Police neither confirm nor deny using electronic hacking methods

In the present state of the law, online gathering of evidence is illegal, says national manager of criminal investigations

Remote gathering of evidence by covert access to a suspect’s computer is not in the same legally ambiguous territory as currently controversial covert video surveillance, say police — it is currently illegal; but nonetheless they decline to confirm or deny that they are doing it.

The exact conditions under which electronic remote access to evidence can be authorised under the Search and Surveillance Bill — currently at second-reading stage — are still not clearly stated in the text of the Bill itself.

However, the justice and electoral select committee’s amendments have added some procedural details, including a requirement to notify the computer’s owner of the access after it has been done and to list any items copied, as would be done with the exercise of a search warrant on physical premises.

Police national manager of criminal investigations, detective superintendent Rod Drew, declined to comment on the Search and Surveillance Bill, directing Computerworld to the select committee.

However, in the present state of the law, online gathering of evidence is illegal, he says. It is different from covert video surveillance, on which the law was judged to be silent before the Supreme Court decision banning it last month.

“The law does specifically prohibit people from accessing a computer system dishonestly or by deception, by any means without consent or legislative authority.

“This is a crime punishable by imprisonment under Section 249 of the Crimes Act 1961. So for example putting spyware in a computer is illegal,” says Drew.

“Police do have provisions under the law in which they can remotely access computer systems to locate data etcetera,” he adds. “This is under Section 198 and 198B [of the Summary Proceedings Act],” slated for transfer to the Search and Surveillance legislation. “However use of these provisions is tightly controlled,” he says.

That section empowers police or other law-enforcement investigators to compel a “person with knowledge” to disclose methods of access to a computer system, including passwords and encryption keys. Critics have attacked the provision as eroding the right to silence and immunity from self-incrimination.

However, asked whether there are any current cases which rely on evidence gained by online remote access to a suspect’s computer; or any current investigations where such access is being used to gather evidence, Drew replies: “We cannot discuss any current investigations for obvious reasons. I am unable to say whether there are any cases in which such evidence is included currently before the court.”

Civil-rights lawyer Michael Bott points out that illegality of an investigatory technique need not be an absolute bar to use of the evidence gained.

Under Section 30 of the Evidence Act, any breach of law entailed by the investigation is weighed against the seriousness of the offence being investigated.

This was the reason for the Supreme Court’s rejection of the case against some of the political activists detained in the Urewera raids of October 2007, but not others, charged with more serious offences, he says.

The select committee considering the Search and Surveillance Bill said in its report after the first reading that remote access should be confined to cases where physical access to the computer concerned is impossible or there is imminent risk that evidence will be destroyed. However, these conditions are not currently included in the text of the Bill itself.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments