Personal tools
You are here: Home InternetNZ Activity Submissions Archive Older Crimes Bill Supplementary Order
 

Supplementary Order

Crimes Amendment Bill (No 6) and Supplementary Order Paper No 85

Government Bill

As reported from the Law and Order Committee

Commentary

Recommendation

The Law and Order Committee has examined the Crimes Amendment Bill (No 6) and Supplementary Order Paper No 85 and recommends that the bill be passed with the amendments shown.

Decision to divide the Crimes Amendment Bill (No 6)

Last year we made the decision to divide the Crimes Amendment Bill (No 6) (the bill). We were able to do this because the bill dealt with two issues that could be addressed separately. The first was the active bribery of foreign public officials. On 29 November 2000 we reported back these provisions (clauses 9 to 14, 25 and 26, Schedule 1, and the item in Schedule 2 relating to the Extradition Act 1999) to the House in the Crimes (Bribery of Foreign Public Officials) Amendment Bill. We retained, for further consideration, Supplementary Order Paper No 85 (the SOP), and the remainder of the bill, which deals with the second issue of crimes against property.

Layout of the commentary and changes to numbering in the bill

The layout of the commentary follows the major issues that were addressed in considering the bill and the SOP. As two-thirds of submissions relate directly to the SOP we have addressed these issues first. The key concern for many of these submitters is whether the SOP strikes an appropriate balance between individual privacy and the interests of the State in detecting crime and ensuring security.

A number of amendments have been recommended to both the bill and the SOP, particularly clause 19, which inserts a number of new sections. The proposed new sections are numbered using a three-digit number and at least three letters of the alphabet (for example, new section 305ZFC). We have renumbered these proposed provisions to make them easier to identify and refer to. Although there are a large number of changes many of these are not significant and are a result of the renumbering.

Main amendments of the SOP

The SOP contains two main amendments:

Clause 19 introduces a new computer offence of intentionally accessing a computer system without authorisation; commonly known as "hacking" (new section 305ZFA) (the unauthorised access offence). However, the offence will not apply to everyone because clause 19 provides qualified exemptions for the following State agencies:

  1. the New Zealand Security Intelligence Service (the SIS) (new section 305ZFB)
  2. the Government Communications Security Bureau (the GCSB) (new section 305ZFC)
  3. "law enforcement agencies", such as the police (new section 305ZFD).

It amends the three existing interception offences in Part IXA of the Crimes Act 1961 (the Act) and provisions relating to police interception warrants in Part XIA of the Act. It largely does this by:

  1. amending the definition of "private communication" to extend it to e-mail, faxes, pagers etc, and not just oral communication as is presently the case
  2. amending the term "listening device" to "interception device" and amending the definition of "intercept" to recognise the broad range of technology that might be used to facilitate an interception of a private communication.

Significant privacy concerns raised by the SOP

Despite general support for the addition of the new unauthorised access offence, some submitters consider that other provisions in the SOP raise significant privacy concerns. Specifically, their concerns relate to the:

inclusion of qualified exemptions for State agencies from the unauthorised access offence, and the belief that there are insufficient safeguards or controls on these agencies to warrant these exemptions being granted

proposed changes to the definitions of "private communication" and "interception device", and the effect this has on the scope of authorised interceptions by agencies such as the police and the GCSB.

Privacy issues raised by exemptions for the SIS, GCSB and the police

Some submitters raise general concerns about whether the SIS is an appropriate entity to have an exemption. They do not consider that the warrant procedure for the SIS, as outlined in the New Zealand Security Intelligence Service Act 1969 (the SIS Act), is a sufficiently transparent process.

The Privacy Commissioner, in his 1998 review of the Privacy Act 1993, also asserts that the SIS should be subject to additional privacy principles within that Act.

We consider the SOP preserves, but does not expand, the current powers of the SIS. The SIS will only be able to access communications when acting under a warrant pursuant to the SIS Act. We consider this procedure is sufficiently robust to maintain the integrity of any warrants obtained. Without an exemption, the ability of the SIS to perform its functions will be compromised. We recommend that the exemption provided in new clause 19, proposed new section 254, be retained.

We note that Principles 6 and 7 of the Privacy Act 1993 (Acces.s to personal information, Correction of personal information) already apply, and it is current SIS policy to comply with Principle 9 (Agency not to keep personal information for longer than necessary). We recommend no change to the bill in this regard.

Some submitters do not consider that the GCSB should be exempt, for the following reasons:

  • unlike the police and the SIS, the GCSB currently has no statutory basis
  • there are inadequate safeguards regarding the process by which the GCSB obtains authorisation to conduct the collection of foreign intelligence.

Bill provides interim measures until the passage of the GCSB Bill

We note that the Government Communications Security Bureau Bill (the GCSB Bill) was introduced on 1 May 2001 and is currently before the Intelligence and Security Committee, which is due to report to the House by 7 November 2001. That bill includes provisions on the authorisation process, the requirement to provide annual reports, and the oversight of interception warrants and computer access authorisations by the Inspector-General of Intelligence and Security.

We recommend that the exemption for the GCSB be retained, because if the exemption in this bill is delayed until the GCSB Bill is enacted, the GCSB will be unable to intercept any private communications in the interim, which will make it ineffective, and pose a security risk to the country.

We consider the following amendments will increase the level of transparency and safeguards related to the exercise of the GCSB's interception operations, and will also serve as interim measures between the enactment of this bill and the GCSB Bill. Therefore, we recommend inserting the following authorisation requirements in new clause 19, proposed new section 255:

  • a written authorisation process
  • limitations to the term of an authorisation to no more than 12 months (subject to a right of renewal)
  • irrelevant records must be destroyed.

Aligning the exemption in clause 16B with the exemption in clause 19, new section 305ZF0

We note that in exercising its functions in relation to intercepting "private communications" the GCSB could, arguably, also be accessing a computer system. This is because the definition of "computer system" includes "any communication links between computers". The inclusion of the term "communication links" could mean that in carrying out its interception functions the GCSB may also require an authorisation for computer access for each intercepted communication, under the unauthorised access offence.

Therefore, we consider a new subsection should be added in new clause 19, proposed new section 255(4), which provides the GCSB with an exemption from the unauthorised access offence to align it with its exemption from the interception offence in clause 16B. This ensures that the GCSB is not at risk of conmiitting the computer access offence when carrying out its interception operations, and would have the same authorisation procedure for the same activity. We recommend that new clause 19, proposed new section 255, be amended to include an exemption for an employee of the GCSB when accessing communications links between computers for purposes of foreign intelligence gathering.

The exemption for law enforcement agencies

Some submitters express particular concern about the exemption for law enforcement agencies (clause 19, new section 305ZFD) for two main reasons. They consider that:

  • the section will allow law enforcement agencies (particularly the police) to conduct remote access computer searches
  • the use of the term "other legal authority" makes it unclear which law enforcement agencies are intended to be exempt from the offence.

Remote searches of computer systems by the police

The Privacy Commissioner is very concerned that clause 19, new section 305ZFD, will allow law enforcement agencies, particularly the police, to conduct remote searches of computer systems. A remote search is one where the search is carried out without physical entry onto the premises where the target computer is located.

There is also conjecture about whether current police powers of search (section 198 of the Summary Proceedings Act 1957) include the power to conduct remote searches. The Privacy Commissioner suggests that clause 19, new section 305ZFD, be redrafted to specifically exclude the power to conduct remote searches under warrant.

We do not consider the bill provides the police with additional powers but acts to preserve existing ones. This clause assists in the interpretation of the concept of "authorisation" in clause 19, new section 305ZFA, by putting it beyond doubt that law enforcement agency accessing of a computer system pursuant to existing statutory and common law powers is not unauthorised access.

We note there is some debate about whether the current law allows the police to conduct remote searches. However, we do not believe the bill is the appropriate vehicle to extend or restrict police search powers. We consider that the current review being undertaken by the Law Commission into police search powers (including consideration of new technology and related privacy concerns) is more appropriate.

Definition of "other legal authority"

We note that not all law enforcement agencies' powers of search or inspection stem from statutory authority but may also arise from the common law; for example, the power of a police constable to search incidental to an arrest. (1) However, we agree with some submitters that clause 19, new section 305ZFD, is unclear about the scope of the exemption and which agencies are intended to be covered by it.

We consider that the exemption should be explicitly defined so that if law enforcement agencies access a computer system under a search or interception warrant, or under the authority of any other Act or rule of the common law, then they are exempt from the unauthorised access offence. This is to ensure that when law enforcement agencies exercise their powers of search or inspection they are not committing the unauthorised access offence. Therefore, we recommend that clause 19, new section 305ZFD, be deleted, and that new clause 19, proposed new section 253(3), be inserted accordingly.

Changes to the type of communications that can be intercepted

At present, the interception offence in the Act applies only to private oral communications. (2) The SOP extends the definition of "private communication" so that other forms of private communication are captured by the offence. The term "listening device" is replaced with the term "interception device" to reflect the new types of communications that can be intercepted. The SOP also amends the list of entities under the Act exempt from the interception offence, including exemptions for the GCSB and communications providers.

A number of submitters raise concerns about these exemptions as well as the retention of the power for types of interception devices to be exempted from the offence by Order in Council. Some submitters also raise concerns about the timing of when an interception can occur.

Exemption from the interception offence for the GCSB

Under clause l6B(5), the GCSB is exempt from the offence in section 21 6B of the Act that prohibits the use of listening devices to intercept private communications. This in effect preserves the existing exemption held by the GCSB for its Waihopai site, (3) and extends the exemption to cover all interception devices operated by the GCSB. This means that the exemption is no longer site specific.

Several submitters register concern about this exemption on the grounds that:

  • the GCSB does not have a statutory basis (discussed above)
  • the scope of communications the GCSB can lawfully seek to access or intercept is unclear and too broad, because of the descriptions of the terms "foreign organisation", "foreign person", and "foreign intelligence".

Formatter's note: The end two sentences of the next paragraph were not clear from the material received. I have ebndevoured to make sense of what I received. - ends.

We consider the exemption in clause 16B(5) is necessary in order to preserve the existing foreign intelligence collection capabilities, for which no warrant is required. Placing the exemption in the statute will increase public transparency in relation to the Waihopai facility and, by extending the exemption to the other sites operated by the [GCSB], the Waihopai site is exempt from the offence of using a listening device. GCSB will avoid the risk that they may have to cease operations in order to avoid committing an offence.

We recognise there is concern about the specific scope of communications that the GCSB can collect as part of their lawful operations. We consider some of these concerns may be allayed by further clarifying the definition of "foreign organisation" for the purposes of the GSCB's foreign intelligence collection, This definition is consistent with the definition in the GCSB Bill. We recommend the definition in clause 16A be amended as follows:

"foreign organisation means -

  1. a Government of any country other than New Zealand; or
  2. an entity controlled by the Government of any country other than New Zealand; or
  3. a company or body corporate that is incorporated outside New Zealand; or
  4. a company within the meaning of the Companies Act 1993 that is, for the purposes of theCompanies Act 1993, a subsidiary of any company or body corporate incorporated outside New Zealand; or
  5. an unincorporated body of persons consisting exclusively of foreign organisations or foreign persons that carry on activities wholly outside New Zealand; or
  6. an international organisation; or
  7. a person acting in his or her capacity as an agent or a representative of any Government, body, or organisation referred to in any of paragraphs (a) to (f)".

Exemption from the interception offence for communications providers requires further safeguards (4)

Clause 16B(6) of the SOP provides an exemption for communications providers from the interception offence. It is similar to the existing exemption for telecommunications providers. Such an exemption is considered necessary because not all public communications providers are telecommunications operators. A number of submitters assert that if this exemption is to be retained then further safeguards should be included.

We agree with those submitters and recommend that the exemption proposed for communications service providers to the public, and the existing exemption for network operators, be amended to include a number of additional safeguards as follows:

  • the interception should be necessary for the purpose of maintaining the service (clause 16B(3) (amending subsection (2)(b)(ii) of section 216 of the Act) and clause 16B(5) (proposed new subsection (6)(c) of section 216B of the Act))
  • any information obtained while maintaining the service must only be used for the purpose of maintaining the communications service (clause 16B(5) (proposed new subsection .(7)(a) of section 21 6B of the Act))
  • such information must not be disclosed to anyone, except where permitted or required by law (clause l6B(5) (proposed new subsection (7)(b) of section 216B of the Act))
  • such information must be promptly destroyed when no longer needed for the purpose of maintaining the communications service (clause 16B(5) (proposed new subsection (7)(c) of section 216B of the Act))
  • any information held that was obtained while assisting with an execution of an interception warrant must be either destroyed immediately or given to the agency executing the warrant (clause 16B(5) (proposed new subsection (8) of section 2l6B of the Act)).

We also recommend the insertion of a new offence of unlawful disclosure (clause 1 6F (proposed new section 21 6F of the Act)). The offence would carry a penalty of a maximum of two years imprisonment, consistent with the three existing interception offences.

Exemption from the interception offence for the police

As the amendment to the definition of "private communication" and the amendments to the terms "intercept" and "interception device" will also apply to police interception warrants under Part XIA of the Act, some submitters again raise the issue of the adequacy of existing safeguards. The specific issues raised include that:

  • interception warrants should -
    1. be specific to one user
    2. define the dates between which electronic data can be collected
    3. specify the physical or electronic address at which searches will take place
  • an independent auditor should be given authority to scrutinise compliance with warrant conditions (as is provided for in Australia).

We note the statutory authority for police interception warrants is set out in Part XIA of the Act and Part H of the Misuse of Drugs Amendment Act 1978. To obtain an interception warrant a Commissioned Officer of Police must apply to a High Court judge, who must be satisfied that there are appropriate grounds to grant a warrant. (5) In addition, the judge must consider the extent to which the privacy of any person is likely to be compromised. Once issued, police interception warrants are only valid for up to 30 days. If the police want to extend this period they must apply to the High Court for an extension. On the expiry of the warrant they must also provide a report to the judge on the manner in which the warrant was executed and the results obtained.

We recommend that the existing exemption for the police from the interception offence be retained. The current procedure for the police to obtain an interception warrant is sufficiently robust to ensure the integrity of any warrants obtained. In our view, an independent audit of police compliance with warrant conditions is unnecessary, as that function is already being carried out by a High Court judge.

However, to further bolster current procedures we have recommended some additional amendments. First, we recommend that the term "facility" be defined in clause 21(3) to allay concerns that a single warrant could be used to specify multiple users. It should specify that "facility"refers to a specific electronic address, phone number or similar facility that enables communications to be sent to, or from, an identified individual.

We also recommend an amendment to clause 21M to require the police to report annually on:

  • the use of emergency powers to intercept under section 216B(3) of the Act
  • the number of interception warrants that do not result in any charges being laid within three months following the expiry of the warrant.

Limitation on exemption of "interception devices" by Order in Council

We consider that the power to exempt "interception devices" by Order in Council should be retained. Although it would be preferable for Parliament to authorise such exemptions, the rapid development of new technologies may necessitate an equally rapid need to exempt them from the Act by Order in Council. As a safeguard, we recommend the inclusion of new subsection (1A) in section 216 of the Act (clause 16A), which provides that this exemption should expire after two years from the order being made.

The definition of "intercept" should be clarified

The definition of "intercept" in new section 2 16(i) (particularly paragraph (b)) (clause 16A), is criticised by some submitters as it creates confusion about the point in time at which an "intercept" can take place. One submitter considers the definition restricts the time in which an intercept could be conducted and suggests that it should encompass the time from when the communication is on its way from the sender to the recipient.

We agree that confusion may result from the way that the term "intercept" has been defined. We recommend an amendment to clause 16A(l) (proposed new subsection (1) of section 216A of the Act) so that it is clear that in relation to private communications, "intercept" refers to interception either when a communication is taking place or while it is in transit.

Anticipated use of keyword monitoring and search techniques raises privacy issues

Some submitters are concerned that agencies exempt from the unauthorised access offence will be able to "keyword" search computer systems and communications between other systems. Keyword searching is where the person undertaking the interception or search uses a computer program to help find or monitor information by searching for particular target words. Keyword searching is viewed as being more invasive than other methods used to monitor postal mail or phone calls. It is seen as a gross invasion of privacy as it is indiscriminate as to the context in which words are used, leading to the scrutiny of many innocent e-mails, and a potential threat to the safety of political dissidents in countries where political opposition is not tolerated.

We carefully considered these concerns. However, we consider that the safeguards provided in the bill (such as the interim measures proposed for the GCSB), along with existing statutory safeguards (such as the explicit warrant requirements for the SIS and the police) are adequate to ensure that personal privacy is balanced appropriately with the rights of the State to protect its citizens. We recommend no changes to the bill in this regard.

Main aims of the bill

The main aim of the bill is to update the Act so that it can address current uncertainties in the application of existing offences to cornputer crime. It does this by:

  • repealing most of Part X of the Act (containing over 90 offences related to crimes against property) and replacing it with a modernised Part 10 (6)
  • redefining the key terms underlying property offences, namely the terms "dishonestly", "property", "document", and "colour of right" (clauses 2 and 19), and broadening some existing offences
  • creating four new computer offences (the four computer offences), with maximum penalties of five or seven years imprisonment, to protect the integrity of computer systems (clause 19, new sections 305ZD to 305ZF). These are:
    1. accessing a computer system and dishonestly or by deception obtaining a financial benefit or causing loss (new section 305ZE(1))
    2. accessing a computer system with intent to obtain a benefit or cause loss (new section 305ZE(2))
    3. damaging or interfering with a computer system with intent to cause serious damage (new section 305ZF( l)(a))
    4. recklessly damaging or interfering with a computer system knowing that serious damage is likely to result (new section 305ZF(2)(a)).

Prevention of criminal activity

Several submitters doubt that the bill will prevent criminal activity. They point to the availability of new technologies, such as the use of sophisticated encryption techniques and devices, which make it easier for people to undertake criminal activity without detection. They claim that the cost of maintaining sufficient technical capacity to effectively conduct interceptions will be high and that resources could be better utilised elsewhere.

We do not accept the proposition that new offences should not be created because criminals may take steps to minimise the risk of being caught. We consider that the new offences and powers are necessary to reflect modern circumstances, and are simply additional tools in an overall crime fighting strategy. We recommend no changes to the bill in this regard.

Repeal of all of Part X of the Act is recommended

Clause 17 of the bill aims to modernise over 90 crimes, against property offences by repealing most of Part X of the Act. Clause 19 replaces Part X with a new modernised Part 10. Modernisation is required as many of these offences have not been updated for nearly 40 years and do not adequately cover property crime involving computer technology.

Unfortunately, 12 offences were not repealed by clause 17 (conversion (section 228); possessing tools for conversion (section 229); possessing tools for burglary (section 244); and the counterfeiting coin offences (sections 282 to 286 and 289 to 292) as there were problems translating these offences into a more modern form. This issue has been resolved since the bill was introduced.

Therefore, we recommend that clauses 17, 18 and 19 be deleted from the bill, and proposed new clause 19 be inserted.

Additional amendment will ensure consistency with section 14 of the Summary Offences Act 1981

Clause 19 does not include the offence of possessing tools for burglary. The Act does not automatically require burglary tools to be forfeit to the Crown. However, a parallel offence in section 14 of the Summary Offences Act 1981 (the summary offence) does. We note that it would be better to take a more general approach to the issue of forfeiture, but to ensure consistency with the summary offence we consider that the offence should provide for. forfeiture. We recommend that proposed new clause 19, new section 233, be inserted into the bill. We recognise this is an interim measure and that the Ministry of Justice will canvass the issue more fully in the Government's proposed Sentencing and Parole Reform Bill.

Changes to the four new computer offences in the bill

Clause 19 inserts the four new computer offences into the Act referred to in (a) to (d) on page 12 of this commentary. Some submitters raise issues with these offences.

The term "access" should include electromagnetic emissions

One submitter recommends that the definition of "access" in clause 19, new section 305ZD, should be amended to include a person who 'receives' information via the electromagnetic emissions to or from a computer system. (7)

We note that this type of conduct was referred to in the Law Commission's Computer Misuse report (8) , and that the Council of Europe's. Draft Convention on Cybercrime (the Cybercrime Convention) (9) recommends that this type of activity should be covered. Given this, we agree that the bill should cover electromagnetic emissions. We recommend that the definition of "access" in new clause 19, proposed new section 249, be amended by deleting the term "retrieve", and replacing it with the term "receive".

The definition of "computer system" is to be extended

One submitter suggests that the definition of "computer system" is too narrow and that it should be extended to cover links between computers and other devices.

We agree that the definition of "computer system" should include communication links whether they link one computer to another computer or to some other device. We recommend that new clause 19, proposed new section 249, be amended accordingly.

Amendments to the damaging or interfering with computer system offence

Several submitters make a number of suggestions regarding various parts of the offence of damaging or interfering with a computer system (clause 19, new section 305ZF) (the computer damage offence).

We considered these suggestions carefully and agree that appropriate amendments to new clause 19, proposed new section 251, should be made. We recommend that:

  • the qualification that there be an intent to cause "serious" damage or being reckless as to whether "serious" damage results should be removed, as it is too limiting
  • damage or interference caused by the adding of data or computer software should be covered by inserting the phrase "adds to" into the offence (new section 25l(2)(a))
  • damage or interference to data caused in the course of transmission should be covered by deleting the term "stored" from the offence (new section 25 1(2))
  • 'denial of service attacks' should be expressly covered by inserting new section 251(2)(c), which provides that it is an offence to cause any computer system to either fail or deny service to any authorised users.

We have considered suggestions made by some submitters that indirect damage should be covered by the offence, that the term "software" should be amended to "program", and that the phrase "corrupted or caused to corrupt" should be added to clause 19, new section 305ZF. We do not support any of these amendments. Indirect damage is already covered in this new section by the phrase "causes any damage". The phrase "modified or otherwise interfered with" already covers corruption or attempted corruption of a computer system. Further, the change to "program" from "software" is unnecessary. "Software" is already used in other legislation, and although susceptible to becoming redundant over time "software" is a broader term than "program", which is equally if not more susceptible to becoming redundant in the same way. We recommend no change to the bill in this regard.

The penalty level for computer and intentional damage should be the same

One submitter suggests that the penalty for the computer damage offence should be increased from seven to fourteen years' imprisonment to make it consistent with the intentional damage offence (clause 19, new section 305ZT(1)).

We have examined the offence levels for both the computer damage offence (clause 19, new section 305ZF) and the intentional damage offence (clause 19, new section 305ZT(l)). We agree the penalties should be the same. However, a maximum of 14 years' imprisonment is inappropriate for either the computer damage or intentional damage offences. This level of penalty should be reserved for the most serious offences against the person.

The existing penalties for the computer damage and intentional damage offence should be deleted and replaced by a two-tier level of penalties:

  • up to ten years' imprisonment where the person doing the damage knows or ought to know that danger to life is likely to result
  • up to seven years' imprisonment for all other property or computer damage.

Therefore, we recommend that clause 19, proposed new section 251 (computer damage), and proposed new section 270 (intentional damage), should be amended accordingly.

Other recommended amendments to the bill

The terms "benefit" and "privilege" to be deleted from section 305J

We examined the scope of the offence of dishonestly taking or using a document (clause 19, new section 305J), particularly in the context of the words "benefit" and "privilege", and how the offence might apply in practice.

We consider that the terms "benefit" and "privilege" may unnecessarily broaden the offence. We recommend that new clause 19, proposed new section 228, be amended by removing the terms "benefit" and "privilege"to clarify that the offence relates to financial benefits.

The definition of "property" in the bill and the Act should be consistent

We examined the definition of the term "property", and the apparent inconsistency between the way it is defined in clause 19, new section 305A of the bill, and section 2 of the Act.

The definition in clause 19, new section 305A, is intended to remedy the type of problem that arose in R v Wilkinson, so that forms of property that are intangible and not currently covered by the law of theft (such as things in action) will now be covered. However, the definition of property in section 2 of the Act uses a different definition of property for offences other than theft.

An inconsistency will exist if one definition of property is found to apply only to property offences and a different definition of property relates to other offences in the Act. As such, we recommend that the "property"definition in section 2 of the Act be amended to include money and electricity, and the definition be deleted from clause 19, new section 305A,

"Without authority" to replace "unlawfully" for the burglary offence

The offence of burglary (clause 19, new section 305M) is modernised by removing the expression "break and enter" and replacing it with the term "unlawfully". One submitter suggests that:

  • the term "unlawfully" should be replaced with the phrase "without authority" as it duplicates the definition of "unlawfully", which is already provided for in clause 19, new section 305M(3)(a)
  • subsection 3(c) is unnecessary.

We agree with the submitter who claims that the phrase "unlawfully" is unnecessary. We recommend replacing it with the phrase "without authority" in new clause 19, proposed new section 231, and that clause 19, new section 305M(3)(a), should be deleted. As the same definition is used in the home invasion offence (clause 3), this offence should be amended in the same way.

We do not consider that all of clause 19, new section 305M(3)(c), is unnecessary as it covers, for example, situations where a person uses deception in order to gain consent to enter. This person should be considered as entering "without authority". However, we recommend that the second part of 305M(3)(c) relating to entering through apertures should be deleted, as the concept of "breaking" has been removed.

"Claim of right" to replace "colour of right"

Clause 2 of the bill proposes that the term "colour of right" be replaced by the term "claim of right", and that a new definition of "claim of right" be inserted. This is to modernise and clarify the term. Some submitters are concerned that this change would extinguish customary rights and would exclude arguments based on different cultural interpretations.

We agree with this amendment. It clarifies that a belief that an act is lawful is the required basis for the defence. We recommend that the new definition be retained. As the term "colour of right" is also used in the Income Tax Act 1994, we recommend a consequential amendment in Schedule 2 of the bill to ensure consistency.

Suggestions for additional computer offences

We note that a number of suggestions are made for additional computer-related offences. These include offences of:

  • wasting, diverting or hindering of data
  • unauthorised access with intent to commit further offences
  • being in possession of "hacking" programs or other information, in circumstances that show an intention to use it to commit a computer crime.

We considered these suggestions carefully and note that, aside from the last suggestion, these matters are either already covered by existing offences in the bill or covered in other statutes. However, we recommend that new clause 19, proposed new section 252, be inserted to provide an offence for the making, selling, or distributing or possessing computer software for committing crime.

One submitter suggests that the bill should include a civil remedy for computer misuse. We consider that civil remedies are not appropriate for inclusion in this bill.

Conclusion

We have looked critically at overseas models, and in particular the Cybercrime Convention, and consider that New Zealand meets or exceeds the proposed offences in the Convention, either through provisions in the bill or in other relevant legislation.

We consider that overall the bill and the SOP will strengthen privacy protection and does not significantly increase the powers of the State to intrude on individual privacy. In particular, the proposed legislation strengthens privacy interests by criminalising some activity that is not currently criminal, such as intercepting non-oral private cornmunications and accessing computers without authority. While certain State agencies will be exempt from criminal liability in some circumstances, these exemptions relate either to existing powers or to activities that these agencies could presently undertake without specific authorisation. The exemptions are also placed on a clear statutory footing and are supported with appropriate safeguards.

1 R v Jefferies 1NZLR 290,300

2 Crimes Act 1961, section 216B.

3 Under Order in Council (SR 19971145)

4 Crimes Act 1961, section 216B(2)(b)(ii),

5 Crimes Act 1961, section 312B and 312C.

6 In R v Wilkinson (1998) 16 CRNZ 179, the Court held that a fraudulently obtained electronic transfer of funds did not come within the Crimes Act 1961 definition of "theft" as it is not tangible.

7 The definition is used for the purpose of the four computer offences as well as the unauthorised access offence.

8 Report 54, page7.

9 Article 3 - Illegal interception.

10 On 14 March 2001, the House gave leave for Keith Locke to be a member of the Law and Order Committee for the purposes of its consideration of the bill and the SOP, but without the right to vote on any question before the committee.

Appendix

Committee process

The Crimes Amendment Bill (No 6) was referred to the Justice and Law Reform Committee of the 45 th Parliament on 5 October 1999. Submissions closed on 3 March 2000. Thirteen submissions were received on the bill (2 written and 11 oral). Supplementary Order Paper No 85 was referred to the Law and Order Committee on 16 November 2000. Submissions closed on 9 February. 2001. Thirty-five submissions were received (six supplementary submissions were received from six submitters on the bill).

A total of 43 submissions (16 oral and 27 written) were received.

Twenty-three submissions were heard on 15 and 29 March 2001.

Hearing evidence took 5 hours and 30 minutes and consideration took 9 hours and 7 minutes.

Advice was received from the Ministry of Justice; the Government Communications Security Bureau; the New Zealand Security Intelligence Service; Dr.Mark Prebble, Chairman of the inter-departmental Officials' Committee for Domestic and External Security Co-ordination (ODESC); and the New Zealand Police.

Committee membership

Janet Mackey (Chairperson)
Taito Philip Field (Deputy Chairperson)
Georgina Beyer
Keith Locke (10)
Ron Mark
Brian Neeson
Jill Pettis
Hon Ken Shirley
Hon Clem Simich
Hon Judith Tizard
Richard Worth

Judy Keall attended some meetings as a replacement member.

Committee staff

Tracey Rayner, Clerk of the Committee
Michael Wilkinson, Parliamentary Officer (Select Committees)
Key to symbols used in reprinted bill

As reported from the Law and Order Committee

Struck out (unanimous)

Subject to this Act, Text struck out unanimously

New (unanimous)

Subject to this Act, Text inserted unanimously

(Subject to this Act,) Words struck out unanimously

Subject to this Act , Words inserted unanimously

Document Actions