Letter Law and Order Committee 17/03/01

March 17 2001

Janet Mackey
Chair
Law and Order Committee
Parliament
New Zealand

Dear Madam Chair

CRIMES AMENDMENT BILL S.O.P. #6

The Internet Society of New Zealand, Inc (ISOCNZ) was pleased to have the opportunity last Thursday to make an Oral Submission on the Crimes Amendment Bill #6. We appreciated the fact that the Committee members had obviously thoroughly read our Submission and had penetrating questions to ask.

During our Oral Submission we felt it important to flag that a percentage, possibly significant, of offenders under the proposed legislation will fall into the under-16 and under-18-year-old categories and that therefore the ability of the legislation to deal with such offenders will need to be considered. Anecdotal evidence suggests that "hackers" start "exploring" in their mid-teens through to their early twenties, and while some may continue longer, many give it up once they get a "real life" with the pressures of their job, and associated responsibilities.

In response to the request for documentation on the age-groups of people who maliciously interfere with computer systems, our team has spent considerable time searching for documented studies. We have to report that we have not found evidence of any formal studies to back up the widely quoted anecdotal evidence. This may be a useful area for the Select Committee to research.

I attach two documents sourced on the Internet which reinforce the anecdotal evidence. The first is an FBI Congressional Statement (1) and the second a report from Dorothy Denning (2) who is a well respected computer security writer. The relevant paragraph in the FBI Statement says:

"Another issue involves the alarming number of computer hackers encountered in our investigations who are juveniles. Under current law, Federal authorities are not able to prosecute juveniles for any computer violations of 18 U.S. C. §1030. S. 2092 would authorize (but not require) the Attorney General to certify for juvenile prosecution in Federal court youthful offenders who commit the more serious felony violations of section 1030. Recognizing that this change will, over time, result in the prosecution of repeat offenders, S. 2092 also defines the term "conviction" under §1030 to include prior adjudications of juvenile delinquency for violations of that section. This is intended to provide greater specific deterrence to juveniles for are adjudicated delinquent for computer hacking. Similarly, a majority of the States have enacted criminal statutes prohibiting unauthorized computer access analogous to the provisions of section 1030?"

Given that Denning was trying to find a representative selection of "hackers" (3) for her study, in Section two of her report she says:

"My dialog with Drake increased my curiosity about hackers. I read articles and books by or about hackers. In addition, I had discussions with nine hackers whom I will not mention by name. Their ages ranged from 17 to 28."

Please contact us if there is any other information the Society can provide to assist the Select Committee's deliberations.

Cordially
Sue Leader
Executive Director

(1) " Statement for the Record: Guadalupe Gonzalez, Special Agent In Charge, Phoenix Field Division, Federal Bureau of Investigation, on Cybercrime", April 21 2000. http://www.fbi.gov/congress/congress00/gonza042100.htm (attached)

(2) "Concerning Hackers Who Break into Computer Systems", Dorothy E Denning, October 1990. http://www.sgrm.com/art-7.htm (attached)

(3) The term "hacker" is offensive to many of the professional computer community in relation to malicious behaviour and the preferred term "cracker" is used for malicious hacking. Denning comments on the distinction (op cit):

© 2001 The Internet Society of New Zealand
Last updated 2 April 2001