House of Representatives

Cybercrime Legislation Amendment Bill 2011

Explanatory Memorandum

(Circulated by authority of the Attorney-General, the Honourable Robert McClelland MP)

SCHEDULE 3 - CRIMINAL CODE AMENDMENTS

Criminal Code Act 1995

The amendments in this Schedule will ensure the computer offences in Part 10.7 of the Criminal Code Act 1995 (Cth) are consistent with the obligations contained in Articles 2, 4 and 5 of the Council of Europe Convention on Cybercrime. These articles require parties to adopt legislative and other measures to establish as criminal offences:

access to a computer system without right (Article 2)
interference with data without right (Article 4), and
interference with the functioning of a computer system without right (Article 5).

The offences in Part 10.7, which are based on model laws developed by the Model Criminal Code Officers Committee in 2001, cover acts relating to illegal access, modification and impairment of computer data.

In their current form, the computer offences in the Criminal Code are restricted to conduct involving Commonwealth computers, Commonwealth data or the use of a carriage service. These limitations are not consistent with the obligations in the Convention. Although State and Territory offences provide some coverage for conduct which is excluded from the Commonwealth offences, some gaps remain. To ensure that Australia can meet the obligations under the Convention, this Schedule will remove the current restrictions on the computer offences in Part 10.7.

Ensuring that Commonwealth laws meet the obligations under Articles 2, 4 and 5 of the Convention, without reliance on State and Territory laws, will also ensure that the jurisdictional obligations in Article 22 of the Convention are fulfilled in respect of those offences. Article 22 of the Convention requires that parties adopt legislative or other measures to establish jurisdiction over the offences in Articles 2 to 11 of the Convention, when the offence is committed:

in its territory
on board a ship flying the flag of that party
on board an aircraft registered under the laws of that party, or
by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State.

State and Territory laws do not meet the jurisdictional obligations in Article 22 of the Convention.

Section 476.3 of the Criminal Code extends the jurisdiction of Part 10.7 to conduct which occurs wholly or partly in Australia, on board an Australian aircraft or Australian ship, and to the conduct of Australian nationals abroad in certain circumstances, thereby meeting the obligations in Article 22 of the Convention.

Item 1 - Subsection 476.1(1)

This item will repeal the definition of Commonwealth computer in subsection 476.1(1). As a result of the amendments in this Schedule, there will no longer be any reference to Commonwealth computers in Part 10.7 of the Criminal Code. The definition is therefore no longer required.

Items 2 and 3 - Subsections 477.1(1) and (2)

Subsection 477.1(1) provides that it is an offence to cause unauthorised access to data held within a computer, unauthorised modification of data held in a computer, or unauthorised impairment of electronic communication to or from a computer with intent to commit a serious offence (defined in section 477.1(9) to mean an offence that is punishable by imprisonment for life or a period of five or more years). However, paragraph 477.1(1)(b) currently limits the offence to situations where the unauthorised access, modification or impairment is caused by means of a carriage service. Subsection 477.1(2) applies absolute liability to paragraph 477.1(1)(b).

Item 2 will repeal paragraph 477.1(1)(b) to remove the existing requirement for a carriage service to have been used in the commission of the offence.

Item 3 will repeal subsection 477.1(2). Following the repeal of paragraph 477.1(1)(b) by item 2 of this Schedule, subsection 477.1(2) will be obsolete.

These amendments will ensure section 477.1 meets the obligations in Articles 2, 4 and 5 of the Convention relating to illegal access, data interference and system interference respectively, which are not limited to the interference caused by means of a carriage service.

Following the commencement of this Schedule, section 477.1 will capture a broader range of illegal conduct, such as the unauthorised access to data by means of a local network with an intent to commit a serious offence.

Item 4 - Subsections 477.1(4) and (5)

Subsection 477.1(4) provides that it is an offence to cause unauthorised access to data held within a computer, unauthorised modification of data held in a computer, or unauthorised impairment of electronic communication to or from a computer with intent to commit a serious Commonwealth offence. Subsection 477.1(5) provides that in a prosecution for an offence under subsection (3) (this is an error as the reference should be to subsection (4)), it is not necessary to prove that the defendant knew that the offence was an offence against a law of the Commonwealth or a serious offence.

Subsection 477.1(4) was necessary to capture situations where a carriage service was not used, but a person intended to, without authorisation, access, modify or impair data held in a computer with an intention to commit a serious Commonwealth offence.

This item will repeal subsections 477.1(4) and 477.1(5). These provisions concerning Commonwealth computers are no longer required as subsection 477.1(1), as amended in item 2, will now capture any unauthorised access, modification or impairment of data held in any computer with intent to commit a serious offence.

Items 5, 6 and 7 - Section 477.2

Subsection 477.2(1) provides that it is an offence to cause unauthorised modification of data held in a computer in order to impair access to that or any other data or to impair the reliability, security or operation of any such data. However, paragraph 477.2(1)(d) currently limits the offence to situations involving or affecting a carriage service, a Commonwealth computer or data held on behalf of the Commonwealth in a computer. Subsection 477.2(2) applies absolute liability to paragraph 477.2(1)(d).

Item 5 will omit the 'and' from subparagraph 477.2(1)(c)(ii) as it refers to paragraph 477.2(1)(d), which will be repealed by Item 6.

Item 6 will repeal paragraph 477.2(1)(d) to remove the existing requirement for a carriage service to have been used, a Commonwealth computer to have been involved or affected, or data held on behalf of the Commonwealth in a computer to have been affected, in the commission of the offence.

Item 7 will repeal subsection 477.2(2). Following the repeal of paragraph 477.2(1)(d) by item 6 of this Schedule, subsection 477.2(2) will be obsolete.

These amendments will ensure that section 477.2 meets the obligations in Articles 4 and 5 of the Convention relating to data interference and system interference respectively, which are not limited to interference involving or affecting a carriage service, computers owned by particular persons or entities, or data held on behalf of particular persons or entities.

Following the commencement of this Schedule, section 477.2 will capture a broader range of illegal conduct, such as the unauthorised modification of data by means of a local network with an intent to impair the operation of the data.

Items 8, 9 and 10 - Section 477.3

Subsection 477.3(1) provides that it is an offence to cause unauthorised impairment of electronic communication to or from a computer (such as an email). However, paragraph 477.3(1)(c) currently limits the offence to electronic communications which are either sent over a carriage service or sent to or from a Commonwealth computer. Subsection 477.3(2) applies absolute liability to paragraph 477.3(1)(c).

Item 8 will omit the 'and' from paragraph 477.3(1)(b) as it refers to paragraph 477.3(1)(c), which will be repealed by Item 9.

Item 9 will repeal paragraph 477.3(1)(c) to remove the existing requirement for electronic communications to have been either sent over a carriage service or sent to or from a Commonwealth computer in the commission of the offence.

Item 10 will repeal subsection 477.3(2). Following the repeal of paragraph 477.3(1)(c) by item 9 of this Schedule, subsection 477.3(2) will be obsolete.

These amendments will ensure that section 477.3 meets the obligations in Articles 4 and 5 of the Convention relating to data interference and system interference respectively, which apply to interference with any electronic communication, not just those sent over a carriage service or to or from computers owned by particular persons or entities.

Following the commencement of this Schedule, section 477.3 will capture a broader range of illegal conduct, such as the impairment of electronic communication sent over a local network or between computers that do not belong to the Commonwealth.

Items 11, 12 and 13 - Section 478.1

Subsection 478.1(1) provides that it is an offence to cause unauthorised access to, or modification of, restricted data. However, paragraph 478.1(1)(d) currently limits the offence to situations where the restricted data is held in a Commonwealth computer or held on behalf of the Commonwealth, or where the access to or modification of the restricted data is caused by means of a carriage service. Subsection 478.1(2) applies absolute liability to paragraph 478.1(1)(d).

Item 11 will omit the 'and' from paragraph 478.1(1)(c) as it refers to paragraph 478.1(1)(d), which will be repealed by Item 12.

Item 12 will repeal paragraph 478.1(1)(d) to remove the existing requirement for restricted data to have been held in a Commonwealth computer or held on behalf of the Commonwealth or for a carriage service to have been used in the commission of the offence.

Item 13 will repeal subsection 478.1(2). Following the repeal of paragraph 487.1(1)(c) by item 12 of this Schedule, subsection 478.1(2) will be obsolete.

These amendments will ensure that section 478.1 meets the obligations in Articles 2, 4 and 5 of the Convention relating to illegal access, data interference and system interference respectively, which are not limited to interference or access caused by means of a carriage service, or affecting data held in particular computers or on behalf of particular persons or entities.

Following the commencement of this Schedule, section 478.1 will capture a broader range of illegal conduct, such as causing unauthorised modification of restricted data by means of a local network.

Items 14, 15, 16 and 17 - Section 478.2

Subsection 478.2(1) provides that it is an offence to cause unauthorised impairment of the reliability, security or operation of data held on a computer disk, credit card or another electronic storage device. However, paragraph 478.2(1)(d) currently limits this offence to situations where the device whose data is impaired is owned or leased by a Commonwealth entity. Subsection 478.2(2) applies absolute liability to paragraph 478.2(1)(d).

Item 14 will omit the '(1)' from subsection 478.2. Following the repeal of subsection 478.2(2) by item 17, this reference will no longer be required.

Item 15 will omit the 'and' from paragraph 478.2(1)(c) as it refers to paragraph 478.2(1)(d), which will be repealed by item 16 of this Schedule.

Item 16 will repeal paragraph 478.2(1)(d) to remove the existing requirement for the device that holds the data impaired in the commission of the offence to have been owned or leased by a Commonwealth entity.

Item 17 will repeal subsection 478.2(2). Following the repeal of subsection 478.2(1)(d) by item 16 of this Schedule, subsection 478.2(2) will be obsolete.

These amendments will ensure section 478.2 meets the obligations in Article 4 of the Convention relating to data interference, which applies to data on any device.

Following the commencement of this Schedule, section 478.2 will capture a broader range of illegal conduct, such as causing unauthorised impairment of data on devices which are owned by individuals or private entities.

Item 18

This item is an application provision that makes it clear that the offences in Part 10.7 of the Criminal Code as amended by this Schedule apply only to acts or omissions that take place after the Schedule commences. The current offences will continue to apply to acts or omissions that take place prior to the commencement of this Schedule.


View full documentView full documentBack to top