Criminal Code Act 1995 (Australia, unsourced)/Chapter 10/10.7
Part 10.7—Computer offences
[edit]Division 476—Preliminary
476.1 Definitions
(1) In this Part:
access to data held in a computer means:
(a) the display of the data by the computer or any other output of the data from the computer; or
(b) the copying or moving of the data to any other place in the computer or to a data storage device; or
(c) in the case of a program—the execution of the program.
Commonwealth computer means a computer owned, leased or operated by a Commonwealth entity.
electronic communication means a communication of information in any form by means of guided or unguided electromagnetic energy.
impairment of electronic communication to or from a computer includes:
(a) the prevention of any such communication; or
(b) the impairment of any such communication on an electronic link or network used by the computer;
but does not include a mere interception of any such communication.
modification, in respect of data held in a computer, means:
(a) the alteration or removal of the data; or
(b) an addition to the data.
unauthorised access, modification or impairment has the meaning given in section 476.2.
(2) In this Part, a reference to:
(a) access to data held in a computer; or
(b) modification of data held in a computer; or
(c) the impairment of electronic communication to or from a computer;
is limited to such access, modification or impairment caused, whether directly or indirectly, by the execution of a function of a computer.
476.2 Meaning of unauthorised access, modification or impairment
(1) In this Part:
(a) access to data held in a computer; or
(b) modification of data held in a computer; or
(c) the impairment of electronic communication to or from a computer; or
(d) the impairment of the reliability, security or operation of any data held on a computer disk, credit card or other device used to store data by electronic means;
by a person is unauthorised if the person is not entitled to cause that access, modification or impairment.
(2) Any such access, modification or impairment caused by the person is not unauthorised merely because he or she has an ulterior purpose for causing it.
(3) For the purposes of an offence under this Part, a person causes any such unauthorised access, modification or impairment if the person’s conduct substantially contributes to it.
(4) For the purposes of subsection (1), if:
(a) a person causes any access, modification or impairment of a kind mentioned in that subsection; and
(b) the person does so:
(i) under a warrant issued under the law of the Commonwealth, a State or a Territory; or
(ii) under an emergency authorisation given to the person under Part 3 of the Surveillance Devices Act 2004 or under a law of a State or Territory that makes provision to similar effect; or
(iii) under a tracking device authorisation given to the person under section 39 of that Act;
the person is entitled to cause that access, modification or impairment.
476.3 Geographical jurisdiction
Section 15.1 (extended geographical jurisdiction—Category A) applies to offences under this Part.
476.4 Saving of other laws
(1) This Part is not intended to exclude or limit the operation of any other law of the Commonwealth, a State or a Territory.
(2) Subsection (1) has effect subject to section 476.5.
476.5 Liability for certain acts
(1) A staff member or agent of ASIS or DSD (the agency) is not subject to any civil or criminal liability for any computer‑related act done outside Australia if the act is done in the proper performance of a function of the agency.
(2) A person is not subject to any civil or criminal liability for any act done inside Australia if:
(a) the act is preparatory to, in support of, or otherwise directly connected with, overseas activities of the agency concerned; and
(b) the act:
(i) taken together with a computer‑related act, event, circumstance or result that took place, or was intended to take place, outside Australia, could amount to an offence; but
(ii) in the absence of that computer‑related act, event, circumstance or result, would not amount to an offence; and
(c) the act is done in the proper performance of a function of the agency.
(2A) Subsection (2) is not intended to permit any act in relation to premises, persons, computers, things, or carriage services in Australia, being:
(a) an act that ASIO could not do without a Minister authorising it by warrant issued under Division 2 of Part III of the Australian Security Intelligence Organisation Act 1979 or under Part III of the Telecommunications (Interception) Act 1979; or
(b) an act to obtain information that ASIO could not obtain other than in accordance with section 283 of the Telecommunications Act 1997.
(2B) The Inspector‑General of Intelligence and Security may give a certificate in writing certifying any fact relevant to the question of whether an act was done in the proper performance of a function of an agency.
(2C) In any proceedings, a certificate given under subsection (2B) is prima facie evidence of the facts certified.
(3) In this section:
ASIS means the Australian Secret Intelligence Service.
civil or criminal liability means any civil or criminal liability (whether under this Part, under another law or otherwise).
computer‑related act, event, circumstance or result means an act, event, circumstance or result involving:
(a) the reliability, security or operation of a computer; or
(b) access to, or modification of, data held in a computer or on a data storage device; or
(c) electronic communication to or from a computer; or
(d) the reliability, security or operation of any data held in or on a computer, computer disk, credit card, or other data storage device; or
(e) possession or control of data held in a computer or on a data storage device; or
(f) producing, supplying or obtaining data held in a computer or on a data storage device.
DSD means that part of the Department of Defence known as the Defence Signals Directorate.
staff member means:
(a) in relation to ASIS—the Director‑General of ASIS or a member of the staff of ASIS (whether an employee of ASIS, a consultant to ASIS, or a person who is made available by another Commonwealth or State authority or other person to perform services for ASIS); and
(b) in relation to DSD—the Director of DSD or a member of the staff of DSD (whether an employee of DSD, a consultant to DSD, or a person who is made available by another Commonwealth or State authority or other person to perform services for DSD).
Division 477—Serious computer offences
477.1 Unauthorised access, modification or impairment with intent to commit a serious offence
Intention to commit a serious Commonwealth, State or Territory offence
(1) A person is guilty of an offence if:
(a) the person causes:
(i) any unauthorised access to data held in a computer; or
(ii) any unauthorised modification of data held in a computer; or
(iii) any unauthorised impairment of electronic communication to or from a computer; and
(b) the unauthorised access, modification or impairment is caused by means of a carriage service; and
(c) the person knows the access, modification or impairment is unauthorised; and
(d) the person intends to commit, or facilitate the commission of, a serious offence against a law of the Commonwealth, a State or a Territory (whether by that person or another person) by the access, modification or impairment.
(2) Absolute liability applies to paragraph (1)(b).
(3) In a prosecution for an offence against subsection (1), it is not necessary to prove that the defendant knew that the offence was:
(a) an offence against a law of the Commonwealth, a State or a Territory; or
(b) a serious offence.
Intention to commit a serious Commonwealth offence
(4) A person is guilty of an offence if:
(a) the person causes:
(i) any unauthorised access to data held in a computer; or
(ii) any unauthorised modification of data held in a computer; or
(iii) any unauthorised impairment of electronic communication to or from a computer; and
(b) the person knows the access, modification or impairment is unauthorised; and
(c) the person intends to commit, or facilitate the commission of, a serious offence against a law of the Commonwealth (whether by that person or another person) by the access, modification or impairment.
(5) In a prosecution for an offence against subsection (3), it is not necessary to prove that the defendant knew that the offence was:
(a) an offence against a law of the Commonwealth; or
(b) a serious offence.
Penalty
(6) A person who is guilty of an offence against this section is punishable, on conviction, by a penalty not exceeding the penalty applicable to the serious offence.
Impossibility
(7) A person may be found guilty of an offence against this section even if committing the serious offence is impossible.
No offence of attempt
(8) It is not an offence to attempt to commit an offence against this section.
Meaning of serious offence
(9) In this section:
serious offence means an offence that is punishable by imprisonment for life or a period of 5 or more years.
477.2 Unauthorised modification of data to cause impairment
(1) A person is guilty of an offence if:
(a) the person causes any unauthorised modification of data held in a computer; and
(b) the person knows the modification is unauthorised; and
(c) the person is reckless as to whether the modification impairs or will impair:
(i) access to that or any other data held in any computer; or
(ii) the reliability, security or operation, of any such data; and
(d) one or more of the following applies:
(i) the data that is modified is held in a Commonwealth computer;
(ii) the data that is modified is held on behalf of the Commonwealth in a computer;
(iii) the modification of the data is caused by means of a carriage service;
(iv) the modification of the data is caused by means of a Commonwealth computer;
(v) the modification of the data impairs access to, or the reliability, security or operation of, other data held in a Commonwealth computer;
(vi) the modification of the data impairs access to, or the reliability, security or operation of, other data held on behalf of the Commonwealth in a computer;
(vii) the modification of the data impairs access to, or the reliability, security or operation of, other data by means of a carriage service.
Penalty: 10 years imprisonment.
(2) Absolute liability applies to paragraph (1)(d).
(3) A person may be guilty of an offence against this section even if there is or will be no actual impairment to:
(a) access to data held in a computer; or
(b) the reliability, security or operation, of any such data.
(4) A conviction for an offence against this section is an alternative verdict to a charge for an offence against section 477.3 (unauthorised impairment of electronic communication).
477.3 Unauthorised impairment of electronic communication
(1) A person is guilty of an offence if:
(a) the person causes any unauthorised impairment of electronic communication to or from a computer; and
(b) the person knows that the impairment is unauthorised; and
(c) one or both of the following applies:
(i) the electronic communication is sent to or from the computer by means of a carriage service;
(ii) the electronic communication is sent to or from a Commonwealth computer.
Penalty: 10 years imprisonment.
(2) Absolute liability applies to paragraph (1)(c).
(3) A conviction for an offence against this section is an alternative verdict to a charge for an offence against section 477.2 (unauthorised modification of data to cause impairment).
Division 478—Other computer offences
478.1 Unauthorised access to, or modification of, restricted data
(1) A person is guilty of an offence if:
(a) the person causes any unauthorised access to, or modification of, restricted data; and
(b) the person intends to cause the access or modification; and
(c) the person knows that the access or modification is unauthorised; and
(d) one or more of the following applies:
(i) the restricted data is held in a Commonwealth computer;
(ii) the restricted data is held on behalf of the Commonwealth;
(iii) the access to, or modification of, the restricted data is caused by means of a carriage service.
Penalty: 2 years imprisonment.
(2) Absolute liability applies to paragraph (1)(d).
(3) In this section:
restricted data means data:
(a) held in a computer; and
(b) to which access is restricted by an access control system associated with a function of the computer.
478.2 Unauthorised impairment of data held on a computer disk etc.
(1) A person is guilty of an offence if:
(a) the person causes any unauthorised impairment of the reliability, security or operation of data held on:
(i) a computer disk; or
(ii) a credit card; or
(iii) another device used to store data by electronic means; and
(b) the person intends to cause the impairment; and
(c) the person knows that the impairment is unauthorised; and
(d) the computer disk, credit card or other device is owned or leased by a Commonwealth entity.
Penalty: 2 years imprisonment.
(2) Absolute liability applies to paragraph (1)(d).
478.3 Possession or control of data with intent to commit a computer offence
(1) A person is guilty of an offence if:
(a) the person has possession or control of data; and
(b) the person has that possession or control with the intention that the data be used, by the person or another person, in:
(i) committing an offence against Division 477; or
(ii) facilitating the commission of such an offence.
Penalty: 3 years imprisonment.
(2) A person may be found guilty of an offence against this section even if committing the offence against Division 477 is impossible.
No offence of attempt
(3) It is not an offence to attempt to commit an offence against this section.
Meaning of possession or control of data
(4) In this section, a reference to a person having possession or control of data includes a reference to the person:
(a) having possession of a computer or data storage device that holds or contains the data; or
(b) having possession of a document in which the data is recorded; or
(c) having control of data held in a computer that is in the possession of another person (whether inside or outside Australia).
478.4 Producing, supplying or obtaining data with intent to commit a computer offence
(1) A person is guilty of an offence if:
(a) the person produces, supplies or obtains data; and
(b) the person does so with the intention that the data be used, by the person or another person, in:
(i) committing an offence against Division 477; or
(ii) facilitating the commission of such an offence.
Penalty: 3 years imprisonment.
(2) A person may be found guilty of an offence against this section even if committing the offence against Division 477 is impossible.
No offence of attempt
(3) It is not an offence to attempt to commit an offence against this section.
Meaning of producing, supplying or obtaining data
(4) In this section, a reference to a person producing, supplying or obtaining data includes a reference to the person:
(a) producing, supplying or obtaining data held or contained in a computer or data storage device; or
(b) producing, supplying or obtaining a document in which the data is recorded.