 |
BUSINESSES CAN FIGHT BACK AGAINST HACKERS The new anti-hacking legislation offers businesses criminal recourse against malicious ex-employees and hackers. The legislation treats crimes against computers, networks & data in a similar manner to crimes against property, imposing maximum penalties of up to ten years. The Crimes Amendment Act 2003 came into effect on 1 October 2003 and created four distinct new computer crimes. The Crimes Amendment Bill No. 6 had a slow progression through parliament partly due to controversial hacking exemptions contained in the Bill's Supplementary Order Papers. What is hacking? "Hacking" can be regarded as any unauthorised access to a computer system. Although there has been significant press regarding hackers that set out to attack large corporations such as Microsoft for the "kudos" among the hacker community, many businesses have suffered severe business disruption and cost at the hands of disgruntled employees, ex-employees, competitors and customers. The Crimes Amendment Act 2003 gives businesses a new tool in their arsenal against hackers. Although successful criminal prosecutions had been taken against hackers, the law in New Zealand remained uncertain. As a result many businesses only took civil suits against hackers. However, a civil remedy is not particularly useful for a company in a state of financial ruin caused by the malicious acts of an ex-employee or hacker. With the introduction of the Act, businesses now have clear criminal recourse against ex-employees and others that access, damage or interfere with their computer systems without authorisation. Criminal prosecutions have the added advantage that a business may harness the power of the state to help find a hacker. Foreign hackers who have evaded the consequences of civil suits may now be caught by criminal extraditions. Protection for businesses The four new crimes introduced by the Act are: • Accessing a computer system for a dishonest purpose• Damaging or interfering with a computer system• Making, selling, distributing or possessing software for committing crime • Accessing a computer system without authorisation Strong protection is given to businesses in the wide definition of computer system, which includes computers, interconnected computers and their communication links (e.g. networks), and communication links to other devices. Penalties for computer crimes Under the Act an ex-employee who intentionally accesses their former employer's computer system without authorization can receive up to 2 years imprisonment. Where an ex-employee does the same act, but for a purpose of obtaining gain or causing loss (for instance, they wish to steal valuable information from their former employer) that ex-employee can receive up to 7 years imprisonment. If the ex-employee fails to obtain the intended gain, or cause the intended loss, they can still receive up to 5 years imprisonment. An unauthorised ex-employee who recklessly causes damage or interferes with data or software, or causes software to fail, can receive up to 7 years imprisonment. Where the ex-employee intentionally or recklessly destroys, damages, or alters a computer system, with knowledge that danger to life is likely to result, they can receive up to 10 years imprisonment. The maximum sentences for computer crimes are substantial, and it is hoped, will have a deterrent effect on would-be hackers. The Act gives businesses a strong new protection against all types of hackers, but the question remains, will these sections work in the real world? Or, will businesses be discouraged by the financial costs, security risks, privacy & confidentiality issues and potential damage to their reputation of reporting and participating in a criminal prosecution. For more information about computer crimes, contact Kim Gordon at kmg@glaister-ennor.co.nz or on (09) 356 8243
Baker Tilly is a trademark of the UK firm Baker Tilly UK Group LLP, used under licence. Software solutions for accountants by Acclipse Site Map | Copyright Staples Rodway © |
 |
 |