A few points about the cybercrime legislation:
1. It's difficult to establish intent if an offence has not actually been
committed. Computer crime differs from traditional crime in this respect. On
the other hand, possession of certain code, books, or tools could easily be
accepted by uninformed juries or judges as constituting intent and I predict
that is the way this part of the legislation will play out.
2. If no offence has actually been committed, how on earth would anyone have
grounds to believe someone has intent, given that computer crime does not
require proximity or changes in visible appearance? "Hello Inspector, this
is Tim from the bank again. I was just looking through the phone book and
I'm absolutely certain this chap at such and such address intends to attack
our systems. Be a good chap and raid his premises."
3. One part of the so-called "computer security industry" will do quite well
out of this legislation. This is the big accounting firms who perform the
analysis of equipment for the police, at exorbitant fees. Indeed, the
requirement that equipment be removed for lengthy periods is precisely to
benefit these firms.
4. The so-called harmonising of legislation exposes Australian citizens -
you and I - to judgements and investigations of foreign nations. If that
sends a chill down your back, it should. Just think of your favorite
nut-case nation here. It also holds that Australian citizens working
overseas, and perhaps abiding by the laws of that country, can be held to be
offending the Australian cybercrime legislation. This could catch someone
working at a company in the US, or Vietnam, and doing what his or her
colleagues are doing, and what he or might be required to do as part of his
or her employment.
There are more.
Regards, Tony Healy
--------
"If this code works, it was written by Paul DiLascia. If not, I don't know
who wrote it." Paul DiLascia in Microsoft Systems Journal, November 1999
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:05 EST