The long hand of the law struggles with cyberspace

Legislation is coming to terms with the fast-changing world of computers and crime, as PETER GRIFFIN explains.

Even if it was significant for nothing else, Andrew Garrett's case showed that New Zealand's absence of anti-hacking legislation did not leave criminals operating in cyberspace immune from the dusty laws of the Crimes Act.

The case also suggested that advocates of new laws specifically relating to computer crimes may have been overstating their case.

Judge David Harvey's ruling in June that a computer program and password could be classed as documents in the Garrett case effectively cleared the way for Garrett to be tried under laws created long before programs such as Back Orifice were conceived.

That decision was largely influenced by the case of phone "phreaker" Borislav Misic, who earlier this year lost a Court of Appeal bid to overturn convictions that rested on a computer disk being classed as a document.

Crown prosecutor in the Garrett case Helen Gilbert said the Misic case made it clear that "the law will adapt to developments in technology", but she said the Crimes Act was certainly not applicable to the full range of computer crimes and, therefore, changes were necessary.

"The law is somewhat grey in relation to hacking in the pure sense, for example where the hacker is not using a program to carry out the hacking."

The Crimes Amendment Bill, legislation soon to go before Parliament that would introduce crimes specifically relating to computer misuse, may make things clearer.

Similar legislation has been rushed through in other countries, but some of the changes proposed in the Crimes Amendment Bill have been attacked as being too broad-ranging.

InternetNZ, a non-profit body focused on the development of the internet, last week pinpointed two proposed changes that could prove more trouble than they are worth. InternetNZ councillor Rick Shera says the group is all in favour of criminalising the types of denial-of-service attacks that have brought internet providers to their knees around the world, but the proposed legislation goes too far.

He says internet service providers may have legitimate reasons to deny service to customers, which new legislation needs to account for.

"There needs to be some element of intentional damage introduced so that at the very least, it doesn't outlaw activities that are necessary to prevent an attack."

A second area of concern centres on legislation that would make it illegal for people to possess software able to be used to gain access to other computers without authorisation. Again, this is overbearing, says InternetNZ, as such software may be used to try to prevent hacking.

The controversial bill is also seen by some as a means for the Government to give government agencies and the police stronger powers in cyberspace.

Privacy Commissioner Bruce Slane, in particular, objected to Supplementary Order Paper No. 85, a paper included in the Crimes Amendment Bill. It allows for specific amendments to the laws on interception of private communications that would make hacking and computer snooping illegal, except when carried out by police, the SIS (Security Intelligence Service) or the GCSB (Government Communications Security Bureau).

InternetNZ wants the legislation sent back to the select committee for these two points of contention to be tweaked.

That would probably push back the introduction of anti-hacking legislation well into next year, but may make more sense in the long-run.