Skip to main content
SpringerLink
Log in

Criminal Offences: Unauthorised Access, Modification or Interference Comprovisions

  • Chapter
  • First Online:
Disclosure of Security Vulnerabilities

Part of the book series: SpringerBriefs in Cybersecurity ((BRIEFSCYBER))

  • 1536 Accesses

Abstract

Disclosure of security vulnerabilities attracts many different types of legal sanction. The most severe sanction is that of criminal law. This chapter identifies the main criminal offences that would apply to disclosure. The Convention on Cybercrime is briefly explained. The Convention is the only international agreement in the area, and virtually all Western democracies have adopted measures similar to those found in the Convention. The most important provision is what is known as “computer offences” which is often used interchangeably with “hacking offences.” Australia will be used as a case study for the examination of “computer offences” along with more general criminal sanctions such as conspiracy, aiding and abetting/facilitation of a crime, and possession of hacking devices. Additionally, there is discussion around the importance of security research and public interest exemptions to computer offences. At present there are no exceptions to most forms of hacking and disclosure of security vulnerabilities. Elements of responsible disclosure are discussed at the end of the chapter. Tables are provided in Appendix A examining the provisions found in the Convention with the laws of certain jurisdictions including California and Federal US Law, Canada, Hong Kong, India, Japan and the UK.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See for example, The European Union passed the Framework Decision on Attacks Against the Information System 2005/222/JHA.

  2. 2.

    This section of the monograph draws on work from [1].

  3. 3.

    Model Criminal Code, Chapter 4 (January 2001), p. 104.

  4. 4.

    MCC, above footnote 3.

  5. 5.

    (2007) NSWIR Comm 73.

  6. 6.

    (1996) NSWSC 55.

  7. 7.

    (2008) NSWSC 1325.

  8. 8.

    (1995) 43 NSWLR 243.

  9. 9.

    (1999) NSWCCA 69.

  10. 10.

    The decision was given in the Southwark Crow Court on 17/02/2012. The decision is not itself reported. Information was obtained through media stories. See BBC, “York Facebook hacking student Glenn Mangham jailed” 17 February, 2012.

  11. 11.

    Mangham R v, Court of Appeal Criminal Division, EWCA 04/04/2012.

  12. 12.

    [2].

  13. 13.

    [3].

  14. 14.

    R. v. Walker HC HAM CRI2008-0750711 [2008] NZHC 1114 (15 July 2008), p. 4.

  15. 15.

    Footnote 14 above, p. 37.

  16. 16.

    Footnote 14 above, p. 37.

  17. 17.

    Footnote 14 above, p. 24.

  18. 18.

    Walker likely installed adware other than DRsoftware onto user’s systems.

  19. 19.

    Clayton v R [2006] HCA 58.

  20. 20.

    McAuliffe v The Queen [1995] 183 CLR 108.

  21. 21.

    Gillard v R [2003] HCA 64.

  22. 22.

    Gillard, above, paras 117 and 118.

  23. 23.

    Arora, footnote 16 in Chap. 1.

  24. 24.

    Pandalabs was heavily involved in the takedown of the Mariposa botnet. Microsoft was heavily involved in the takedown of the Waledac botnet. Law enforcement and a number of international computer security organisations and university researchers aided Microsoft and Pandalabs in the takedown of these botnets. See Jeff Williams, ‘Dismantling Waledac’ on Microsoft Malware Protection CentreThreat Research & Response Blog (25 February 2010) <http://blogs.technet.com/b/mmpc/archive/2010/02/25/dismantling-waledac.aspx>; Luis Corrons, ‘Mariposa Botnet’ on PandaLabs Blog (3 March 2010) <http://pandalabs.pandasecurity.com/mariposa-botnet/>. Technical blogs in the area of Internet security provide the most up-to-date information on security incidents. In this case, the blogs were written by those involved with the take-down of the botnets in question.

  25. 25.

    For more information about Bennett Arron see http://en.wikipedia.org/wiki/Bennett_Arron (last accessed May 31, 2010).

  26. 26.

    SBS, Insight “Stolen ID” available at http://news.sbs.com.au/insight/episode/index/id/30 (last accessed May 29, 2010).

  27. 27.

    The judgment is unreported. A copy of the decision is accessible from private list-serves as well as from the webpages of SpamSuite.com. Sierra Corporate Design Inc. v. David Ritz, (2007) District Court, County of Cass, State of North Dakota, File No. op-05-C-01660 See www.spamsuit.com.com/node/351.

  28. 28.

    The analysis is largely based on this article by the author [4].

  29. 29.

    A detailed analysis of the case can be found on SpamSuite.com available at http://www.spamsuite.com/node/351.

  30. 30.

    [5].

  31. 31.

    Original idea expressed by Paul Ohm in the cyberprof list serve.

  32. 32.

    See Orin Kerr’s seminal article on unauthorised access [6].

  33. 33.

    E360 Insight, LLC et al. v. The Spamhaus Projec,t US District Court, Norther District of Illinois, 13 September 2006 (Case no. 06 C 3958). Access to default judgment at http://www.spamhaus.org/archive/legal/Kocoras_order_to_Spamhaus.pdf.

  34. 34.

    Messmer 2006.

  35. 35.

    1-800 Contacts v WhenU., 1-800 Solutions v. Zone Labs, Cassav (CasinoOnNet) v Sunbelt Software, Claria (Gator) v Internet Advertising Bureau.

References

  1. Maurushat A (2010) Australia’s accession to the cybercrime convention: is the convention relevant in combating cybercrime in the era of botnets and obfuscation crime tools? 16(1)

    Google Scholar 

  2. Protalinkski E (2012) British student jailed for hacking into Facebook. 18 Feb 2012 available at http://www.zdnet.com/blog/facebook/british-student-jailed-for-hacking-into-facebook/9244

  3. Mangham G (2012) The Facebook Hack: What Really Happened. 23 April, 2012 available at http://gmangham.blogspot.co.uk/2012/04/facebook-hack-what-really-happened.html

  4. Maurushat A, Yu R (2009) When internet protocols and legal provisions collide: unauthorised access and sierra v. Ritz. Comput Law Secur Rev 25(2):185–188

    Article  Google Scholar 

  5. Rash M (2008) Mother, May I. available at http://www.securityfocus.com/print/columnists/463. (last Accessed 29 Jan 2008)

  6. Kerr O (2003) Cybercrime’s scope: interpreting ‘access’ and ‘authorization’ in computer misuse statutes. NY Univ Law Rev 78(3):1596–1668

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Law, The University of New South Wales, Anzac Parade, Kensington, Sydney, 2052, NSW, Australia

    Alana Maurushat

Authors
  1. Alana Maurushat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alana Maurushat .

Rights and permissions

Reprints and permissions

Copyright information

© 2013 The Author(s)

About this chapter

Cite this chapter

Maurushat, A. (2013). Criminal Offences: Unauthorised Access, Modification or Interference Comprovisions. In: Disclosure of Security Vulnerabilities. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-5004-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-5004-6_4

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-5003-9

  • Online ISBN: 978-1-4471-5004-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation