[Index] [Search] [Download] [Bill] [Help]
Crimes (Property Damage and Computer Offences) Bill Circulation Print EXPLANATORY MEMORANDUM PART 1--PRELIMINARY Clause 1 states that the main purpose of the proposed Act is-- · to amend the Crimes Act 1958 to create offences relating to bushfires, computers and sabotage; and · to amend the Bail Act 1977 to include the offence of arson causing death as an offence in respect of which there is a presumption against bail. Clause 2 provides that the proposed Act comes into operation on the day after the day on which it receives the Royal Assent. Clause 3 provides that in the proposed Act, the Crimes Act 1958 is called the Principal Act. PART 2--AMENDMENTS TO THE CRIMES ACT 1958 Clause 4 inserts a new section 201A into the Principal Act. New section 201A(1) creates a new bushfire offence based on the model bushfire offence in Chapter 4 of the Model Criminal Code Officers Committee Report titled "Damage and Computer Offences", published in January 2001. New section 201A(1) makes it an offence for a person to-- · intentionally or recklessly cause a fire; and · be reckless as to the spread of the fire to vegetation on property belonging to another person. This is an indictable offence punishable by a maximum penalty of 15 years' imprisonment. 1 541315 BILL LA CIRCULATION 13/9/2002
A person prosecuted under the new section 201A may also, in certain circumstances, be prosecuted for the offence of arson under section 197 of the Principal Act (for example, where a farm house and a state forest have been damaged by the same fire). New section 201A(2) identifies one circumstance in which a person will not be considered to be reckless as to the spread of fire. A person will not be taken to be reckless as to the spread of fire where the person-- · caused the fire in the course of carrying out a fire prevention, fire suppression or other land management activity; and · carried out that activity in accordance with a provision made by or under an Act or by a Code of Practice approved under an Act that applied to that activity; and · believed that his or her conduct in carrying out that activity was justified having regard to all of the circumstances. An example of a fire prevention activity is fuel reduction burning. A fire suppression activity includes activities such as burning-out of fuel between a control line and a fire front. Other land management activities include activities such as biodiversity management, silvicultural management, pest plant and pest animal management. New section 201A(3) provides that for the purposes of section 201A(2) it is sufficient if a person honestly believed that his or her conduct was justified. New sections 201A(2) and (3) will ensure that the offence will not apply to those persons who use fire in the circumstance identified. The court will still be free to consider other circumstances where a person may not be reckless as to the spread of fire. The common law standard for recklessness will continue to apply in these situations. New section 201A(4) provides that for the purposes of section 201A, a reference to "causing a fire" includes lighting a fire, maintaining a fire and failing to contain a fire, except where the fire was lit by another person or the fire is beyond the control of the person who lit the fire. The section also provides for the purposes of section 201A that the "spread of fire" means the spread of the fire beyond the capacity of the person who caused the fire to extinguish it. 2
Clause 5 inserts a new Subdivision (6) in Division 3 of Part I of the Principal Act (new sections 247A-247I). New Subdivision (6) in Division 3 creates seven new computer offences based on the model computer offences in Chapter 4 of the Model Criminal Code Officers Committee Report titled "Damage and Computer Offences", published in January 2001. New section 247A(1) defines the terms "access", "data", "data held in a computer", "data storage device", "electronic communication", "impairment", "modification", "serious computer offence" and "unauthorised computer function" used in Subdivision (6). The term "access" in relation to data held in a computer means-- · the display of the data by the computer or any other output of the data from the computer; or · the copying or moving of the data to any other place in the computer or to a data storage device; or · the execution of a program. The term "data" includes information in any form and any program or part of a program. The term "data held in a computer" includes data entered or copied into the computer, data held in any removable data storage device for the time being in the computer and data held in a data storage device on a computer network of which the computer forms part. The term "data storage device" means any thing (for example, a disk or file server) containing or designed to contain data for use by a computer. The term "electronic communication" means a communication of information in any form by means of guided or unguided electromagnetic energy. The term "impairment" in relation to electronic communication to or from a computer includes the prevention of any such communication and the impairment of any such communication on an electronic link or network used by the computer, but does not include a mere interception of any such communication. Mere interception is specifically excluded from constituting an impairment of an electronic communication. This would include interceptions authorised under the Commonwealth Telecommunications (Interception) Act 1979. 3
The term "modification" in relation to data held in a computer, means the alteration or removal of the data or an addition to the data. The term "serious computer offence" means-- · an offence against new section 247B (unauthorised access, modification or impairment with intent to commit serious offence), new section 247C (unauthorised modification of data to cause impairment) or new section 247D (unauthorised impairment of electronic communication); or · conduct in another jurisdiction that is an offence in that jurisdiction and that would constitute an offence against new section 247B, 247C or 247D if the conduct occurred in Victoria. The term "unauthorised computer function" means any of the following-- · any unauthorised access to data held in a computer; or · any unauthorised modification of data held in a computer; or · any unauthorised impairment of electronic communication to or from a computer. New section 247A(2) provides that a reference to access to data, modification of data or impairment of electronic communication is limited to access, modification or impairment caused (whether directly or indirectly) by the execution of a function of a computer. New section 247A(3) provides that access to data, modification of data or impairment of electronic communication is unauthorised if the person is not entitled to cause that access, modification or impairment. However, a person is not unauthorised merely because the person has an ulterior purpose for that action. Entitlement to cause the access to data, modification of data or impairment of electronic communications will include having express or implied permission or authorisation to cause such access, modification or impairment. For example, a person will be entitled if permission or authorisation (whether express or implied) is obtained by reason of a person's duty as an employee, sub-contractor or through some other identifiable arrangement. 4
However, a person will not be entitled if the permission or authorisation is obtained by deception or fraud. A person may still be entitled if the person has permission or authorisation, but uses the authorisation for an ulterior purpose. For example, if a person is authorised to access certain computer data so he or she can perform his or her duties, but instead accesses that data for the purpose of defrauding someone, that access is not unauthorised. If a person is entitled to make particular modifications to data but instead modifies the data in an unauthorised manner, that modification will be unauthorised. New section 247A(4) provides that a person causes an unauthorised computer function if the person's conduct substantially contributes to the unauthorised computer function. New section 247B(1) makes it an offence for a person to cause an unauthorised computer function. The person must know that the function is unauthorised and must have the intention of committing a serious offence or facilitating the commission of a serious offence (whether by the person or another person). This is an indictable offence punishable by a maximum penalty equal to the maximum penalty for the commission of the serious offence in Victoria. New section 247B(2) defines a "serious offence" to mean an offence in Victoria punishable on conviction for a first offence with imprisonment for a term of 5 years or more or an offence in any other jurisdiction that would be punishable on conviction for a first offence with imprisonment for a term of 5 years or more if committed in Victoria. New section 247B(3) provides that a person may be found guilty of an offence against the section even if committing the serious offence is impossible or whether the serious offence is to be committed at the time of the unauthorised conduct or at a later time. The offence covers situations where a person takes preparatory action to commit another offence, but the intended offence is not completed. For example, an offence may be committed where a person alters bank data in order to fraudulently obtain a financial gain to which he or she is not entitled. The offence may be committed whether or not the person obtains any financial gain. New section 247B(4) provides that it is not an offence to attempt to commit an offence against this section. 5
New section 247C makes it an offence for a person to cause any unauthorised modification of data held in a computer. The person must know that the modification is unauthorised, and must intend to impair access to, or the reliability, security or operation of, any data held in a computer or the person must be reckless as to any such impairment. This is an indictable offence punishable by a maximum penalty of 10 years' imprisonment. The offence does not require that data impairment actually occur and it covers situations such as-- · a hacker obtains unauthorised access to data or a program and then modifies data to cause impairment; or · a person circulates a disk containing a worm or virus which infects the target computer data or program through the actions of an innocent agent. This offence extends to impairment of data on computer disks and other data storage devices, where that disk or other storage device is held in a computer or is otherwise accessible by a computer. New section 247D makes it an offence for a person to cause any unauthorised impairment of electronic communication to or from a computer. The person must know that the impairment is unauthorised, and must intend to impair electronic communication or be reckless as to any such impairment. This is an indictable offence punishable by a maximum penalty of 10 years' imprisonment. The offence covers situations such as "denial of service attacks", where an email address or web site is inundated with a large volume of unwanted messages thus overloading the computer system and disrupting, impeding or preventing its functioning. New section 247E(1) makes it an offence for a person to possess or control data with the intention of committing a serious computer offence or facilitating the commission of a serious computer offence (whether by that person or another person). This is an indictable offence punishable by a maximum penalty of 3 years' imprisonment. New section 247E(2) provides that a reference to a person having possession or control of data includes a reference to a person-- · having possession of a computer or data storage device that holds or contains the data; and 6
· having possession of a document in which the data is recorded; and · having control of data held in a computer that is in the possession of another person (whether the computer is in Victoria or outside Victoria). New section 247E(3) provides that a person may be found guilty of an offence against section 247E(1) even if committing the serious computer offence is impossible. New section 247E(4) provides that it is not an offence to attempt to commit an offence against this section. This offence is akin to offences such as "going equipped for stealing". For example, a person may commit the offence if they possess a program which would enable him or her to launch a "denial of service attack" against a computer system and they intend to use the program for that purpose. Possession of data will include possession of tangible items such as a computer disk. However, possession will not include mere knowledge or information such as a password, unless it is recorded in some tangible form. The reference to control of data extends the application of the offence to people who have access to data without physical possession. However, control of data, unlike mere access to data, requires that there is control of that data because of some exclusivity of access. For example, a person may not have control of data if it is in the public domain. New section 247F(1) makes it an offence for a person to produce, supply or obtain data with the intention of committing a serious computer offence or facilitating a serious computer offence (whether by that person or another person). This is an indictable offence punishable by a maximum penalty of 3 years' imprisonment. New section 247F(2) provides that for the purposes of section 247F, a reference to a person producing, supplying or obtaining data includes a reference to the person-- · producing, supplying or obtaining data held in a computer or contained in a data storage device; and · producing, supplying or obtaining a document in which the data is recorded. New section 247F(3) provides that a person may be guilty of an offence against the section even if committing the serious offence is impossible. 7
The offence covers situations such as where a person devises, propagates or publishes computer programs which are intended for use in the commission of a serious computer offence, as defined in new section 247A. New section 247G(1) makes it an offence for a person to cause unauthorised access to, or modification of, restricted data held in a computer. The person must know that the access or modification is unauthorised and must intend to cause the access or modification. This is a summary offence punishable by a maximum penalty of 2 years' imprisonment. New section 247G(3) defines "restricted data" as meaning data held in a computer to which access is restricted by an access control system associated with a function of the computer. For example, a person may commit an offence if he or she by- passed an access control system, such as a password or other security feature. Since the offence is limited to restricted data, the offence will not apply to innocuous conduct such as using another person's computer game without permission, provided that the computer game is not restricted by an access control system. New section 247H(1) makes it an offence for a person to cause any unauthorised impairment of the reliability, security or operation of data held on a computer disk, credit card or other device used to store data by electronic means. The person must know that the impairment is unauthorised and must intend to cause the impairment. This is a summary offence punishable by a maximum penalty of 2 years' imprisonment. This offence is a less serious version of the offence of unauthorised modification of data to cause impairment in new section 247C. This offence applies to data stored electronically on disks, credit cards or other devices used to store data by electronic means (for example tokens or tickets). New section 247H is designed to cover impairment of data caused, for example, by physical attack. New section 247H(3) provides that for the purposes of section 247H impairment of the reliability, security or operation of data is unauthorised if the person is not entitled to cause the impairment. 8
New section 247I(1) provides that it is immaterial that some or all of the conduct constituting an offence against Subdivision (6) occurred outside Victoria, so long as the computer or device used to store data by electronic means affected by the conduct was in Victoria at the time at which the conduct occurred. New section 247I(2) provides that it is immaterial that the computer or device used to store data by electronic means affected by some or all of the conduct constituting an offence against Subdivision (6) was outside Victoria at the time the conduct occurred, so long as that conduct occurred in Victoria. This means that the offences in Subdivision (6) will apply not only to crimes committed wholly within Victoria, but also in appropriate cases where either some of the conduct which comprises the offence occurs outside Victoria or the target computer or device used to store data by electronic means that is harmed is located outside Victoria. Clause 6 inserts a new Subdivision (7) in Division 3 of Part 1 of the Principal Act (new sections 247J-247L). New Subdivision (7) in Division 3 creates two new sabotage offences based on the model sabotage offences in Chapter 4 of the Model Criminal Code Officers Committee Report titled "Damage and Computer Offences", published in January 2001. New section 247J defines the terms "property offence", "public facility", "unauthorised computer function" and "damage" used in Subdivision (7). The term "property offence" means-- · an offence in Subdivision (1) of Division 3 (Criminal Damage to Property) or Division 4 (Contamination of Goods) of Part I of the Principal Act; or · conduct in another jurisdiction that is an offence in that jurisdiction and that would constitute an offence against Subdivision (1) of Division 3 or Division 4 of Part I of the Principal Act if the conduct occurred in Victoria. The term "public facility" means (whether publicly or privately owned)-- · a government facility, including premises used by government employees in connection with official duties; 9
· a public infrastructure facility, including a facility providing or distributing water, sewerage, energy, fuel, communication or other services to, or for the benefit of, the public; · a public information system, including a system used to generate, send, receive, store or otherwise process electronic communications; · a public transport facility, including a conveyance used to transport people or goods; or · a public place, including any premises, land or water open to the public. The term "unauthorised computer function" has the same meaning as in new Subdivision (6) of Division 3 of Part I of the Principal Act. The term "damage" in relation to a public facility means causing damage to the facility or any part of the facility or causing disruption to the use or operation of the facility. New section 247J(3) provides that a person causes damage or disruption for the purposes of Subdivision (7), if the person's conduct substantially contributes to the damage or disruption. New section 247K(1) makes it an offence for a person to damage a public facility by committing a property offence or by causing an unauthorised computer function with the intention of causing-- · major disruption to government functions, or · major disruption to the use of services by the public, or · major economic loss. This is an indictable offence punishable by a maximum penalty of 25 years' imprisonment. It is necessary that a person has an intention to cause major disruption or major economic loss. Where there is an absence of intention to cause major disruption or economic loss, other offences under the Principal Act such as damaging or destroying property may apply. 10
New section 247L(1) makes it an offence for a person to make to another person a threat to damage a public facility by committing a property offence or by causing an unauthorised computer function. The person who makes the threat must intend the other person to fear that the threat will be carried out and will cause-- · major disruption to government functions, or · major disruption to the use of services by the public, or · major economic loss. This is an indictable offence punishable by a maximum penalty of 15 years' imprisonment. New section 247L(2) provides that the prosecution is not required to prove that the person threatened actually feared that the threat would be carried out. New section 247L(3) provides that for the purposes of section 247L a threat may be made by any conduct and may be explicit or implicit and conditional or unconditional. A threat to a person includes a threat to a group of persons and fear that a threat will be carried out includes apprehension that it will be carried out. Clause 7 inserts new sections 428 and 429 into the Principal Act. New section 428 provides alternative verdicts for charges of unauthorised modification of data to cause impairment under new section 247C. The alternative verdicts are the offences of destroying or damaging property under section 197(1) of the Principal Act and the offence of unauthorised impairment of electronic communications under new section 247D. Both of these offences provide for a maximum penalty of 10 years' imprisonment. New section 429 provides alternative verdicts for charges of unauthorised impairment of electronic communication under new section 247D. The alternative verdicts are the offences of destroying or damaging property under section 197(1) of the Principal Act and the offence of unauthorised modification of data to cause impairment under new section 247C. Both of these offences provide for a maximum penalty of 10 years'` imprisonment. 11
Clause 8 makes a consequential amendment to the Principal Act. The amendment provides that the new offences under new section 201A (intentionally or recklessly causing a bushfire), new section 247K (sabotage) and new section 247L (threats to sabotage) are forensic sample offences for the purposes of the Principal Act. Clause 9 inserts a transitional provision into the Principal Act. New section 597 provides that the amendments made to the Principal Act by this proposed Act apply only to offences alleged to have been committed on or after the commencement of this proposed Act. Further, where an offence is alleged to have been committed between two dates, one before and one after the commencement of this proposed Act, then the offence is alleged to have been committed before that commencement. PART 3--AMENDMENTS TO THE BAIL ACT 1977 AND OTHER CONSEQUENTIAL AMENDMENTS Clause 10 amends section 4(4) of the Bail Act 1977. The amendment inserts the offence of arson causing death under section 197A of the Principal Act into section 4(4) of the Bail Act 1977. As a result, a court will be required to refuse bail where an accused is charged with arson causing death, unless the person can "show cause" as to why bail should be granted. Clause 11 inserts a transitional provision, new section 34(5), into the Bail Act 1977. New section 34(5) provides that the amendments made to Bail Act 1977 by this proposed Act apply only to a charge for an offence filed on or after the commencement of this proposed Act. Clause 12 makes a consequential amendment to the Magistrates' Court Act 1989. The amendment inserts new item 37A into Schedule 4 to the Magistrates' Court Act 1989, to provide that the following offences under the new sections inserted by this proposed Act are indictable offences which may be heard and determined summarily-- · section 247B of the Principal Act (unauthorised access, modification or impairment with intent to commit serious offence) where the maximum penalty does not exceed level 5 imprisonment; and · section 247E of the Principal Act (possession of data with intent to commit serious computer offence); and 12
· section 247F of the Principal Act (producing, supplying or obtaining data with intent to commit serious computer offence). Clause 13 makes a consequential amendment to the Sentencing Act 1991. The amendment inserts the offence under new section 201A of the Principal Act (intentionally or recklessly causing a bushfire) as an offence for which a person may be sentenced under the Sentencing Act 1991 as a serious offender. Clause 14 inserts a transitional provision, new section 127, into the Sentencing Act 1991. New section 127 provides that amendments made to the Sentencing Act 1991 by this proposed Act apply only to offences alleged to have been committed on or after the commencement of this proposed Act. Further, where an offence is alleged to have been committed between two dates, one before and one after the commencement of this proposed Act, then the offence is alleged to have been committed before that commencement. Clause 15 repeals section 9A of the Summary Offences Act 1966. Section 9A prohibits gaining access to, or entering, a computer system or part of a computer system without lawful authority. Section 9A is outdated and does not adequately cover new opportunities and avenues for the commission of computer crime. Section 9A will be replaced by the new computer offences inserted by this proposed Act into the Principal Act. 13