The Gibbs Report
Commonwealth Attorney-General's Department
Review of Commonwealth Criminal Law
Interim Report on Computer Crime
November 1988 (the "Gibbs" report)
Summary of Recommendations
CHAPTER 1 - SUMMARY OF RECOMMENDATIONS
(References to the Commonwealth include a public
authority under the Commonwealth)
1.1 An offence should be created of intentionally and
without authority obtaining access to data in a
Commonwealth computer (defined to mean a computer, a
computer system or a part of a computer system owned,
leased or operated by the Commonwealth) or to data
stored in a computer that is not a Commonwealth
computer, being data stored in that computer on behalf
of the Commonwealth: Penalty 6 months' imprisonment or
30 penalty units ($3,000). It is assumed that access
without authority would include the case of a person who
has limited authority, but knowingly exceeds that
authority in making the access in question. Data stored
in a computer on behalf of the Commonwealth would, for
the purpose of the recommendations in this paragraph as
in paragraphs 1.3 and 1.4, include data stored in the
computer at the direction or request of the Commonwealth
and data supplied by the Commonwealth that is stored in
the computer under, or in the course or performing, a
contract with the Commonwealth.
1.2 A second offence should be created, similarly expressed
but with aggravating circumstances as follows:
o accessing information with fraudulent intent;
o intentionally accessing information which the person
knows or ought reasonably to know:
(i) relates to national security, defence or the
international relations of Australia;
(ii) concerns the existence or identity of an
information in relation to the enforcement of
the criminal law;
(iii) concerns the enforcement of the law or the
protection of public safety;
(iv) concerns the personal affairs of any person;
(v) consists of trade secrets;
(vi) comprises the records of a financial institution; or
(vii) consists of information of a commercial
nature, the disclosure of which could benefit
any person or disadvantage any other person.
This would carry a penalty of two years' imprisonment or
120 penalty units ($12,000).
1.3 A third offence would be committed when a person who,
without authority, has intentionally obtained access to
data in a Commonwealth computer or to data stored in a
computer that is not a Commonwealth computer, being data
stored in that computer on behalf of the Commonwealth,
knows or has reason to believe that the information is
of a kind referred to in paragraph 1.2 above but,
nevertheless, continues to examine it. The same penalty
as that applying to the second offence would apply.
1.4 The following further offences should be created to
apply when a person intentionally and without authority
or lawful excuse:
o destroys, erases or alters data stored in, or inserts
data into, a Commonwealth computer;
o interferes with or interrupts or obstructs the lawful
use of a Commonwealth computer;
o destroys, erases, alters or adds to data stored in a
computer that is not a Commonwealth computer, being
data stored in that computer on behalf of the Commonwealth.
A Commonwealth computer would be defined to include a
computer, a computer system or part of a computer system
owned, leased or operated by the Commonwealth.
The penalty for each offence would be imprisonment for
10 years or a fine of 480 penalty units ($48,000).
1.5 It is unnecessary to amend existing Commonwealth law to
deal specifically with fraud in relation to computers,
but the Acts Interpretation Act 1901 should be amended
to make it clear that references to a record in any
statutory provision include information recorded by
means of a computer. Paragraph 67(e) of the Crimes Act
1914 should be amended to reverse the order of the terms
"record" and "document" and the Act should be further
amended to remove doubts as to the application of the
law as to forgery in regard to documents presented to,
or data inserted in, a computer or other device with the
intention that the computer or other device should
respond to them as genuine.
1.6 No offence of using a Commonwealth computer without
authority should be created.
1.7 No offence of omitting to record or store data in a
Commonwealth computer should be created.
1.8 (a) An offence should be created of intentionally and
without authority obtaining access by means of a
Telecom or another Commonwealth communication
facility to data in a computer that is not a
Commonwealth computer; two further offences with
the aggravating circumstances described in
recommendations 1.2 and 1.3 above should also be
created;
The penalties referred to in recommendation 1.1,
1.2 and 1.3 would respectively apply.
(b) Offences should be created in regard to a person
who intentionally and without authority or lawful
excuse by means of a Telecom or another
Commonwealth communication facility:
(a) destroys, erases or alters data stored in, or
inserts data into a computer that is not a
Commonwealth computer;
(b) interferes with, or interrupts or obstructs
the lawful use of, such a computer.
Penalty for each offence: Imprisonment for 10
years or a fine of 480 penalty units ($48,000).
Provisions enacted for this purpose should indicate
an intention not to exclude or limit the concurrent
operation of any law of a State or Territory.
1.9 The Telecommunications (Interception) Act 1979 should be
amended to extend the definition of "interception" to
include the viewing of a communication in its passage
over a telecommunications system.
1.10 The Commonwealth should not legislate to deal with:
o any form of computer fraud not involving the
Commonwealth, where it was effected by means of a
Telecom or another Commonwealth communication
facility;
o unauthorized use of private computers effected by
means of a Telecom or another Commonwealth
communication facility; or
o omission to record or store data in a private
computer where there is a duty to do so.
1.11 It is not necessary to define in the proposed amendments
to the Crimes Act the term "computer" beyond providing
that the term means a computer, a computer system and a
part of a computer system.
Computer Crime (Scotland) Bill 1987