Victorian Bills Explanatory Memoranda Victorian Bills Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
Crimes (Property Damage and Computer
Offences) Bill
Circulation Print
EXPLANATORY MEMORANDUM
PART 1--PRELIMINARY
Clause 1 states that the main purpose of the proposed Act is--
· to amend the Crimes Act 1958 to create offences
relating to bushfires, computers and sabotage; and
· to amend the Bail Act 1977 to include the offence of
arson causing death as an offence in respect of which
there is a presumption against bail.
Clause 2 provides that the proposed Act comes into operation on the day
after the day on which it receives the Royal Assent.
Clause 3 provides that in the proposed Act, the Crimes Act 1958 is called
the Principal Act.
PART 2--AMENDMENTS TO THE CRIMES ACT 1958
Clause 4 inserts a new section 201A into the Principal Act.
New section 201A(1) creates a new bushfire offence based on the
model bushfire offence in Chapter 4 of the Model Criminal Code
Officers Committee Report titled "Damage and Computer
Offences", published in January 2001.
New section 201A(1) makes it an offence for a person to--
· intentionally or recklessly cause a fire; and
· be reckless as to the spread of the fire to vegetation on
property belonging to another person.
This is an indictable offence punishable by a maximum penalty
of 15 years' imprisonment.
1
551025 BILL LC CIRCULATION 28/2/2003
A person prosecuted under the new section 201A may also, in
certain circumstances, be prosecuted for the offence of arson
under section 197 of the Principal Act (for example, where a
farm house and a state forest have been damaged by the same
fire).
New section 201A(2) identifies one circumstance in which a
person will not be considered to be reckless as to the spread of
fire. A person will not be taken to be reckless as to the spread of
fire where the person--
· caused the fire in the course of carrying out a fire
prevention, fire suppression or other land management
activity; and
· carried out that activity in accordance with a provision
made by or under an Act or by a Code of Practice
approved under an Act that applied to that activity; and
· believed that his or her conduct in carrying out that
activity was justified having regard to all of the
circumstances.
An example of a fire prevention activity is fuel reduction
burning. A fire suppression activity includes activities such as
burning-out of fuel between a control line and a fire front.
Other land management activities include activities such as
biodiversity management, silvicultural management, pest plant
and pest animal management.
New section 201A(3) provides that for the purposes of section
201A(2) it is sufficient if a person honestly believed that his or
her conduct was justified.
New sections 201A(2) and (3) will ensure that the offence will
not apply to those persons who use fire in the circumstance
identified. The court will still be free to consider other
circumstances where a person may not be reckless as to the
spread of fire. The common law standard for recklessness will
continue to apply in these situations.
New section 201A(4) provides that for the purposes of
section 201A, a reference to "causing a fire" includes lighting a
fire, maintaining a fire and failing to contain a fire, except where
the fire was lit by another person or the fire is beyond the control
of the person who lit the fire. The section also provides for the
purposes of section 201A that the "spread of fire" means the
spread of the fire beyond the capacity of the person who caused
the fire to extinguish it.
2
Clause 5 inserts a new Subdivision (6) in Division 3 of Part I of the
Principal Act (new sections 247A-247I).
New Subdivision (6) in Division 3 creates seven new computer
offences based on the model computer offences in Chapter 4 of
the Model Criminal Code Officers Committee Report titled
"Damage and Computer Offences", published in January 2001.
New section 247A(1) defines the terms "access", "data", "data
held in a computer", "data storage device", "electronic
communication", "impairment", "modification", "serious
computer offence" and "unauthorised computer function" used in
Subdivision (6).
The term "access" in relation to data held in a computer means--
· the display of the data by the computer or any other
output of the data from the computer; or
· the copying or moving of the data to any other place in
the computer or to a data storage device; or
· the execution of a program.
The term "data" includes information in any form and any
program or part of a program.
The term "data held in a computer" includes data entered or
copied into the computer, data held in any removable data storage
device for the time being in the computer and data held in a data
storage device on a computer network of which the computer
forms part.
The term "data storage device" means any thing (for example, a
disk or file server) containing or designed to contain data for use
by a computer.
The term "electronic communication" means a communication of
information in any form by means of guided or unguided
electromagnetic energy.
The term "impairment" in relation to electronic communication to
or from a computer includes the prevention of any such
communication and the impairment of any such communication
on an electronic link or network used by the computer, but does
not include a mere interception of any such communication.
Mere interception is specifically excluded from constituting an
impairment of an electronic communication. This would include
interceptions authorised under the Commonwealth
Telecommunications (Interception) Act 1979.
3
The term "modification" in relation to data held in a computer,
means the alteration or removal of the data or an addition to the
data.
The term "serious computer offence" means--
· an offence against new section 247B (unauthorised
access, modification or impairment with intent to
commit serious offence), new section 247C
(unauthorised modification of data to cause impairment)
or new section 247D (unauthorised impairment of
electronic communication); or
· conduct in another jurisdiction that is an offence in that
jurisdiction and that would constitute an offence against
new section 247B, 247C or 247D if the conduct
occurred in Victoria.
The term "unauthorised computer function" means any of the
following--
· any unauthorised access to data held in a computer; or
· any unauthorised modification of data held in a
computer; or
· any unauthorised impairment of electronic
communication to or from a computer.
New section 247A(2) provides that a reference to access to data,
modification of data or impairment of electronic communication
is limited to access, modification or impairment caused (whether
directly or indirectly) by the execution of a function of a
computer.
New section 247A(3) provides that access to data, modification
of data or impairment of electronic communication is
unauthorised if the person is not entitled to cause that access,
modification or impairment. However, a person is not
unauthorised merely because the person has an ulterior purpose
for that action.
Entitlement to cause the access to data, modification of data or
impairment of electronic communications will include having
express or implied permission or authorisation to cause such
access, modification or impairment. For example, a person will
be entitled if permission or authorisation (whether express or
implied) is obtained by reason of a person's duty as an employee,
sub-contractor or through some other identifiable arrangement.
4
However, a person will not be entitled if the permission or
authorisation is obtained by deception or fraud.
A person may still be entitled if the person has permission or
authorisation, but uses the authorisation for an ulterior purpose.
For example, if a person is authorised to access certain computer
data so he or she can perform his or her duties, but instead
accesses that data for the purpose of defrauding someone, that
access is not unauthorised. If a person is entitled to make
particular modifications to data but instead modifies the data in
an unauthorised manner, that modification will be unauthorised.
New section 247A(4) provides that a person causes an
unauthorised computer function if the person's conduct
substantially contributes to the unauthorised computer function.
New section 247B(1) makes it an offence for a person to cause an
unauthorised computer function. The person must know that the
function is unauthorised and must have the intention of
committing a serious offence or facilitating the commission of a
serious offence (whether by the person or another person).
This is an indictable offence punishable by a maximum penalty
equal to the maximum penalty for the commission of the serious
offence in Victoria.
New section 247B(2) defines a "serious offence" to mean an
offence in Victoria punishable on conviction for a first offence
with imprisonment for a term of 5 years or more or an offence in
any other jurisdiction that would be punishable on conviction for
a first offence with imprisonment for a term of 5 years or more if
committed in Victoria.
New section 247B(3) provides that a person may be found guilty
of an offence against the section even if committing the serious
offence is impossible or whether the serious offence is to be
committed at the time of the unauthorised conduct or at a later
time.
The offence covers situations where a person takes preparatory
action to commit another offence, but the intended offence is not
completed. For example, an offence may be committed where a
person alters bank data in order to fraudulently obtain a financial
gain to which he or she is not entitled. The offence may be
committed whether or not the person obtains any financial gain.
New section 247B(4) provides that it is not an offence to attempt
to commit an offence against this section.
5
New section 247C makes it an offence for a person to cause any
unauthorised modification of data held in a computer.
The person must know that the modification is unauthorised, and
must intend to impair access to, or the reliability, security or
operation of, any data held in a computer or the person must be
reckless as to any such impairment.
This is an indictable offence punishable by a maximum penalty
of 10 years' imprisonment.
The offence does not require that data impairment actually occur
and it covers situations such as--
· a hacker obtains unauthorised access to data or a
program and then modifies data to cause impairment; or
· a person circulates a disk containing a worm or virus
which infects the target computer data or program
through the actions of an innocent agent.
This offence extends to impairment of data on computer disks
and other data storage devices, where that disk or other storage
device is held in a computer or is otherwise accessible by a
computer.
New section 247D makes it an offence for a person to cause any
unauthorised impairment of electronic communication to or from
a computer. The person must know that the impairment is
unauthorised, and must intend to impair electronic
communication or be reckless as to any such impairment.
This is an indictable offence punishable by a maximum penalty
of 10 years' imprisonment.
The offence covers situations such as "denial of service attacks",
where an email address or web site is inundated with a large
volume of unwanted messages thus overloading the computer
system and disrupting, impeding or preventing its functioning.
New section 247E(1) makes it an offence for a person to possess
or control data with the intention of committing a serious
computer offence or facilitating the commission of a serious
computer offence (whether by that person or another person).
This is an indictable offence punishable by a maximum penalty
of 3 years' imprisonment.
New section 247E(2) provides that a reference to a person having
possession or control of data includes a reference to a person--
· having possession of a computer or data storage device
that holds or contains the data; and
6
· having possession of a document in which the data is
recorded; and
· having control of data held in a computer that is in the
possession of another person (whether the computer is
in Victoria or outside Victoria).
New section 247E(3) provides that a person may be found guilty
of an offence against section 247E(1) even if committing the
serious computer offence is impossible.
New section 247E(4) provides that it is not an offence to attempt
to commit an offence against this section.
This offence is akin to offences such as "going equipped for
stealing". For example, a person may commit the offence if they
possess a program which would enable him or her to launch a
"denial of service attack" against a computer system and they
intend to use the program for that purpose.
Possession of data will include possession of tangible items such
as a computer disk. However, possession will not include mere
knowledge or information such as a password, unless it is
recorded in some tangible form. The reference to control of data
extends the application of the offence to people who have access
to data without physical possession. However, control of data,
unlike mere access to data, requires that there is control of that
data because of some exclusivity of access. For example, a
person may not have control of data if it is in the public domain.
New section 247F(1) makes it an offence for a person to produce,
supply or obtain data with the intention of committing a serious
computer offence or facilitating a serious computer offence
(whether by that person or another person).
This is an indictable offence punishable by a maximum penalty
of 3 years' imprisonment.
New section 247F(2) provides that for the purposes of
section 247F, a reference to a person producing, supplying or
obtaining data includes a reference to the person--
· producing, supplying or obtaining data held in a
computer or contained in a data storage device; and
· producing, supplying or obtaining a document in which
the data is recorded.
New section 247F(3) provides that a person may be guilty of an
offence against the section even if committing the serious offence
is impossible.
7
The offence covers situations such as where a person devises,
propagates or publishes computer programs which are intended
for use in the commission of a serious computer offence, as
defined in new section 247A.
New section 247G(1) makes it an offence for a person to cause
unauthorised access to, or modification of, restricted data held in
a computer. The person must know that the access or
modification is unauthorised and must intend to cause the access
or modification.
This is a summary offence punishable by a maximum penalty of
2 years' imprisonment.
New section 247G(3) defines "restricted data" as meaning data
held in a computer to which access is restricted by an access
control system associated with a function of the computer.
For example, a person may commit an offence if he or she by-
passed an access control system, such as a password or other
security feature.
Since the offence is limited to restricted data, the offence will not
apply to innocuous conduct such as using another person's
computer game without permission, provided that the computer
game is not restricted by an access control system.
New section 247H(1) makes it an offence for a person to cause
any unauthorised impairment of the reliability, security or
operation of data held on a computer disk, credit card or other
device used to store data by electronic means. The person must
know that the impairment is unauthorised and must intend to
cause the impairment.
This is a summary offence punishable by a maximum penalty of
2 years' imprisonment.
This offence is a less serious version of the offence of
unauthorised modification of data to cause impairment in
new section 247C. This offence applies to data stored
electronically on disks, credit cards or other devices used to
store data by electronic means (for example tokens or tickets).
New section 247H is designed to cover impairment of data
caused, for example, by physical attack.
New section 247H(3) provides that for the purposes of
section 247H impairment of the reliability, security or operation
of data is unauthorised if the person is not entitled to cause the
impairment.
8
New section 247I(1) provides that it is immaterial that some or
all of the conduct constituting an offence against Subdivision (6)
occurred outside Victoria, so long as the computer or device used
to store data by electronic means affected by the conduct was in
Victoria at the time at which the conduct occurred.
New section 247I(2) provides that it is immaterial that the
computer or device used to store data by electronic means
affected by some or all of the conduct constituting an offence
against Subdivision (6) was outside Victoria at the time the
conduct occurred, so long as that conduct occurred in Victoria.
This means that the offences in Subdivision (6) will apply not
only to crimes committed wholly within Victoria, but also in
appropriate cases where either some of the conduct which
comprises the offence occurs outside Victoria or the target
computer or device used to store data by electronic means that is
harmed is located outside Victoria.
Clause 6 inserts a new Subdivision (7) in Division 3 of Part I of the
Principal Act (new sections 247J-247L).
New Subdivision (7) in Division 3 creates two new sabotage
offences based on the model sabotage offences in Chapter 4 of
the Model Criminal Code Officers Committee Report titled
"Damage and Computer Offences", published in January 2001.
New section 247J defines the terms "property offence", "public
facility", "unauthorised computer function" and "damage" used in
Subdivision (7).
The term "property offence" means--
· an offence in Subdivision (1) of Division 3 (Criminal
Damage to Property) or Division 4 (Contamination of
Goods) of Part I of the Principal Act; or
· conduct in another jurisdiction that is an offence in that
jurisdiction and that would constitute an offence against
Subdivision (1) of Division 3 or Division 4 of Part I of
the Principal Act if the conduct occurred in Victoria.
The term "public facility" means (whether publicly or privately
owned)--
· a government facility, including premises used by
government employees in connection with official
duties;
9
· a public infrastructure facility, including a facility
providing or distributing water, sewerage, energy, fuel,
communication or other services to, or for the benefit
of, the public;
· a public information system, including a system used to
generate, send, receive, store or otherwise process
electronic communications;
· a public transport facility, including a conveyance used
to transport people or goods; or
· a public place, including any premises, land or water
open to the public.
The term "unauthorised computer function" has the same
meaning as in new Subdivision (6) of Division 3 of Part I of the
Principal Act.
The term "damage" in relation to a public facility means causing
damage to the facility or any part of the facility or causing
disruption to the use or operation of the facility.
New section 247J(3) provides that a person causes damage or
disruption for the purposes of Subdivision (7), if the person's
conduct substantially contributes to the damage or disruption.
New section 247K(1) makes it an offence for a person to damage
a public facility by committing a property offence or by causing
an unauthorised computer function with the intention of
causing--
· major disruption to government functions; or
· major disruption to the use of services by the public; or
· major economic loss.
This is an indictable offence punishable by a maximum penalty
of 25 years' imprisonment.
It is necessary that a person has an intention to cause major
disruption or major economic loss. Where there is an absence of
intention to cause major disruption or economic loss, other
offences under the Principal Act such as damaging or destroying
property may apply.
10
New section 247L(1) makes it an offence for a person to make to
another person a threat to damage a public facility by committing
a property offence or by causing an unauthorised computer
function. The person who makes the threat must intend the other
person to fear that the threat will be carried out and will cause--
· major disruption to government functions; or
· major disruption to the use of services by the public; or
· major economic loss.
This is an indictable offence punishable by a maximum penalty
of 15 years' imprisonment.
New section 247L(2) provides that the prosecution is not required
to prove that the person threatened actually feared that the threat
would be carried out.
New section 247L(3) provides that for the purposes of
section 247L a threat may be made by any conduct and may be
explicit or implicit and conditional or unconditional. A threat to
a person includes a threat to a group of persons and fear that a
threat will be carried out includes apprehension that it will be
carried out.
Clause 7 inserts new sections 428 and 429 into the Principal Act.
New section 428 provides alternative verdicts for charges of
unauthorised modification of data to cause impairment under new
section 247C.
The alternative verdicts are the offences of destroying or
damaging property under section 197(1) of the Principal Act and
the offence of unauthorised impairment of electronic
communications under new section 247D. Both of these offences
provide for a maximum penalty of 10 years' imprisonment.
New section 429 provides alternative verdicts for charges of
unauthorised impairment of electronic communication under new
section 247D.
The alternative verdicts are the offences of destroying or
damaging property under section 197(1) of the Principal Act and
the offence of unauthorised modification of data to cause
impairment under new section 247C. Both of these offences
provide for a maximum penalty of 10 years' imprisonment.
11
Clause 8 makes a consequential amendment to the Principal Act.
The amendment provides that the new offences under new
section 201A (intentionally or recklessly causing a bushfire), new
section 247K (sabotage) and new section 247L (threats to
sabotage) are forensic sample offences for the purposes of the
Principal Act.
Clause 9 inserts a transitional provision into the Principal Act.
New section 597 provides that the amendments made to the
Principal Act by this proposed Act apply only to offences alleged
to have been committed on or after the commencement of this
proposed Act.
Further, where an offence is alleged to have been committed
between two dates, one before and one after the commencement
of this proposed Act, then the offence is alleged to have been
committed before that commencement.
PART 3--AMENDMENTS TO THE BAIL ACT 1977 AND
OTHER CONSEQUENTIAL AMENDMENTS
Clause 10 amends section 4(4) of the Bail Act 1977. The amendment
inserts the offence of arson causing death under section 197A of
the Principal Act into section 4(4) of the Bail Act 1977. As a
result, a court will be required to refuse bail where an accused is
charged with arson causing death, unless the person can "show
cause" as to why bail should be granted.
Clause 11 inserts a transitional provision, new section 34(5), into the Bail
Act 1977. New section 34(5) provides that the amendments
made to Bail Act 1977 by this proposed Act apply only to a
charge for an offence filed on or after the commencement of this
proposed Act.
Clause 12 makes a consequential amendment to the Magistrates' Court
Act 1989. The amendment inserts new item 37A into Schedule 4
to the Magistrates' Court Act 1989, to provide that the
following offences under the new sections inserted by this
proposed Act are indictable offences which may be heard and
determined summarily--
· section 247B of the Principal Act (unauthorised access,
modification or impairment with intent to commit
serious offence) where the maximum penalty does not
exceed level 5 imprisonment; and
· section 247E of the Principal Act (possession of data
with intent to commit serious computer offence); and
12
· section 247F of the Principal Act (producing, supplying
or obtaining data with intent to commit serious
computer offence).
Clause 13 makes a consequential amendment to the Sentencing Act 1991.
The amendment inserts the offence under new section 201A of
the Principal Act (intentionally or recklessly causing a bushfire)
as an offence for which a person may be sentenced under the
Sentencing Act 1991 as a serious offender.
Clause 14 inserts a transitional provision, new section 127, into the
Sentencing Act 1991. New section 127 provides that
amendments made to the Sentencing Act 1991 by this proposed
Act apply only to offences alleged to have been committed on or
after the commencement of this proposed Act.
Further, where an offence is alleged to have been committed
between two dates, one before and one after the commencement
of this proposed Act, then the offence is alleged to have been
committed before that commencement.
Clause 15 repeals section 9A of the Summary Offences Act 1966.
Section 9A prohibits gaining access to, or entering, a computer
system or part of a computer system without lawful authority.
Section 9A is outdated and does not adequately cover new
opportunities and avenues for the commission of computer crime.
Section 9A will be replaced by the new computer offences
inserted by this proposed Act into the Principal Act.
13