Griffith said in 2011 an inter-ministerial committee began developing a national cyber security strategy, which was approved in 2012. He said it would be an offence if anyone intentionally and without lawful excuse or justification accessed a computer system to secure data.
“We can recall recent matters where information is just received and then extracted. This can go a long way to eliminate the concept we’ve seen now, of mailbox politics, whereby information just comes to people, they make an announcement and then you need to know, ‘Where did you get it from?’
“The protected legal interest in this regard is the integrity of the computer system. The need for criminalisation of such acts reflects the interests of operators of computer systems to run their systems in an undisturbed manner. This section essentially criminalises the mere unauthorised intrusion prior to the follow-up crimes such as data interferences.”
He added, “Additionally, ‘access’ in this context does not specify a certain means of communication, but is open-ended and facilitates further technical developments. It includes all means of entering a computer system, including internet attacks as well as illegal access to wireless networks. Even unauthorised access to a computer system that is not connected to any network is covered by this provision.”
Griffith said like most of the other offences listed in this bill, illegal access to a computer system could only be prosecuted if it happens “without lawful excuse or justification.” This requires that the offender acted without authority. This carries a fine of $300,000 and three years’ imprisonment on summary conviction and $500,000 and five years’ imprisonment on conviction on indictment.
Another clause seeks to create the offence of violating a person’s privacy by capturing and sharing pictures or videos of the person’s private area without their consent. Griffith said, “This is usually referred to as voyeurism. This offence carries a fine of $100 000 and two years’ imprisonment on summary conviction or a fine of $500,000 and three years’ imprisonment on conviction on indictment.”
The clause on harassment through the use of electronic means with the intent to cause emotional distress for both adults and minors, he said, “seeks to treat with harassment, cyberbullying, damage to reputation and extortion via the use of a computer system.” This would carry a fine of $100,000 and three years’ imprisonment on summary conviction or $250,000 and five years’ imprisonment on conviction on indictment.
Another clause seeks to criminalise the act of sending multiple e-mail messages—spam—that are unsolicited. “For this to apply, the electronic mail messages must be sent to more than 500 recipients at a time and must cause harm to a person or damage to a computer,” Griffith explained. Other clauses seek to impose heavier penalties with a focus on acts which affect critical state infrastructure, from security to utilities. Computer fraud for economic benefit carries a $1 million fine and five years’ imprisonment.