Abstract
Disclosure of security vulnerabilities attracts many different types of legal sanction. The most severe sanction is that of criminal law. This chapter identifies the main criminal offences that would apply to disclosure. The Convention on Cybercrime is briefly explained. The Convention is the only international agreement in the area, and virtually all Western democracies have adopted measures similar to those found in the Convention. The most important provision is what is known as “computer offences” which is often used interchangeably with “hacking offences.” Australia will be used as a case study for the examination of “computer offences” along with more general criminal sanctions such as conspiracy, aiding and abetting/facilitation of a crime, and possession of hacking devices. Additionally, there is discussion around the importance of security research and public interest exemptions to computer offences. At present there are no exceptions to most forms of hacking and disclosure of security vulnerabilities. Elements of responsible disclosure are discussed at the end of the chapter. Tables are provided in Appendix A examining the provisions found in the Convention with the laws of certain jurisdictions including California and Federal US Law, Canada, Hong Kong, India, Japan and the UK.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See for example, The European Union passed the Framework Decision on Attacks Against the Information System 2005/222/JHA.
- 2.
This section of the monograph draws on work from [1].
- 3.
Model Criminal Code, Chapter 4 (January 2001), p. 104.
- 4.
MCC, above footnote 3.
- 5.
(2007) NSWIR Comm 73.
- 6.
(1996) NSWSC 55.
- 7.
(2008) NSWSC 1325.
- 8.
(1995) 43 NSWLR 243.
- 9.
(1999) NSWCCA 69.
- 10.
The decision was given in the Southwark Crow Court on 17/02/2012. The decision is not itself reported. Information was obtained through media stories. See BBC, “York Facebook hacking student Glenn Mangham jailed” 17 February, 2012.
- 11.
Mangham R v, Court of Appeal Criminal Division, EWCA 04/04/2012.
- 12.
[2].
- 13.
[3].
- 14.
R. v. Walker HC HAM CRI2008-0750711 [2008] NZHC 1114 (15 July 2008), p. 4.
- 15.
Footnote 14 above, p. 37.
- 16.
Footnote 14 above, p. 37.
- 17.
Footnote 14 above, p. 24.
- 18.
Walker likely installed adware other than DRsoftware onto user’s systems.
- 19.
Clayton v R [2006] HCA 58.
- 20.
McAuliffe v The Queen [1995] 183 CLR 108.
- 21.
Gillard v R [2003] HCA 64.
- 22.
Gillard, above, paras 117 and 118.
- 23.
Arora, footnote 16 in Chap. 1.
- 24.
Pandalabs was heavily involved in the takedown of the Mariposa botnet. Microsoft was heavily involved in the takedown of the Waledac botnet. Law enforcement and a number of international computer security organisations and university researchers aided Microsoft and Pandalabs in the takedown of these botnets. See Jeff Williams, ‘Dismantling Waledac’ on Microsoft Malware Protection Centre—Threat Research & Response Blog (25 February 2010) <http://blogs.technet.com/b/mmpc/archive/2010/02/25/dismantling-waledac.aspx>; Luis Corrons, ‘Mariposa Botnet’ on PandaLabs Blog (3 March 2010) <http://pandalabs.pandasecurity.com/mariposa-botnet/>. Technical blogs in the area of Internet security provide the most up-to-date information on security incidents. In this case, the blogs were written by those involved with the take-down of the botnets in question.
- 25.
For more information about Bennett Arron see http://en.wikipedia.org/wiki/Bennett_Arron (last accessed May 31, 2010).
- 26.
SBS, Insight “Stolen ID” available at http://news.sbs.com.au/insight/episode/index/id/30 (last accessed May 29, 2010).
- 27.
The judgment is unreported. A copy of the decision is accessible from private list-serves as well as from the webpages of SpamSuite.com. Sierra Corporate Design Inc. v. David Ritz, (2007) District Court, County of Cass, State of North Dakota, File No. op-05-C-01660 See www.spamsuit.com.com/node/351.
- 28.
The analysis is largely based on this article by the author [4].
- 29.
A detailed analysis of the case can be found on SpamSuite.com available at http://www.spamsuite.com/node/351.
- 30.
[5].
- 31.
Original idea expressed by Paul Ohm in the cyberprof list serve.
- 32.
See Orin Kerr’s seminal article on unauthorised access [6].
- 33.
E360 Insight, LLC et al. v. The Spamhaus Projec,t US District Court, Norther District of Illinois, 13 September 2006 (Case no. 06 C 3958). Access to default judgment at http://www.spamhaus.org/archive/legal/Kocoras_order_to_Spamhaus.pdf.
- 34.
Messmer 2006.
- 35.
1-800 Contacts v WhenU., 1-800 Solutions v. Zone Labs, Cassav (CasinoOnNet) v Sunbelt Software, Claria (Gator) v Internet Advertising Bureau.
References
Maurushat A (2010) Australia’s accession to the cybercrime convention: is the convention relevant in combating cybercrime in the era of botnets and obfuscation crime tools? 16(1)
Protalinkski E (2012) British student jailed for hacking into Facebook. 18 Feb 2012 available at http://www.zdnet.com/blog/facebook/british-student-jailed-for-hacking-into-facebook/9244
Mangham G (2012) The Facebook Hack: What Really Happened. 23 April, 2012 available at http://gmangham.blogspot.co.uk/2012/04/facebook-hack-what-really-happened.html
Maurushat A, Yu R (2009) When internet protocols and legal provisions collide: unauthorised access and sierra v. Ritz. Comput Law Secur Rev 25(2):185–188
Rash M (2008) Mother, May I. available at http://www.securityfocus.com/print/columnists/463. (last Accessed 29 Jan 2008)
Kerr O (2003) Cybercrime’s scope: interpreting ‘access’ and ‘authorization’ in computer misuse statutes. NY Univ Law Rev 78(3):1596–1668
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2013 The Author(s)
About this chapter
Cite this chapter
Maurushat, A. (2013). Criminal Offences: Unauthorised Access, Modification or Interference Comprovisions. In: Disclosure of Security Vulnerabilities. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-5004-6_4
Download citation
DOI: https://doi.org/10.1007/978-1-4471-5004-6_4
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-5003-9
Online ISBN: 978-1-4471-5004-6
eBook Packages: Computer ScienceComputer Science (R0)