New Zealand's first hacker case will provide enough of a precedent to offer legal protection in straightforward hacking or website defacement cases, but for more complex issues a new law is needed, says Auckland-based IT lawyer Averill Parkinson.
Andrew Garrett was accused of 10 counts relating to the unauthorised use of passwords to various internet service provider (ISP) accounts. A jury in the Manukau District Court found him guilty this week on five counts, four of reproducing a document with the intention of defrauding and one count of threatening to damage property. But the jury couldn't reach a verdict in the other five counts - four counts of fraud and one of wilful damage. A retrial has been ordered by Judge David Harvey, but the crown prosecutor has yet to decide whether to proceed.
"It all comes down to intention and proving that he intended to commit fraud and the jury decided that wasn't proven," says Parkinson, who is a partner with the law firm Clendon Feeney. Garrett used an application called Back Orifice to copy ISP users' passwords.
"They could prove he downloaded Back Orifice but couldn't prove he obtained the password with the intention of defrauding anyone."
The Crimes Amendment Bill (number six) is currently before a select committee and it specifically covers issues like hacking and the misuse of computers. Parkinson says this law is still needed because having half the counts not ruled on means there isn't enough precedent to help in more complex cases.
In this case, for example, Parkinson says the decision was based on laws first written hundreds of years ago and the court heard about "magnetic particles" and whether they could be damaged rather than a more modern interpretation.