While technological advancements benefit society, they also provide new opportunities for criminals. Australia and other countries face significant challenges in preventing, detecting and prosecuting these computer-based crimes.
What is cybercrime?
There is no universal definition of cybercrime. It may include any range of crimes involving technology. Most cybercrimes fall into one of two types:
- Crimes against computers or other digital devices. These include hacking and denial of service attacks.
- Crimes where computers or other digital devices are used to commit traditional crimes. These include online fraud, cyberstalking, or the online distribution of child abuse material.
Other examples of cybercrimes include malware and phishing offences, computer hacking, internet and email fraud, and identity theft.
Cybercrime under transnational criminal law
Cybercrime is transnational by nature and is not restricted by international borders. It is in the global interest for all countries to cooperate in the fight against cybercrime.
The Budapest Convention
The Convention on Cybercrime of the Council of Europe, also known as the Budapest Convention, is the first binding international instrument addressing cybercrime. It serves as a guideline for national legislation against cybercrime and as a framework for international cooperation between signatory parties.
The Budapest Convention aims to:
- Harmonise cybercrime offences across all domestic criminal jurisdictions.
- Provide the procedural powers needed to investigate and prosecute offences.
- Establish an effective framework for international cooperation between signatory nations.
The Budapest Convention is currently signed by 66 countries around the world. Although it is a European treaty, any country can join upon invitation. Australian signed the Budapest convention in 2012. This allows for more efficient information sharing with partner agencies.
As a result of the Budapest Convention and other treaties, the investigation and prosecution of cybercrime is becoming increasingly international, often involving multiple international law enforcement agencies.
Individuals and businesses may become the subject of parallel criminal investigations and prosecutions. This raises complex jurisdictional and procedural issues.
The threat of exposure to penalties outside of the jurisdiction where you live or operate is real.
Cybercrime under Australian Law
Cybercrime offences are criminalised under parts 10.7 and 10.8 of the Criminal Code Act 1995 (Cth) and include:
- Unauthorised access to, or modification of, restricted data: section 478.1(1).
- Unauthorised impairment of electronic communication: section 477.3(1).
- Using a carriage service to menace, harass or cause offence: section 474.17.
Each State and Territory also has its own computer crimes that are similar to the Commonwealth legislation. Common offences under the Crimes Act 1900 (NSW) are set out under part 6 and include:
- Unauthorised modification of data with intent to cause impairment.
- Unauthorised impairment of electronic communication.
- Possession of data with intent to commit a serious computer crime.
- Unauthorised access to restricted data.
State legislation also criminalises the use of technology in traditional crimes. Under Section 308C of the Crimes Act, using a computer to commit a serious indictable offence carries the same maximum penalty as the offence itself.
An evolving landscape
Australian cybercrime law is constantly evolving to keep up with new threats, often raising complex international jurisdictional questions.
Nyman Gibson Miralis reviewed the key cybercrime laws applicable to Australia in the International Comparative Legal Guide to Cybersecurity 2022.