Telecom appears to have sparked an unexpected addition to the Crimes Amendment No 6 Bill covering the possession of technology for hacking or interception.
As reported back from the law and order select committee late last month, a new section, numbered 252, prohibits “making, selling or distributing or possessing software for committing crime”. It is placed immediately before the much-discussed provisions on unauthorised access to computer systems.
The new provision appeared as a result of a submission to the select committee from Telecom, says Michael Wilkinson, parliamentary officer for select committees. A reference to the desirability of such a clause appears in Telecom’s submission on the bill. The clause has had no chance to be debated publicly, but this quite often happens in the progress of a bill through parliament, Wilkinson says. The bill has yet to come back to parliament, giving MPs a chance to comment on this and other new clauses, he says.
The section imposes a maximum two-year prison term on “everyone … who invites another person to acquire from him or her … or offers or exposes for sale or supply … or has in his or her possession for the purposes of sale or supply to any other person any software or other information that would enable another person to access a computer system without authorisation.”
The provision covers software whose principal purpose the owner knows to be the commission of a crime, but also “that he or she holds out as being useful for the commission of a crime, whether or not he or she also holds it out as being useful for any other purpose”. This covers software advertised for a legitimate purpose with hints that it may be useful for hacking.
The “other information” provision appears to cover the unauthorised distribution of passwords or digital certificates.
As well as software intended specifically for hacking or interception, “software that would enable [the possessor] to access a computer system without authorisation” is covered, providing that the possessor intends to commit a crime with it.
Sue Leader, executive director of InternetNZ (formerly ISOCNZ) said last week that the working group that prepared the ISOCNZ submission was examining the latest version of the bill. Some concern has been expressed in internet circles that the select committee has not narrowed the definition of “interception device” to exclude ordinary network equipment, as ISOCNZ recommended. Similar reservations may attach to the software provision.
Averill Parkinson, partner at solicitors Clendon Feeney, says the section is appropriate, provided it is limited — as it appears — to the crime of unauthorised access. If it had been extended to crime in general, as the heading suggests, it might have raised more issues, she says, in such areas as copyright, where there is a more delicate balance of rights between author and user.
It can be difficult to prove intent in such a case, Parkinson says. If intent of unauthorised access were demonstrated, then possessing a generally useful tool such as Norton’s PCanywhere, intended to facilitate authorised communication with another PC, could be an offence.