pornrip.cc 1siterip.com xxxcomics.org
Menu
gonzoporn.cc

Click here for PDF of this article

Computer Crimes in the Workplace: A Legal Perspective

The recent release of the 2006 Australian Computer Crime and Security Survey revealed that despite the general decline in the number of computer crimes committed in Australia since 2002, the amount of monetary loss associated with computer crimes has more than tripled.  Existing legislation to protect your business from these crimes can only provide limited assistance.  So how do you deal with computer crimes in your workplace?  Firstly, you should understand the legislative protection conferred upon your business and secondly, you should understand how to take practical defensive measures against computer crimes in light of the legislative protection.

Federal and State/Territory legislation dealing with computer and electronic offences attempt to address the following:

  1. Unauthorised accessing of data or impairing electronic communication if this is done with the intention to commit a serious offence;
  2. Unauthorised impairing or modifying data or impairing electronic communication if this is done with the intent to cause harm or inconvenience;
  3. Unauthorised possession, control, production or supply of data with the intent to commit a computer or electronic offence; and
  4. Accessing data that is subject to an access control restriction.

Importantly, unauthorised access in itself is not prohibited and recklessness is insufficient to constitute an offence.  Unexpected consequences of released viruses or worms such as the Melissa Virus may therefore amount to recklessness which does not fall within the criminal jurisdiction.  Depending on the nature of the legal relationship between the offender and the victim, any losses sustained by the victim may be recoverable against the offender in a civil action for negligence or breach of contract where the required elements of contract or negligence are established.

In almost every case against an offender, whether it is criminal or civil in nature, the most difficult hurdle is the gathering and presentation of adequate evidence to satisfy a court as to the allegations against an offender.  In a matter involving the use of a computer or other electronic medium, the computer or electronic medium acts much like a silent witness.  Careful forensic investigation is thus required when collating and preserving evidence to guarantee the reliability of the evidence.  In addition, the method of collating and preserving evidence must be considered in line with the rules of evidence of the Commonwealth jurisdiction or the jurisdiction of the relevant state or territory.

A failure to follow sound forensic practices and evidentiary rules may create an opportunity for opposing counsel to discredit both the evidence and the expert retained to present the evidence in court.  A 2004 study by Smith, Grabosky and Urbas in the United States, for example, found that 75% of cases referred for prosecution to the federal authorities were declined, primarily due to lack of sufficient evidence.  Legal advice should therefore be sought early if there is a prospect of litigation.  Professional IT security or other persons with appropriate expertise should also be involved in the investigation from the earliest possible stage to lend weight to any subsequent expert reports or expert evidence given under oath in a court of law.

In my experience, litigation of matters that involve heavy use of computers or that rely heavily on the presentation of other electronic evidence is almost always expensive, sometimes prohibitively so.  As computers are a necessity for most businesses, the prospect of litigation involving computers or other electronic evidence is growing rapidly.  Civil matters involving computers may include claims for breach of privacy, sexual harassment, breach of copyright, contractual disputes and unfair dismissal.

For your business, the best advice is to take the initiative and regularly appraise the safety standards of your computers and electronic media.  The human factor should not be forgotten and appropriate computer use policies and protocols should also be adopted.  If you lack expertise in IT security, retain an IT security expert to appraise and advise as appropriate.  Whilst this is probably insufficient to prevent all attacks against your systems from being successful, it is one step forward in the right direction.

A copy of the 2006 Australian Computer Crime and Security Survey can be found at http://www.auscert.org.au.