<i>Chris Barton:</i> Legislators' broom sweeps all to clink

By CHRIS BARTON

Our politicians will debate the Crimes Amendment (No 6) bill soon. It's almost certain they will let this piece of flawed legislation pass into law without a second thought - mainly because most of them won't have a clue what it's on about.

That's because a significant part covers computer crime and, judging by the shoddy work done on the bill, it's clear most politicians don't use computers or the internet much.

Two changes hurriedly slipped in by the law and order select committee hearing submissions on the legislation are the latest nonsense (www.isocnz.org.nz/issues/crimes-amend-bill-6/index.htm)

The first says: "Everyone is liable to imprisonment for a term not exceeding seven years who intentionally or recklessly and without authority causes a computer system to (i) fail; or (ii) deny service to any authorised users."

It doesn't take a legal genius to figure out this definition is far too broad. The aim is to stop something called denial of service attacks.

That's a situation where hackers organise a bunch of computers on the net to bombard other computers - such as those running a website or an internet provider - with streams of spurious data, thereby bringing the service to a halt.

But with this wording anyone is a target. I can't begin to count the number of times my computer has failed without my authority over the years.

Often it's been because the software has been badly - even recklessly - coded with bugs. The manufacturer then releases a patch and life returns to normal again, until the next time. But with this law I reckon I would have a good case for sending some software manufacturers to prison.

Then there are viruses. Some people recklessly send me these - without my authority and often without even knowing they have. It's reckless because they should have the latest anti-virus software and be more careful.

Come to think of it, so should my internet provider. After all, they're the experts providing me with internet service. When they recklessly let a virus through their system and on to mine, they're also causing my system to fail and in the process deny me service. So it's off to the clink for them, too.

The next new computer crime is even sillier. It says: "Every one is liable to imprisonment for a term not exceeding 2 years who - (a) has in his or her possession any software or other information that would enable him or her to access a computer system without authorisation; and (b) intends to use that software or other information to commit a crime."

This dreadful clause curtails a fundamental democratic right - freedom of information. Note the phrase "software or other information". That means if, for example, you run a website with information about how to pick a lock, then you're headed for the lockup as well.

You may be showing that information because there are occasions when you need to do this - like when you get locked out of your house or car.

The same goes for web-based information about hacking software - knowledge that may be useful to have in order to better protect oneself against hackers.

Of course, it all comes down to intent. But the way this law is drafted means if you happen to have hacking software or information in your possession, bad intent can't be far away.

Just about any software - e-mail, browsers, html or java code on a web page, could be used to access a computer system and commit a crime such as fraud. Are we to feel guilty simply because they're in our possession?

Software has other problems, too. What, for example, is the difference between PC Anywhere and Back Orifice? Both provide remote access to other computers, and both can be used for good and bad intent.

But one is written by a reputable software manufacturer called Symantec and the other by an infamous hacking group called Cult of the Dead Cow.

Then there are MP3 players and related software which provide access to computer systems to play downloaded MP3 songs which may breach copyright. If you've got songs and a player on your computer, then you have a pretty strong intent to play them. Better stop now before you're behind bars.

This legislation is born out of hysteria - a need to rush out and create new categories of crimes just because they happen on a computer. They've been around for yonks - fraud, wilful damage, forgery, trespass and so on.

It's possible some of our laws covering these age-old crimes may need a little updating. But even that's not necessarily true.

In a judgment on a hacking case brought before the Court of Appeal, Justice Noel Anderson referred to the concept that a law should be construed "as always speaking".

He quoted Lord Hoffman in Birmingham City Council v Oakley: "When a statute employs a concept which may change in content with advancing knowledge, technology or social standards, it should be interpreted as it would be currently understood."



There have been long and loud calls, primarily from the Law Commission, to say existing laws are inadequate to cope with crimes of the electronic kind. But looking at the results of two defended hacking cases - Borislav Misic in July 1999 and last week Andrew Garrett, both of whom were convicted - it would seem our existing laws are working just fine.

Tighten existing laws to incorporate the electronic world where necessary, but send this piece of legislation to where it belongs - the rubbish bin.

* chris_barton@nzherald.co.nz