Computer Hacking In Australia: What's Legal?

Computer hacking is a criminal offence in Australia. The country's legal system takes digital privacy very seriously, and unauthorised access to computer systems is criminalised by both State and Federal legislation. The Criminal Code Act 1995 (Criminal Code) prescribes multiple computer crime hacking offences warranting imprisonment, fines, and convictions. This includes hacking without consent, the unauthorised access, use or modification of data, and the impairment of electronic communication. In 2020–2021, the Australian Cyber Security Centre received over 67,500 cybercrime reports, indicating a cyber-attack every eight minutes.

Explore related products

Illegal: A Graphic Novel

$8.49 $14.99

Illegal

$12.79 $15.99

Illegal: A Disappeared Novel (2)

$18.99 $18.99

Everything I Want To Do Is Illegal: War Stories from the Local Food Front

$15.28 $23.95

The Illegals: Russia's Most Audacious Spies and the Plot to Infiltrate the West

$30.11

Illegal/The Big Steal

$13.16

Unauthorised access to computer systems

The definition of 'access' in the context of computer systems is ambiguous, and it is not always clear whether a particular action constitutes unauthorised access. For example, borrowing someone's calculator without permission could be considered unlawful use, but it is not clear if this would fall under the definition of 'access'. Determining whether a hack is authorised may involve considering the computer owner's data access policy, how this policy is communicated, and the accessibility of the computer and its files.

In Western Australia, the legal framework specifically addresses the unauthorised access of restricted-access computer systems, which includes email accounts protected by passwords or other security measures. Guessing someone's password and using it to access their email is considered 'use' under the Act and is therefore unlawful. This is also the case in other states, where the unauthorised access of someone's email or cloud storage account, even by guessing their password, can lead to legal consequences.

The Australian Cyber Security Centre received over 67,500 cybercrime reports in the 2020-2021 financial year, a 13% increase from the previous year. This indicates that cybercrime is a significant issue in Australia, with one report of a cyber-attack every 8 minutes. To combat this, Australia has implemented laws similar to the Commonwealth Criminal Code provisions inserted by the Cybercrime Act 2001 (Cwlth), which criminalise hacker behaviour by reference to the intention or recklessness of the hacker, or instances where restrictions on data access are breached.

Explore related products

Illegal: Reflections of an Undocumented Immigrant (Latinos in Chicago and Midwest)

$14.95 $19.95

Illegal

$6.35 $9.95

Illegal Tender

$3.79

Illegal Tender

$5.99 $8.82

Illegal (1955)

$3.79

Cybercrime laws

In Australia, cybercrime laws address crimes directed at computers or other information and communications technologies (ICTs), such as hacking and denial-of-service attacks. These laws also cover traditional crimes where computers or ICTs are integral to the offence, including online fraud, money laundering, identity theft, and the distribution of child exploitation material.

The Criminal Code Act 1995 (Cth) is a key piece of legislation that criminalises unauthorised access, use, or modification of data, as well as the impairment of electronic communications. Section 477.1 of the Criminal Code Act specifically addresses unauthorised access, modification, or impairment of data, while Section 477.3 criminalises the authorised impairment of electronic communication, with a maximum penalty of up to 10 years imprisonment.

State-based legislation also plays a role in criminalising hacking offences. For example, in Western Australia, Section 440A of the Criminal Code, enacted in 1990, targets unauthorised access to restricted-access computer systems. This provision is designed to address external hacking attempts and unauthorised access to information within restricted systems.

In addition, the New South Wales (NSW) Crimes Act 1900 (NSW) and similar laws in other states criminalise the hacking of private computers and data access restrictions. The maximum penalty for unauthorised access to restricted data under the Commonwealth Criminal Code is two years' imprisonment.

The Australian legal system takes digital privacy seriously, and unauthorised access to email or cloud storage accounts, even by guessing passwords, can lead to legal consequences. Law enforcement agencies actively investigate and prosecute cybercrimes, demonstrating their commitment to protecting digital privacy and security.

Defining hacking

The term "hacking" has multiple meanings and connotations. In general, a hacker is someone who is adept at programming and can creatively overcome limitations. However, the term is often associated with malicious activities, such as illegally accessing someone's computer or confidential information. This dual meaning of the term has created ambiguity in the legal context, making it challenging to define and prosecute hacking offences.

In Australia, unauthorised access to computer systems and data is criminalised under the Criminal Code Act 1995. This includes accessing someone's email or cloud storage account without authorisation, even if done by guessing their password. The law considers this as unauthorised access to a restricted-access computer system, regardless of the method used to gain entry.

Hacking offences can also involve the use of spyware, such as the case of a 24-year-old Australian man who created the "Imminent Monitor" software when he was 15. This spyware, once installed, allowed users to control devices, steal personal information, and spy on victims by accessing their webcams and microphones. The man was charged with multiple offences, including producing and supplying data with the intent to commit a computer offence.

To address the complexity of defining hacking, Australian state and Commonwealth laws have evolved to focus on the intention or recklessness of the hacker and the breach of restrictions on data access. This shift has brought greater uniformity to the legal framework, with states like New South Wales, Victoria, and South Australia implementing laws similar to the Commonwealth Criminal Code provisions.

The severity of hacking offences in Australia is reflected in the penalties prescribed, which can include imprisonment, fines, and convictions. The maximum penalty for unauthorised access to restricted data is two years' imprisonment, while the authorised impairment of electronic communication can carry a penalty of up to 10 years' imprisonment.

Penalties for hacking

In Australia, unauthorised access to computer systems is criminalised by both State and Federal legislation. The Commonwealth Criminal Code Act 1995 (Criminal Code) prescribes multiple computer crime hacking offences warranting imprisonment, fines, and convictions. This includes hacking without consent. Penalties range from two to ten years of imprisonment.

The offence of unauthorised access to computer systems comprises three elements. The first element is that a person causes any unauthorised access to, or modification of, restricted data. The second element is that the person intends to cause the access or modification. The third element is that the person knows that the access or modification is unauthorised.

The maximum penalty for a contravention of section 478.1 of the Criminal Code, which pertains to 'unauthorised access to, or modification of, restricted data', is two years of imprisonment. For the purposes of this offence, 'restricted data' refers to data held in a computer to which access is restricted by an access control system associated with a function of the computer.

Additionally, it is an offence to produce, supply, or obtain data with the intent for that data to be used to commit or facilitate a serious computer offence, as per section 478.4 of the Criminal Code Act 1995 (Cth) (Criminal Code).

Examples of hacking offences

In Australia, unauthorised access to computer systems is criminalised by both State and Federal legislation. Under the Federal Criminal Code Act 1995, hacking is a criminal offence. Persons suspected of unauthorised access to computer systems are charged under section 478.1 of the Criminal Code. The offence comprises three elements:

• A person causes any unauthorised access to, or modification of, restricted data.
• The person intends to cause the access or modification.
• The person knows that the access or modification is unauthorised.

The maximum penalty for contravening section 478.1 of the Criminal Code is two years' imprisonment. 'Restricted data' refers to data held in a computer with restricted access, protected by an access control system associated with a function of the computer.

State-based legislation also exists to criminalise hacking offences, such as Part 6 of the New South Wales (NSW) Crimes Act 1900, which sets out multiple offences related to unauthorised access, modification, or impairment of restricted data and electronic communications.

In Western Australia, Section 440A of the Criminal Code, introduced in 1990, addresses the 'unlawful operation of a computer system'. It refers to a person who, without authorisation, accesses information stored in a restricted-access system or operates such a system. A 'restricted-access system' is defined as a computer system or part thereof that is only accessible through a code withheld or provided on a restricted basis by the person in control of the system.

Queensland's law, introduced in 1997, is titled 'Computer Hacking and Misuse' and focuses on the misuse of computer systems or networks.

Frequently asked questions