Journal of Law, Information and Science
|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Journal of Law, Information and Science |
|
KATHERINE S WILLIAMS[*] & INDIRA MAHALINGAM CARR[**]
Singapore, a country with a strong commercial infrastructure, is one of the many states to introduce specific legislation on computer misuse - Computer Misuse Act 1993. This article mainly concentrates on the substantive elements, evidential issues, penalties and enforcement measures of the Singapore Computer Misuse Act while drawing comparisons with the British Computer Misuse Act 1990.
It would not be an overstatement to say that computer misuse is a problem that could assume, if it has not already done so, gargantuan proportions.[1] The reasons are many. The availability of personal computers and the regularity with which they are networked is now so widespread that even small businesses find it financially beneficial to rely on them for most of their day-to-day administrative functions like invoicing, ordering and paying bills. The dependence of the commercial and financial sectors on computers and the easy access to computers throughout the world via networks inevitably make them an attractive target for criminal activities.[2] The increasing sophistication of computer security systems further provides a challenge, perhaps unmatched by other types of criminal activity, to the perpetrator. In this context it is not surprising that many countries are choosing to protect the business sector from the far reaching and expensive consequences of computer hacking. Singapore, a country with a strong commercial infrastructure, is one of the many states to criminalise computer misuse through its recent legislation. This article will consider the substantive elements, evidential issues, penalties and enforcement measures in the Singapore Computer Misuse Act 1993[3] (hereinafter SCMA). Where relevant comparisons will be made with the British Computer Misuse Act 1990[4] (hereinafter BCMA) with a view to assessing the relative merits of the SCMA.
A challenge that all legislative authorities have faced in relation to computer misuse is the definition of key terms such as 'computer', 'program' and 'data'. It has been difficult to formulate satisfactory definitions that possess sufficient flexibility to accommodate advances in computer technology.[5] As a consequence some legislations have left these terms undefined. The BCMA is one such legislation. The SCMA, on the other hand, defines key terms such as 'computer', 'data', 'program' and 'function'' in s. 2(1) as follows:
- "computer" means an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device or group of such interconnected or related devices, but does not include an automated typesetter, a portable hand held calculator or other similar device which is non-programmable or which does not contain any data storage facility;[6]
- "data" means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer;
- "program or computer program" means data representing instructions or statements that, when executed in a computer, causes the computer to perform a function;
- "function" includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or with a computer.
The definition of 'computer', though clumsily phrased, seems sufficiently wide and inclusive to protect technology that appears after the Act. For instance, the inclusion of the phrase "other data processing device" would be capable of including a device that uses biological memory. It is also, unlike the BCMA, sufficiently clear to avoid questions of whether a hand held calculator falls within the scope of the Act or not. One of the drawbacks of the BCMA in leaving computer undefined is that unauthorised use of items like cars and telephones that have computerised security devices could well be within its ambit.
The SCMA creates the following offences:
- unauthorised access to program or data held in any computer (s.3);
- unauthorised access to program or data held in any computer with the intent to commit the commission of further offences - namely, offences involving property, fraud or dishonesty which causes bodily harm that is punishable on conviction with imprisonment for a term of 2 years or more (s. 4);
- unauthorised modification (temporary or permanent) of the contents of any computer (s. 5);
- unauthorised interception of any function of a computer or unauthorised access of a computer with the purpose of obtaining computer services (s. 6); and
- abetting the commission of or attempting to commit or doing any act preparatory to the commission of the offences in the Act (s. 7).
Under s.2(2) of the Act a person secures access to any program or data held in a computer if by causing a computer to perform any function he
- alters or erases the program or data (s. 2(2)(a));
- copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held (s. 2(2)(b));
- uses it (s. 2(2)(c)); or
- causes it to be output from the computer in which it is held (whether by having it displayed or in any other manner) (s.2(2)(d)).
Use for the purposes of s. 2(2)(c) is interpreted in s. 2(3) as
- causes the program to be executed (s. 2(3)(a)); or
- is itself a function of the program (s. 2(3)(b)).
The offences created by ss. 3 to 5 of the SCMA and ss.1 to 3 of the BCMA are similar in that they cover hacking, ulterior intent offences and unauthorised modification of program and data. There are however a few differences. In the offence of unauthorised access the substantive difference between the two Acts is that of mens rea. The British Act requires intent[7] whereas the Singapore Act requires that the person "knowingly causes a computer to perform any function for the purpose of securing access without authority"[8] . As far as the ulterior intent offence is concerned the Singapore Act mentions the intent to commit a further offence and does not refer to facilitating the commission of further offences in the main body of s. 4. Facilitating the commission of further offences appears only as a margin reference and therefore the precise ambit of s. 4 is unclear. The sections providing for the offence of unauthorised modification of computer materials, s.5 of the SCMA and s.3 of the BCMA, are substantially the same.
What is striking about the SCMA are the offences created by ss.6 and 7 which make it a legislation oriented towards the protection of computer crime victims.
According to s.6 it is an offence to
- secure access without authority to any computer for the purpose of obtaining, directly or indirectly, any computer service (s.6(1)(a));
- intercept or cause to be intercepted without authority, directly or indirectly, any function of a computer by means of an electromagnetic, acoustic, mechanical or other device (s.6(1)(b));
- use or cause to be used, directly or indirectly, the computer or any other device for the purpose of committing an offence under ss. 6(1)(a) or 6(1)(b). (s.6(1)(c)).
According to s.2(1) "computer service" includes computer time, data processing, and the storage or retrieval of data; "electronic, acoustic, mechanical or other device" means any device or apparatus that is used or is capable of being used to intercept any function of a computer; and "intercept" in relation to a function of a computer, includes listening to or recording a function of a computer or acquiring the substance, meaning or purport thereof.[9]
From the above it is clear that the SCMA makes eavesdropping an offence and rightly so. Much of commercial and governmental communication is now carried out by communications with and between computers and their interception is a fairly simple process that does not require the use of telephone lines. For instance, electromagnetic radiation around the computer can be picked from outside the building with the help of a video recorder and a television screen. The inclusion of computer eavesdropping by the Singapore Act in its list of offences is a great improvement on the British Act.[10] The absence of any protection against eavesdropping is indeed surprising as the Council of Europe did include this as one the eight types of conduct which should be incorporated into the criminal laws of member states in order to provide minimum protection from computer related crime.[11]
Section 7 makes the abetting of any of the above offences an offence. This means that activities such as providing computer passwords to third parties on a hacker's bulletin board or supplying security scrambling devices would be covered. This issue has not been addressed by the British Act and it is unclear whether such conduct could fall within the scope of existing criminal laws such as conspiracy to defraud.[12]
The SCMA makes detailed provisions for the admissibility of computerised records in any proceedings brought under the Act. According to s.11[13] any output is admissible as long as there is no reasonable ground for believing that the output is inaccurate because of improper use of the computer and that no reason exists to doubt or suspect the validity of the output and that at all material times the computer was operating properly or that any problem with its operation did not affect the production or accuracy of the output.
Where evidence is sought to be admitted under s.11 the output submitted must be accompanied by a certificate signed by someone in a position of responsibility in relation to the operation of the computer at all relevant times (s. 12(1)(d)).[14] Where the person responsible for the operation of the computer does not have control or access over any of the relevant records and facts in relation to the production by the computer of the computer output, a supplementary certificate signed by the person with access or in control will be deemed sufficient. The submission of certificates in evidence does not supplant the court's right to require oral evidence. Under s. 12(4) a court's right to require oral evidence on matters for which evidence could be provided by a certificate under sections 12(1) and 12(2) is preserved. A person making a statement that he/she does not believe to be true or a false statement on conviction could be fined up to $10,000 or imprisoned for a maximum of two years or to both under s12(5).
As far as the contents of the certificate are concerned it must
(a) identify the computer output and describe the manner in which it was produced (s.12(1)(a));
(b) provide particulars of devices that were used in the production of the computer output (s.12(1)(b);
(c) deal with matters mentioned in s.11(1) - that is, contain appropriate statements relating to the proper operation and reliability of the computer.
The BCMA is silent on evidential issues. Provisions however exist elsewhere for admitting computer generated evidence in criminal matters. S.69[15] of the Police and Criminal Evidence Act 1984 (hereinafter PACE) provides that in order to be admissible the documentary output must follow broadly the same requirements as those in the SCMA and under paragraph 8 of Schedule 3[16] to the Act these can be proven by a certificate from a person in a responsible position in relation to the operation of the computer. The general assumption regarding statements on computer reliability as required by paragraph 8 Schedule 3 was that they needed to be made by an expert. The decision in R v Shepherd[17] however suggests that this does not apply where oral evidence is provided. In Shepherd[18] the appellant charged with stealing goods from a major department store argued that they were purchased at another branch and the receipt was lost. In order to prove that the goods had not been purchased in the branch claimed by the appellant the till rolls were examined. The store operated a semi-automated computerised system. Information was collated on the basis of details provided by the till assistant and details provided by the central computer to which the tills were connected. Oral evidence relating to the operation of the computer was provided by the store detective. This evidence was challenged on the grounds that the witness could not give oral evidence to satisfy the requirements of s.69 since she did not occupy a position of responsibility to the computer and lacked the necessary qualifications to provide a certificate as required by Schedule 3 paragraph 8 of PACE.[19] The House of Lords however held that where the evidence given was of an oral nature the requirements of paragraph 8 Schedule 3 need not be satisfied on the reasoning that the cogency of such evidence could always be challenged during cross examination.[20] It was held that in the present case the evidence provided by a person who was familiar with the operation of the computer was admissible. The decision in Shepherd to admit oral evidence given by a person lacking technical qualification could be criticised since it makes the prosecution's task of submitting computer generated evidence less onerous. But then requiring technical competence in computing of all who give evidence in all cases may be unrealistic given the present level of computer literacy. As Lord Griffiths said
Documents produced by computers are an increasingly common feature of all business and more and more people are becoming familiar with their uses and operation. Computers vary immensely in their complexity and in the operations they perform. The nature of the evidence to discharge the burden of showing that there has been no improper use of the computer and that it was operating properly will inevitable vary from case to case. The evidence must be suited to meet the needs of the case.[21]
The wording of the provisions relating to admissibility of computer generated evidence in the SCMA is very similar[22] to that found in s.69 and paragraph 8 Schedule 3 of PACE. It will be interesting to see whether oral evidence given by a technically ignorant person will be admitted in the Singapore courts.
The sanctions imposed by the SCMA vary according to the type of offence and the damage suffered by the victim. Conviction for unauthorised access (s.3 offence) could result in a fine not exceeding Singapore $2,000 and/or imprisonment of up to 2 years (s.3(1)). However where the damage caused by simple access is in excess of $20,000 the convicted could be fined to a maximum of $20,000 and/or a maximum of five years imprisonment (s. 3(2)). Unauthorised access coupled with the intent to commit or facilitate the commission of further offences (s. 4 offence) attracts a fine of up to $50,000 and/or a maximum term of 10 years in prison regardless of whether the trial is in a magistrate or district court (s. 4(1)). The penalty for unauthorised modification (s.5 offence) is the same as the two levels set out for unauthorised access (ss 5(1) and 5(2)). The same penalty applies to unauthorised use or interception of computer service (ss. 6(1) and 6(2) ). The penalty for abetting the commission or attempting to commit any offence under the Act attracts the penalty specified for the particular offence.
In comparison the sanctions outlined by the BCMA are lighter. For simple access (s.1 offence) the penalty on summary conviction is a maximum of level 5 (£5,000) fine and/or a maximum of 6 months imprisonment (s.1(3)). For unauthorised access with intent to commit or facilitate the commission of further offences (s.2 offence) the level of penalty depends on the nature of the conviction. On summary conviction the person guilty of an offence would be liable to imprisonment for a maximum term of six months and/or a fine that does not exceed the statutory maximum (s.2(5)(a). Upon indictment the fine rises to an unlimited amount and the maximum term for imprisonment to five years (s.2(5)(b). The penalty for unauthorised modification of computer material (s.3 offence) is the same as that for unauthorised access with the intent to commit or facilitate further offences (s. 3(7)(a) and 3(7)(b)).
The courts in Britain have not sentenced harshly even where the loss suffered by the victim is quite huge. For instance, an offender who planted a logic bomb that caused £30,000 loss was sentenced to 140 hours of community services and ordered to pay £3,000 in compensation.[23] More recently there have been instances of offenders being given short prison sentences for such computer misuse but it is difficult to ascertain how frequent such sentences are.
It will be interesting to see the sentencing policy of the Singapore judiciary in relation to computer abuses. The SCMA sanctions are generally much harsher than those of the BCMA and some would argue that harsher penalties should act as an effective deterrent. It is highly likely that Singapore will take a tougher stance towards computer criminals because of the potential damaging effects that computer abuse could have on the financial and business sectors - the mainstay of Singapore's economy.[24]
The success of any criminal legislation largely depends on its enforceability. That is to say, criminal law is worthless if the means to detect the offences are not available.[25] During the passage of the computer misuse bill in the British Parliament the issue of enforceability - that is, questions relating to evidence gathering that could involve intrusive methods, training of the police in these methods - was hardly discussed. The minimal discussion that took place was in relation to the inclusion of s.14 which enables the issue of a search warrant by a circuit judge where there are reasonable grounds for believing that a s.1(basic hacking) offence has been or is about to be committed on the specified premises.[26] As far as s.2 and s.3 offences are concerned the grant of search warrants in relation to these is governed by s.8 of PACE. According to s.8 a search warrant can be issued by a justice of the peace if he is satisfied that a serious arrestable offence has been committed on the premises and that relevant evidence is likely to be found on the specified premises.[27]
Though s.14 of BCMA and s.8 PACE impart wide powers of search and seizure of material most unauthorised access occurs by means of telephone lines. The police however have no powers to obtain details concerning the use of these lines. The matter of passing relevant information to the police is entirely left to the discretion of the companies operating the lines.[28] The police in a few circumstances may be able to intercept the lines. One is where the person complaining of intrusion gives permission to tap his line. The other is under s.2 of the Interception of Communications Act 1985 where the police can obtain a warrant from the Secretary of State to intercept a telephone line. This is issued only where it is considered necessary for the purposes of national security, safeguarding the economic well-being of United Kingdom, or for preventing the commission of serious crime. Serious crime, according to s.10(3) of the Act, includes, amongst others, crimes resulting in substantial financial gain and conduct by a large number of persons in pursuit of a criminal purpose.
From the above it is clear that opportunities for the police to gain access to telephone lines are extremely limited in the United Kingdom. This could well be a reason for the paucity of prosecutions under the Act even though it was enacted in 1990 amidst calls for immediate legal protection due to an alarming increase in computer related crimes. Of course it is possible that the claims by the lobbyists for legislation were ill founded and the financial losses quoted in various reports[29] high approximations. A 1991 study conducted in the USA[30] came to the conclusion that the paucity of prosecutions in the area of computer misuse was simply due to a lack of offences. Not much reliance however can be placed on the conclusions reached since no account of the level of enforcement available to the authorities was taken.[31] It is likely that the lack of prosecutions might well be due to lack of effective methods for gathering evidence coupled perhaps with a lack of training police officers in techniques for detecting computer misuse.[32]
The Singapore legislation has taken a different approach to the issue of enforcement. Indeed some of the most important, and arguable, elements of the computer misuse legislation arise in the context of s.14[33] which seems to impart wide powers of enforcement to authorities that could infringe human rights. S. 14(a) of the SCMA gives a police officer the power to demand access to and permits the inspection of the operation of any computer, associated apparatus or material which he has reasonable cause to believe is or has been used in connection with any offence under the Act. Further under s.14(b) he can require the assistance of the person he suspects or any other individual who operates the computer to help in the search or inspection of the machine and the material. A reading of s. 14 in conjunction with ss 2(1)[34] and 6(1)(b)[35] suggests that the officer would have access to telephone records or to any other materials which may assist in the detection of offences outlined in the legislation.
The only protection that a suspect has under the SCMA is that the officer must have reasonable cause to suspect that the computer, associated apparatus or material is relevant to an offence under the legislation. This protection seems to be minimal. Further under s. 15 of the Act the police officer has the authority to arrest without warrant any person reasonably suspected of committing an offence under the SCMA.[36]
The powers of search given by the SCMA that do not require the approval of an independent third party like the judiciary leaves room for mistakes and possible abuses of power. The decision making process entirely left to the judgement of the police officer is likely to increase the chances of jeopardising an individual's right to freedom. It is not of course suggested that it is possible entirely to rid the decision making process of errors; nonetheless it is possible to reduce the element of error by having a system of checks in place. It also has the added bonus of boosting the confidence of the populace in the regulatory system of the state.
Many of the incidents where this power is invoked will not necessarily result in a prosecution and searches carried early on in the investigation may prove to be wrongly conducted. Access to information concerning use of telephone lines will fall into this category and, as this will be necessary at the initial stages of an investigation, presumably the level of proof necessary to access such information will be far lower than that necessary for access to the computer suspected of being used to commit the offence. However, until the operation of the Act is fully tested it will be impossible to gauge the extent of invasion of privacy. The lack of adequate safeguards to monitor the invasion of privacy is itself a source of worry.
The wording of s.14 also seems wide enough to allow the police to tap and trace phone calls to establish whether someone is committing a crime. These methods are clearly intrusions of privacy and so potentially breaches of Article 12[37] of the Universal Declaration of Human Rights and Article 17[38] of the International Covenant on Civil and Political Rights (hereinafter ICCPR). If the interpretation of similar provisions in the European Convention on Human Rights[39] is to provide a yardstick for understanding the ambit of Article 17 then breaches of privacy would have to be in accordance with the law and necessary in a democratic society. It is highly questionable whether such a wide provision is indeed necessary in a democratic society, especially when its operation is not controlled by the judiciary or other such impartial body.
Section 14(b) also requires the suspect to perform acts which amount to self-incrimination. A police officer under the Act can require the suspect to provide assistance in gaining evidence which might later be used at his or her own trial. Normally it is for the state to prove guilt: to require a suspected individual to help the state to obtain the proof raises a number of difficulties regarding the role of law in society.[40] Article 14(2) of the ICCPR to which Singapore is a party does guarantee that every individual has the right to be presumed innocent until proven guilty[41] and not to be compelled to testify against himself or confess guilt.[42]
At this juncture it would be fair to ask why enforcement methods that could infringe human rights are countenanced in the context of computer misuse. The answer is to be found in the guiding philosophy of the state. Both Singapore and Britain are based on capitalistic systems that rely on the efficiency of commercial enterprises for their economic well being. Lack of adequate legal controls to enable this would result in lack of confidence and hence lack of local and foreign investment. And since businesses have accepted computers widely due to their contribution in maintaining the competitive edge countries like the United Kingdom and Singapore have had to introduce legislation specifically dealing with computer misuse to allay fears of huge financial losses on the part of businesses.[43] The United Kingdom has stigmatised computer abuse through the Computer Misuse Act 1990. However it seems to be only of symbolic significance since it lacks adequate enforcement provisions. The Singapore legislation on the other hand has done much more for business confidence in that it has provided a means of control, a criminal justice process in the computer misuse legislation. The process chosen however is not one of due process where the rights of a suspect/defendant are recognised and the powers of agents of the state such as the police are constrained to make allowance for these; rather it is one of crime control where the central intention is to control activity and punish offenders and under which any method that might allow one to attain information leading to 'truth' or to conviction of 'offenders' is permitted. This places the interests of businesses (victims) and society (maintenance of the status quo) over the interests/rights of defendants. There are problems with having chosen such an enforcement method, particularly in a state legal system which is basically adversarial as it rather undermines the idea of the presumption of innocence and the need for the state to prove guilt. Without proper safeguards it is most likely to lead to wrongful convictions and this is ultimately not in the interests of victims, society or defendants. The Singapore legislation could have achieved a better balance by providing a system of checks to reduce the degree of error in the police officer's decision to search premises or arrest. Apart from this major drawback the SCMA by and large seems to offer better protection to the victim than the BCMA.
It is too early to assess the success of the Singapore legislation. What can be said of the legislation however is that it is much more protective of the victims than the British legislation in bringing aspects of computer centred crime like eavesdropping within its ambit. The protection of the victims is further enhanced through the enforcement measures of the Act. If it is possible to criticise the enforcement measures as being too intrusive, it could be argued that this is necessary for a crime that is 'invisible'. A more reasonable objection would be over the lack of adequate safeguards - i.e. monitoring systems - to prevent the abuses arising from the greater powers of intrusion given to enforcement authorities. Nonetheless it cannot be denied that the SCMA is a far better piece of legislation capable of boosting business confidence than the BCMA.
It is these issues of intrusive enforcement and inadequate safeguards which raise the most interesting questions when comparing the SCMA to its British counter-part. There is no doubt that the Singapore Act represents a more effective piece of legislation against computer misuse, especially from the point of view of boosting business confidence. But how far should commercial interests be used to justify invasions of privacy, and to what extent should the presumed needs of the State be allowed to over-ride individual human rights?
[*] Lecturer in Law, University of Wales, Aberystwyth, Wales
[**] Lecturer in Law, University of Exeter, England
[1] The CBI (Confederation of British Industries) in 1987 estimated annual losses through computer fraud to be around £30 million The Times January 20, 1987. More recent surveys carried out by management consultants suggest losses of up to £1 billion. It is however difficult to assess the true extent of the losses since many computer related frauds remain unreported for fear of loss of business. See also Audit Commission for Local Authorities in England and Wales Survey of Computer Fraud and Abuse 1987, London: HMSO; Computer Security Subcommittee Confronting Computer Crime 1984, St Paul MN: Metropolitan Council of the Twin Cities Area; Tasmanian Law Reform Commission Computer Misuse 1986 Tasmania: Government Printer which provide some indication of the financial losses to businesses through computer misuse.
[2] According to a news item in The Independent February 13, 1994 a high ranking official of the US National Security Agency visited London to persuade EU and EFTA countries to purchase highly sophisticated scrambling technology (Clipper Chip and Tessera) which would enable government agencies to eavesdrop electronically if necessary. The Clinton administration is concerned about the effects of widespread access that money launderers, drug traffickers and unfriendly governments will have through information highways.
[3] The Act was passed by Parliament on May 28, 1993 and received the President's assent on July 9,1993.
[4] The Act came into effect on August 29, 1990.
[5] See Robin K Kutz [1986] William and Mary Law Review 783 for criticisms raised about the different definitions of computer in the United States.
[6] Compare this with the following definition adopted by the US Federal legislation in s. 1030 (e)(1) 18 USC :
an electronic, magnetic, optical, electrochemical, or other high speed processing device performing logical, arithmetic, or storage functions and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device.
See also the Law Commission 1988 Working Paper No 110 Computer Misuse London: HMSO for a variety of definitions.
[7] S.1(1) of BCMA reads as follows:
A person is guilty of an offence if --
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
[8] S. 3(1) SCMA.
[9] Compare the definition of "intercept" with s. 46(2) Canadian Criminal Law Amendment Act 1985.
[10] The question of eavesdropping was raised by Emma Nicholson, MP during the passage of the bill in Parliament. Unfortunately it was not included in the Act. It has been suggested that computer eavesdropping could fall within the ambit of Interception of Communications Act 1985 (see page 60 Law Commission Working Paper 110, p, 60). Doubts have been raised in relation to this suggestion (see Wasik, Martin Crime and the Computer 1991, Oxford: Clarendon Press p, 90-91).
[11] Computer Related Crime Recommendation No. R (89) 9 p,53.
[12] See Law Commission Working Paper No, 104, 1987 Conspiracy to Defraud London: HMSO; see also Hollinshead [1985] AC 975.
[13] S.11 SCMA reads as follows:
(1) ... in any proceedings under this Act, any relevant computer output shall be admissible as evidence of any fact stated therein if it is shown -
(a) that there is no reasonable ground for believing that the output is inaccurate because of improper use of the computer and that no reason exists to doubt or suspect the truth or reliability of the output; or
(b) that at all material times the computer was operational properly, or if not, that any respect in which it was not operating properly or was out of operation was not such as to affect the production of the output or the accuracy of its contents.
(2) ...
(3) ...
[14] S. 12 (1) SCMA reads as follows:
In any proceedings where it is desired to admit computer output in evidence in accordance with section 11, a certificate --
(a) identifying the computer output and describing the manner in which it was produced;
(b) giving such particulars of any device involved in the production of that computer output as may be appropriate for the purpose of showing that the output was produced by a computer;
(c) dealing with any of the matters mentioned in section 11 (1); and
(d) purporting to be signed by a person occupying a responsible position in relation to the operation of the computer at all relevant time,
shall be admitted in those proceedings as evidence of anything stated in the certificate.
[15] S.69 of the Police and Criminal Evidence Act 1984 reads as follows:
(1) In any proceedings, a statement in a document produced by a computer shall not be admissible as evidence of any fact stated therein unless it is shown-
(a) that there are no reasonable grounds for believing that the statement is inaccurate because of improper use of the computer;
(b) that at all material times the computer was operating properly, or if not, that any respect in which it was not operating properly or was out of operation was not such as to affect the production of the document or the accuracy of its contents;
(c) ...
(2) ...
[16] Paragraph 8 Schedule 3 Police and Criminal Evidence Act 1984 states:
8. In any proceedings where it is desired to give a statement in evidence in accordance with section 69 above, a certificate -
(a) identifying the document containing the statement and describing the manner in which it was produced;
(b) giving such particulars of any device involved in the production of that document as may be appropriate for the purpose of showing that the document was produced by a computer;
(c) dealing with any of the matters mentioned in subsection (1) of section 69 above; and
(d) purporting to be signed by a person occupying a responsible position in relation to the operation of the computer,
shall be evidence of anything stated in it ...
[18] See Hirst, M [1992] Law Computers and Artificial Intelligence 365; Reed C [1993] Journal of Business Law 505; Smith J C [1993] Criminal Law Review 295.
[19] The House of Lords also decided on another issue - namely the ambit of s. 69 PACE. It held that s.69 applied to all computer generated evidence and not restricted to hearsay evidence as decided by the Court of Appeal in R v Minors [1989] 2 AER 208 and R v Spiby (1990) 91 Cr App Rep 186.
[20] In R v Harper [1989] 2 AER 208 the evidence of a revenue official was not admitted since he could not provide a satisfactory account of the workings of the computer or testify as to its reliability.
[21] [1993] 2 AER 225 at p, 231.
[22] See footnotes 13 to 15 above.
[23] 'Bomber walks free despite guilty verdict' Computing December, 10 1992: p,3. There is an increasing tendency for courts to opt for community service orders and other non-custodial sentences rather than imprisonment and this has been fed by the 1991 Criminal Justice Act which sets out the criteria to assist the court in deciding when a custodial sentence is appropriate.
[24] Singapore seems generally to adopt a tough stance towards offenders. See Nick Cohen's report 'Singapore Grip' The Independent on Sunday May 1,1994.
[25] This was indeed appreciated by a member of the Scottish Law Commission who stated that the mere existence of criminal offences is unlikely to make a huge impact on computer misuse (see The Times October 5, 1989).
[26] The Minister of State appreciated the fact that basic hacking offence (s.1 offence) was likely to be committed in private houses to which the police have no access by and large. (see Official Report (Standing Committee C) column 65, March 28, 1990. The BCMA is unusual in making provisions for the issue of a search warrant for a summary offence. See also s. 109 Copyright, Designs and Patents Act 1988.
[27] See also sections 14, 17, 19(4) and 116 of PACE.
[28] According to an item in The Times 28 May 1990 the police find it difficult to obtain such information from British Telecom. See also para. 2.20, Law Commission Report Computer Misuse No 186 Cmnd. 819, 1989 London: HMSO.
[29] See note 1 above.
[30] The authors are not aware of a similar study in the United Kingdom.
[31] Michalowski, Raymond J and Pfuhl, Erdwin H 'Technology, Property and Law' Crime and Social Change Vol. 15, 1991:225.
[32] See Chapter 6 Wasik, Martin (1991) op. cit. for an excellent account on the problems of gathering evidence in cases of computer abuse.
[33] S.14 reads as follows:
In connection with the exercise of his powers of investigations under the Criminal Procedure Code, a police officer --
(a) shall be entitled at any time to have access to and inspect and check the operation of, any computer and any associated apparatus or material which he has reasonable cause to suspect is or has been in use in connection with any offence under this Act; and
(b) may require --
(i) the person by whom or on whose behalf the police officer has reasonable cause to suspect the computer is or has been so used; or
(ii) any person having charge of, or otherwise concerned with the operation of, the computer, apparatus or material,
to provide him with such reasonable assistance as he may require for the purposes of paragraph (a).
[34] See 2.1 (Definitions of Key Terms above) above.
[35] S 6. (1) states:
Subject to subsection (2), any person who knowingly --
(a) ...
(b) intercepts or causes to be intercepted without authority, directly or indirectly, any function of a computer by means of an electromagnetic, acoustic, mechanical or other device; or
(c) ...
shall be guilty of an offence ...
[36] Under s.24 of PACE it is possible to arrest without a warrant where there are reasonable grounds for suspecting an arrestable offence has been committed or is about to be committed. For the meaning of reasonable grounds see Holgate-Mohammed v Duke [1984] AC 437; Castorina v Chief Constable of Surrey [1988] New Law Journal 180; Ward v Chief Constable of Avon & Somerset Constabulary (1988) 87 Cr App Rep 200. See also s.25 PACE.
[37] Article 12 of the UN Declaration states:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
[38] Article 17 of the ICCPR states:
1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law against such interference or attacks.
[39] Article 8 states:
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well being of the country, for the prevention of disorder or crime, for the protection of public health or morals, or for the protection of the rights and freedoms of others.
[40] This could be said to interfere with the basic principle of the presumption of innocence, a central part of which is that the defendant should only be required to respond to a case the prosecution makes, not to one they may make. In this view of the criminal justice system it is for the defendant to defend him or herself not to help the prosecution with their case. To alter the balance leaves the state in a position of great power and might lead to questions as to the impartiality of law and the justice of the outcome. The right against self-incrimination has been tested in a number of cases before the European Court of Human Rights. Article 6 the ECHR requires everyone be given a fair trial and places the burden of proof on the prosecution. This has been used so as to protect people from self-incrimination. In Funke v France (25-2-93) Series A, Vol 256-A the state was found to have violated Article 6 where they required Funke to produce documents 'which they believed must exist, although they were not certain of the fact', here the Court presumed that Article 6 included "...the right of anyone......to remain silent and not to contribute to incriminating himself". Saunders v UK (7-12-93) No. 19187/91, the Commission admitted that the state had a case to answer where they had required Saunders to answer questions in a civil action and later used this information in the criminal case. In Murray (John) v UK (18-1-94) No 18731/91, the Commission admitted the case to the court where the defendant refused to answer questions when required in law to do so.
[41] Article 14(2) of the ICCPR states:
Everyone charged with a criminal offence shall have the right to be presumed innocent until proved guilty according to law.
[42] Article 14(3)(g) of the ICCPR states:
In the determination of any criminal charge against him, everyone shall be entitled to the following minimum guarantees, in full equality:
...(g) Not to be compelled to testify against himself or to confess guilt.
[43] See Michalowski and Pfuhl (1991) op.cit. who advance a similar argument in relation to the enactment of computer misuse legislation in the United States.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/JlLawInfoSci/1994/13.html