internet and other like technologies
are involved and how cyberstalking often occurs in conjunction with more traditional
forms of stalking.
Brian Andrew Sutcliffe was charged under s 21A of the Crimes Act 1958 (Vic) with
stalking Canadian actress Sara Ballingal (formerly on the television programs Degrassi
Junior High and Degrassi High), accused of sending the actress threatening phone calls,
letters and emails over a period of six years. While Sutcliffe was charged in Victoria,
the state from which he perpetrated the crime, the effects of it were felt in Canada where
the victim resides. Who then has jurisdiction?
The magistrate from when the case was initially heard, found she could not hear the
case because the effect of the crime was felt in Canada, not Victoria.
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 10
“I'm not convinced that this court has jurisdiction to proceed with this charge
of stalking. It is an essential element of the offence that any course of conduct
engaged in, by the defendant, actually did have the effect of arousing
apprehension or fear in the victim for her personal safety. This can only have
occurred in Canada…[and] I find that nothing to displace the presumption that
a penal statute will be taken not to have extra-territorial operation.” Para 16
DPP v Sutcliffe [2001] VSC 43
However on appeal to the Supreme Court of Victoria, Gillard J found that Magistrate
Wakeling was wrong in deciding that s 21A did not have extraterritorial application. He
found that “to so confine the legislation [to Victoria only] would be to stultify it or
make it unworkable in respect to certain conduct which was clearly stalking” (at para
91) and ordered “that the charge be remitted to the Magistrates' Court” (at para 104).
Sutcliffe lodged an appeal against the Supreme Court decision, although on the 7th of
April 2003 Mr Sutcliffe was refused leave to appeal to the NSW Court of Appeal.
6.2.
Case Study: State of California v Dellapenta
In State v Dellapenta (Los Angeles Superior Court 1999) 50 year-old, Gary Dellapenta
plead guilty to one count of stalking and three counts of soliciting sexual assault to a 28
year-old woman who rejected his romantic advances.
In various Internet chat rooms and bulletin boards Dellapenta impersonated the victim
posting her name, address and telephone number claiming that she fantasies about being
sexually assaulted. On at least six occasions, sometimes in the middle of the night, men
knocked on her door saying that they wanted to rape her.
She posted a note on her apartment door saying that the Internet postings were fake only
later to find further online postings saying to disregard that notice and that it was all part
of her fantasy. The victim was never actually sexually assaulted but was in a
considerable amount of fear for her safety. The case marks the first time California’s
cyberstalking law (California Penal Code s 646.9) was invoked.
http://www.wired.com/news/politics/0,1283,17504,00.html
7.
Possession of child pornography
Possession of child pornography cached on a personal computer as a result of an
Internet browsing session may constitute an offence under State laws.
For example, in NSW, a person who has in his or her possession any child abuse
material is guilty of an offence which carries a maximum penalty of $11,000 or
imprisonment for 2 years or both (s 91H Crimes Act 1900 (NSW)).
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 11
Child pornography is material (includes any form of recording from which a visual
image, including a computer generated image, can be produced) that is refused
classification or would, if classified, be refused classification by the Office of Film and
Literature Classification Board on the basis that it describes or depicts, in a way that is
likely to cause offence to a reasonable adult, a person (whether or not engaged in sexual
activity) who is a child under 16 or who looks like a child under 16.
Property in a person’s custody or knowingly in the custody of another person is
considered to be possession (s 7 Crimes Act 1900 (NSW)).
Child pornography is also prohibited on the Internet (and prohibited from being
broadcast generally) under the Broadcasting Services (Online Services) Amendment Act
1999 (Cth) which changes the 1992 BSA .
(http://corrigan.austlii.edu.au/au/legis/cth/consol_act/bsa1992214/)
Child Pornography, the Internet and offending
(http://www.isuma.net/v02n02/taylor/taylor_e.shtml) adopts a rather psychological
perspective in looking at child pornography on the Internet.
8.
Cybercrime Act 2001 (Cth) and State Legislation
The Cybercrime Act 2001 (Cth)
(http://www.austlii.edu.au/au/legis/cth/consol_act/ca2001112/index.html) and the
mirror State legislation criminalise harmful technology assisted activities, such as
producing a destructive virus, hacking and cracking. It also imposes heavy penalties on
offenders and increases police powers of investigation. Many of the Act’s provisions are
modelled on the Council of Europe Draft Convention on Cybercrime 2001 (the finalised
version of which is the International Cybercrime Treaty, see below).
In NSW the Crimes Amendment (Computer Offences) Act 2001
(http://www.austlii.edu.au/au/legis/nsw/consol_act/caoa2001330/index.html#s3) was
enacted which replicated the provisions of the Commonwealth legislation. Certain
sections also have extra-territorial application, recognising the fact that the effect of
many computer crimes are not felt in the same state or even country from which they
originate (s 308C(3) and s 308F(2)(b)).
Discussion and Criticism of Commonwealth/State Acts:
For an article criticising the Commonwealth Act see:
http://www.smh.com.au/articles/2002/11/25/1038173686523.html
Another good page containing information on the Cybercrime Act is Electronic
Frontiers Australia’s: http://www.efa.org.au/Issues/Security. It also includes a link to a
detailed analysis of the Act.
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
9.
Page 12
International Cybercrime Treaty
The Council of Europe released the International Cybercrime Treaty
(http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm [Detailed reading is not
required, though you may wish to refer to specific parts in reaction to comments and
concerns raised below]). It was officially released on 23 November 2001 and is “the
first international treaty to address criminal law and procedural aspects of various types
of offending behaviour directed against computer systems, networks or data as well as
other similar abuses.”:
A CoE Press Release "Crime in Cyberspace - First Draft of International Convention
Released for Public Discussion", 27 April 2000,
http://www.privacyinternational.org/issues/cybercrime/coe/cyber.htm, summarised the
Convention (in its first release) as follows:
The draft provides, among others, for the co-ordinated criminalisation of computer
hacking and hacking devices, illegal interception of data and interference with computer
systems, computer-related fraud and forgery. It also prohibits on-line child
pornography, including the possession of such material after downloading, as well the
reproduction and distribution of copyright protected material. The draft Convention will
not only define offences but will also address questions related to the liability of
individual and corporate offenders and determine minimum standards for the applicable
penalties.
The draft text also deals with law enforcement issues: future Parties will be obliged to
empower their national authorities to carry out computer searches and seize computer
data, require data-subjects to produce data under their control, preserve or obtain the
expeditious preservation of vulnerable data by data-subjects. The interception of data
transmitted through networks, including telecommunication networks, is also under
discussion. These computer-specific investigative measures will also imply co-operation
by telecom operators and Internet Service Providers, whose assistance is vital to identify
computer criminals and secure evidence of their misdeeds.
As computer crimes are often international in their nature, national
measures need to be supplemented by international co-operation. The
draft treaty therefore requires future Parties to provide each other various
forms of assistance, for example by preserving evidence and locating online suspects. The text also deals with certain aspects of trans-border
computer searches. Traditional forms of mutual assistance and
extradition would also be available under the draft Convention and a
network of 24 hours/ day, 7 days/week available national contact points
would be set up to speed up international investigations.
For a CoE press release on the completed treaty see
http://www.privacyinternational.org/issues/cybercrime/coe/cdpc-approval-601.html.
many drafts the Treaty remains substantially unaltered.
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
Despite the
06 - Cyberspace Law materials - Crime
Page 13
Some of the many points of the treaty which should be noted include:
A4 'Data Interference' and A5 'System Interference' intended to deal with 'denial of
service' attacks through the concept of 'suppression' of data, which is interpreted to
include actions which 'render inaccessible' data by preventing someone accessing it.
The production, sale etc of 'devices' (including programs) 'designed or adapted
primarily' for committing computer crimes, with intent that they be so used, is required
to be criminalised (A6). Efforts are made to stop this provision extending to cover those
'hacking' tools which are legitimately used for testing the security of systems (A6(2),
and the intent elements of the offence), but this remains a very controversial inclusion.
Title 3 'Content-related offences' establishes international criminal sanctions in relation
to distribution of child pornography through computer systems (A9)
It requires laws compelling service providers to maintain real-time usage logs in relation
to particular communications (A20), and intercept data (A21).
It requires States to 'establish jurisdiction' over offences covered by the Convention
which are committed by its nationals in other countries, which are covered under the
criminal law of the country where committed (A23). (For example, if an Australian, in
Australia, commits an offence which breaches a computer crime law of the People's
Republic of China).
There are extensive provisions in Chapter III 'International Cooperation' concerning:
Extradition (Title 2): All offences covered by the Convention are automatically included
under existing extradition treaties by State parties (A25.2), and the Convention itself is
the legal basis for extradition in the absence of a treaty (A25.3);
Sharing of information and other forms of 'mutual assistance'
to identify computer criminals and secure evidence of their misdeeds.
The treaty came into force on the 1st of July 2005, after five members of the council
ratified it (Croatia, Albania, Estonia, Hungary and Lithuania). See:
http://news.zdnet.co.uk/itmanagement/0,1000000308,39149470,00.htm
Center for Democracy and Technology Cybercrime
(http://www.cdt.org/international/cybercrime) page contains links to many resources
concerning the Convention including much critical comment.
Global Internet Policy Initiative’s report Trust And Security In Cyberspace: The Legal
And Policy Framework for Addressing Cybercrime
(http://www.gipiproject.org/cybercrime/020800cybercrime.pdf) is a good paper on
international cybercrime law with a focus in the International Cybercrime Treaty
(particularly chapters 3 and 4)
The Treaty has received much criticism; primarily that it does not sufficiently
protect civil liberties. For a look at some of the shortcomings of the Treaty read:
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
06 - Cyberspace Law materials - Crime
Page 14
TreatyWatch’s Eight Reasons the International Cybercrime Treaty Should be Rejected
(http://www.treatywatch.org/TreatyProblems.html);
Cnet news article International cybercrime treaty finalized (http://news.com.com/21021001-268894.html)
The Computerworld article Controversial cybercrime treaty ready for signatures
(http://www.computerworld.com/securitytopics/security/story/0,10801,65521,00.html)
In 2011 the Australian Parliament started to deal with legislation that would change our
law to comply with the Convention, and thus later allow us to ratify it.
See the

Cyberspace Law and Policy Centre’s invited submissions in writing and
Hansard in late 2011
http://www.aph.gov.au/house/committee/jscc/cybercrime_bill/subs/sub20.pdf

the Cybercrime Legislation Amendment Bill 2011,

the joint committee’s
o
inquiry page,
o submissions list, and submissions
o later report (acknowledged submissions, recommended no action to fix
flaws identified),

the revised bill (if one is ever made) and

related coverage
for examples of law creation in action!
File: D:\106751476.doc Revision: 8 Date: 3 March, 2016
Related documents
Application Form
Application Form
Criminal Law Definitions Task
Criminal Law Definitions Task
Introduction to Criminal Law
Introduction to Criminal Law
Junior School Rules - Kabojja International School
Junior School Rules - Kabojja International School
Criminal Law Review
Criminal Law Review
Academic Offences for Students
Academic Offences for Students
information to be sent with application forms for all posts requiring a
information to be sent with application forms for all posts requiring a
law_pp_10
law_pp_10
INTERNATIONAL CRIMINAL LAW
INTERNATIONAL CRIMINAL LAW
Download
advertisement