Perhaps 80% of hackers are likely to be immune from the revised Crimes Act, which is touted as an anti-hacking law.
The Crimes Amendment Bill, passed on Friday, introduced a number of computer-related crimes to the New Zealand statute books for the first time, including accessing a computer system for a dishonest purpose; damaging or interfering with a computer system; making, selling or distributing or possessing software for committing a crime; and accessing a computer system without authorisation.
It’s this last infringement, referred to as Section 253, that’s causing concern in the legal fraternity. District court judge David Harvey (pictured) points out in a just-published book on internet-related law that those with authorisation cannot be convicted under the bill of illegally accessing a computer system.
“The [Crimes Amendment] bill does not criminalise the abuse of computer systems by employees who, although authorised to access the organisation’s computer, use it in an unauthorised manner.”
Such insider hacking accounts for 73% of the “risk to computer security” according to a UN study quoted in the book.
Auckland IT lawyer Mark Copeland says while that’s of a concern, other provisions of the act can be brought into play.
“I wouldn’t expect the enforcement agencies to immediately rush to use these new crimes when existing crimes fit the bill. It would depend on the severity of the offence.”
Copeland describes the act as a “step forward” but says he would like some of the offences to be “couched in wider terms” to allow for new technology. Copeland says the act is sure to undergo modification as provisions are put to the real-world test.