Cybercrime Series Part 2 - Other Commonwealth computer offences

Cybercrime Series Part 2 - Other Commonwealth computer offences

christopher-gower-m_HRfLhgABo-unsplash_opt.jpg

The Commonwealth Criminal Code categorises Computer offences into two categories: Serious computer offences and Other computer offences.

 So, in the first article in this series, we took a look at Serious computer offences under the Criminal Code. In this second part, we will dive into the other computer offences under the Code. 

Other computer offences       

There are four offence provisions in this Division of the Code. They are:

  1. Unauthorised access to, modification of, restricted data – section 478.1

  2. Unauthorised impairment of data held on a computer disk etc – section. 478.2

  3. Possession or control of data with intent to commit a computer offence – section 478.3

  4. Producing, supplying or obtaining data with intent to commit a computer offence – section 478.4

These offences echo those under Serious computer offences to some extent but provide for lessor maximum penalties.

Unauthorised access to, or modification of, restricted data

In a prosecution against the section, the prosecution has to prove the following beyond reasonable doubt:

  • A person caused any unauthorised access to or modification of restricted data;

  • The person intends to do that; and

  • The person knows the access or modification is unauthorised.

 Restricted data is defined in this section to mean data that is:

Held in a computer; and

Which is restricted by an access control system associated with a function of the computer.

 An example of this is, data which is held on a computer for which an individual password is required to be entered.

The maximum penalty for this offence is 2 years imprisonment. An example of this type of offence is known as “browsing” and involves a situation where a government employee for example, uses a password to access information that they do not need to access to undertake their job. 

Unauthorised impairment of data held on a computer disk etc

The prosecution needs to prove:

  • A person caused any unauthorised impairment of the reliability, security or operation of data held on, either, a computer disc, a credit card or another divide used to store data by electronic means; and

  • With the intention to cause that impairment; and

  • Knowing the the impairment was unauthorised.

The maximum penalty for this offence is 2 years imprisonment.

Possession or control of data with intent to commit a computer offence

The prosecution needs to prove these elements: 

  • A person has possession or control of data;

  • With the intention that the data be used by that person or someone else, in either

    • Committing,

    • or facilitating the commission of a Serious Computer Offence (that is an offence under Division 477 of the Code – see more info here).

A person can be found guilty of this offence even if the commission of a serious computer offence is impossible – BUT – a person cannot be found guilty if they simply attempt to commit an offence against this section. 

The offence provision defines “possession or control of data” to include:

Having possession of a computer or data storage that holds or contains data; or

Having possession of a document that records the data; or

Having control of data held in a computer that is in the possession of another person.

The definition section uses the word “include”. This means that the definition is not exhaustive and could potentially include other methods of possession not yet contemplated. 

The maximum penalty for this offence is 3 years imprisonment. 

Producing, supplying or obtaining data with the intent to commit a computer offence

This is the final computer offence provision in the Criminal Code.

For a successful prosecution against this section, the prosecution needs to prove:

  • A person supplies or obtains data;

  • With the intention that the data be used, either by themselves or another person to commit or facilitate the commission of a Serious Computer Offence. 

 Just like the preceding offence provision, an offence can be committed even if the serious computer offence would be impossible to commit – but, again, there is no offence if a person simply attempts to commit this offence. 

The section sets out that the “data” is data that is contained in a computer or a data storage device, or recorded in a document. 

The maximum penalty for this offence is 3 years imprisonment.

Indictable or summary prosecution

The Commonwealth Crimes Act 1914 gives us guidance on what makes an indictable offence and what is summary – that is, which offences are dealt with in the District and Supreme Court and which are finalised in the Local Court.

Section 4G sets out that any Commonwealth offence which has a maximum penalty of more than 12 months imprisonment or more is an indictable offence, unless a specific offence provision provides otherwise.

Section 4H sets out that offence that has either less than 12 months imprisonment as the maximum penalty or where the offence is not punishable by imprisonment, it is a summary offence – unless the offence provision provides otherwise.

There is a middle ground – offences which are indictable but can be dealt with summarily. Section 4J provides that an offence for which the maximum penalty does not exceed 10 years imprisonment can be dealt with in the Local Court if both the prosecution and the defendant agree to that happening. 

The computer offences above, fall into that middle ground category. If the prosecution and defendant agree, these matters can be dealt with and finalised in the Local Court. This is advantageous for a number of reasons, but mainly because it generally takes less time for matters to be finalised and importantly, the maximum penalty that would otherwise apply is reduced if the matter is dealt with summarily.

Generally speaking, for matters which have a maximum penalty of less than 5 years, the maximum is reduced in the Local Court to 12 months imprisonment or a fine of no more than 60 penalty units or both. Currently, 1 penalty unit for Commonwealth offences is $210. This is due to increase on 1 July 2020.

Where the maximum penalty for an offence is more than 5 years but not more than 10 years imprisonment, the maximum penalty is reduced to 2 years imprisonment or a fine of 120 penalty units or both.

 

Watch this space for more articles on cybercrime. We will cover NSW offences and other areas of cybercrime. To learn more about serious computer offences, click on Part 1 of this series.

If you have questions about computer offences or you have been charged or being investigated, contact us to discuss your matter on 02 8590 6084. Getting advice early can make a big a difference.

 This is a general guide only and does not constitute legal advice. 

 

Cybercrime Series - Commonwealth serious computer offences

Cybercrime Series - Commonwealth serious computer offences