Cybercrime / Computer Crime Legislation

Last Updated: 30 Nov 2001

"The public good is in nothing more essentially interested, than in the protection of every individual's private rights."

-  Sir William Blackstone 1783


Cybercrime Act 2001

The Commonwealth Cybercrime Bill 2001 was tabled in the House of Representatives on 27 June 2001. The Senate Senate Legal and Constitutional Legislation Committee was asked to undertake an inquiry into the Bill and the Committee's Report was issued in August. The Bill was approved by the Parliament with minor amendments on 27 September 2001.

The legislation is an overbroad knee-jerk reaction to recent well-publicised virus attacks, and has the potential to criminalise innocent behaviour such as possession of security software. It also introduces an alarming law enforcement provision requiring release of encryption keys or decryption of data, contrary to the common law privilege against self-incrimination.

The Australian government seems intent on maintaining its reputation for implementing excessive and overbroad online laws. The Cybercrime Bill implements the substantive law provisions of Articles 2-6 of the CoE Convention, and the search and seizure provisions of Article 19.

The resemblance of provisions in the Bill to the CoE Convention is no mere coincidence. The Bill implements section 4.2 of the Model Criminal Code (MCC) which was released in January 2001. The MCC report clearly states that its recommendations are based on the draft CoE Convention (as at December 2000). They have even included the ridiculous "possession of data with intent" provision of Article 6.1.b.

More info on the Bill and the inquiry:

Detailed EFA Commentary on the Bill

Senate Legal and Constitutional Legislation Committee Inquiry into the Provisions of the Cybercrime Bill 2001:

Bills Digest, Parliamentary Library Publication, 10 Sep 2001

Parliament Hansard:

Explanatory Memorandum to the Cybercrime Bill 2001

CoE Cybercrime Convention, final, 23 November 2001.
Final draft, 29 June 2001
Final version, 23 November 2001

Australian Model Criminal Code. (Refer Chapter 4 - Damage and Computer Offences - Report, January 2001)

The offences covered (implemented in the Cybercrime Bill as s.477.1 to 478.4 of the Criminal Code Act) are:

  • Unauthorised access, modification or impairment to commit a serious offence
  • Unauthorised modification of data to cause impairment
  • Unauthorised impairment of electronic communications.
  • Possession of data with intent to commit computer offence (described as "akin to the more familiar offences of 'going equipped for stealing' or possession of an offensive weapon").
  • Supply of data with intent to commit a computer offence
  • Unauthorised access to restricted data.
  • Unauthorised impairment of data held in a computer disk, credit card, etc.

Law Enforcement provision of the Cybercrime Bill
(implemented as an amendment to Crimes Act)

The law enforcement provision implements CoE Article 19.4 (requiring release of encryption keys or decryption of data, contrary to the common law privilege against self-incrimination).

s.3LA Person with knowledge of a computer or a computer system to assist access etc.
(1) The executing officer may apply to a magistrate for an order requiring a specified person to provide any information or assistance that is reasonable and necessary to allow the officer to do one or more of the following:
(a) access data held in, or accessible from, a computer that is on warrant premises;
(b) copy the data to a data storage device;
(c) convert the data into documentary form.
(2) The magistrate may grant the order if the magistrate is satisfied that:
(a) there are reasonable grounds for suspecting that evidential material is held in, or is accessible from, the computer, and
(b) the specified person is:
(i) reasonably suspected of having committed the offence stated in the relevant warrant; or
(ii) the owner or lessee of the computer; or
(iii) an employee of the owner or lessee of the computer; and
(c) the specified person has knowledge of:
(i) the computer or a computer network of which the computer forms a part; or
(ii) measures applied to protect data held in, or accessible from, the computer.
(3) the person commits an offence if the person fails to comply with the order.
Penalty: 6 months imprisonment

State/Territory Computer Crime Legislation

All Australian State and Territory Governments are understood to be intending to implement the computer related offences of the Australian Model Criminal Code (refer Chapter 4 - Damage and Computer Offences).

The NSW Crimes Amendment (Computer Offences) Act 2001 was passed by the NSW Parliament in April 2001 and received Royal Assent in June 2001.