|
|
[Home]
[Databases]
[WorldLII]
[Search]
[Feedback]
South African Law Commission |
[Database Search] [Name Search] [Previous] [Next] [Download] [Help]
3.1 The first issue which needs to be considered is whether the unauthorised accessing of computers and the unauthorised modification of computer data and software applications should attract a criminal sanction. This issue relates on the one hand to the question whether it is justified to sanction these actions with criminal penalties. On the other hand it relates to the question whether it is necessary to create new offences to criminalise these actions, if it is accepted that they should lead to criminal liability.
3.2 Computers are playing an integral part in the functioning of our society. They are used not only as sophisticated repositories for vast amounts of information but also in operational roles for instance where they administer banking and financial systems, transport control systems, communication systems and a variety of other complex operations.
3.3 The potential danger if computers performing these functions are interfered with is very serious. This potential danger alone seems to provide a policy ground for the criminalisation of the actions by means of which information can be obtained from a computer or its functioning interfered with. It should, however, be clear that there are a multitude of methods by means of which information can be obtained from a computer or its functioning interfered with.[29] It would be a very difficult task to describe the elements of each method in order to develop an offence for each. The common denominator among all of these methods is the obtaining of access to a computer without the requisite authority and this seems to be the basis for the justification for the point of view that unauthorised accessing of a computer should be punishable.
3.4 The unauthorised entering of the personal domain of a person is prohibited in respect of physical concepts such as a premises or a building.[30] This personal domain also includes a person’s privacy and therefore an invasion of privacy can lead to criminal liability.[31] It is submitted that in our modern society this personal domain should be extended to include information which is of personal or economic value and which is stored in electronic format.
3.5 The potential danger referred to earlier[32] become especially relevant when one considers the unauthorised modification of computer data and software applications. This potential danger therefore seems to provide sufficient justification for the criminalisation of such modification of computer data and software applications.
3.6 A person’s economic interest in his or her tangible property is protected by offences such as theft and malicious injury to property. The demands of our modern society, however, necessitates that similar protection be given to a person’s intangible interests such as information with personal or economic value stored electronically. This also advocates in favour of the proposition that the unauthorised modification of computer data and software applications should be punishable.
3.7 The common law offences discussed in Chapter 2 were developed in a world where computers and the abstract concepts such as information with personal or economic value being stored on computers were unknown. All of these offences were developed to apply to physical objects and can therefore not be applied to activities done in respect of the above-mentioned abstract concepts. It is clear that none of these offences can, in their present form, provide a criminal sanction to the unauthorised accessing of computers. There is furthermore no indication that the courts would be willing to extend the application of any of these offences to apply to computers and the information stored on them.
3.8 The protection afforded by the Copyright Act, 1978, only relates to "computer programmes" as defined in the Act. It does therefore not include all information that can be stored on a computer such as computer databases for example. Before copyright can be infringed it must be proven to exist as provided for in sections 2 to 4 of the Copyright Act, 1978. In the majority of cases the affected computer data or software applications will either not be eligible for copyright (because it is not an original work) or the person whose interest is affected will not be the author.
3.9 For criminal liability to result form a copyright infringement the actions by means of which the right is infringed must fall within the scope of section 27 of the Copyright Act, 1978. This does not include the alteration or destruction of the work in which the copyright subsists, for example.
3.10 Just like the common law offences discussed earlier the provisions of the Criminal Procedure Act were developed when the idea of a location which is not a physical premises or the seizure of something which is not a tangible object were inconceivable. Although the search of a premises for, and seizure of, a computer itself can be authorised under the Criminal Procedure Act it is submitted that the same does not apply to the search of a computer and the seizure of information located on that computer.
3.11 Apart from the application of the Criminal Procedure Act there are other issues in connection with the procedural aspects which must be discussed. These issues are unique to the search for and seizure of information stored on computers and arise from the nature of such information. In the course of this part of the discussion it is accepted for the sake of argument that an investigating officer is authorised to search a computer for certain information.
3.12 Computers are increasingly linked with other computers to form networks. A computer network can span a building, a province, a country and, even the globe. The interconnectivity of computers makes it possible to store information on a computer situated in a remote location which need not even be in the same country as the computer used to store the information.
3.13 This raises issues related to the validity of a search by means of which information stored in a remote location is located via a network. Normally a search will be authorised in respect of a specific premises where the relevant articles are suspected to be found. In the case of information stored and accessed via a computer network the physical location of the computer containing that information can be very difficult to determine. If the computer on which the information is stored can be located it may be in a location not referred to in the search warrant. The question now arises whether that information can legally be searched for without obtaining another search warrant. If a new search warrant is required chances are that the information will have been destroyed or altered or moved to another location by the time the warrant is obtained. Such a requirement will furthermore place a near impossible burden on investigating authorities to obtain accurate information of the exact location of the computer on which the relevant information is stored before applying for a search warrant.
3.14 The possibility that information may be stored in remote locations also raises issues related to jurisdiction. If the network spans the areas of more than one magisterial district, for instance, it will be very difficult if not impossible to decide who has jurisdiction to issue a search warrant in respect of the relevant information. The issue can be further compounded if the information is distributed over a network in such a way that parts of the relevant in formation are located in one jurisdiction and other parts of it are located in another.
3.15 If the information searched for is stored via a global network on a computer located outside the Republic issues of international co-operation will come into play. It may be that the country in which the computer containing the relevant information is located rely strongly on the existence of treaties or conventions as a basis for providing assistance to foreign investigating authorities. It is also possible that the system for the provision of assistance in the foreign country is based on onerous formalities. The delays and difficulties encountered in the area of mutual legal assistance will almost certainly provide an opportunity for the relevant information to be destroyed or altered or moved to another location.
3.16 It is very probable that when the information searched for is located it will be found to be protected by security systems such as passwords and encryption. The question arises whether the authority of the investigating officer to do the search is wide enough to entitle him or her to proceed in attempting to get past any obstacle aimed at preventing access to the relevant information. Apart from this there is the practical question of the methods that may be used to overcome such security measures.
3.17 One of the main functions of a computer is to store information. This may include information of private nature or information in respect of which an obligation of confidentiality or secrecy exists. The ability to store information in remote locations compounds this issue as the gaining of access to such a computer may infringe on the privacy of other persons not associated with the offence under investigation. Issues of civil liberties, privacy and confidentiality must be considered in respect of the search for and seizure of information stored on a computer. These issues need to be balanced with the need for the effective administration of justice.
3.18 Since a computer is capable of storing a vast amount of information it is most likely that the information of interest to the investigation officer coexist with other information which is of no interest to him or her. The collateral information found on the computer may be necessary for the day to day functioning of a business. This problem is further aggravated if required information is located on a network file server which is crucial to the functioning of a whole network. In such circumstances it is impossible to remove the computer from the location where it is found.
3.19 Where an offence is committed by means of a computer or where the computer itself has been the target of illegal activity (such as where unauthorised access has been obtained to a computer) the evidence needed to prove the offence will be found on the computer in question unless steps were taken to destroy that evidence. This means that in order to prove the relevant offence either the computer itself or a print-out of the information stored on the computer will have to be produced in court.
3.20 The general rule of the admissibility of evidence is that evidence is admissible if it is relevant to a matter before court.[33] Relevant evidence is evidence tendered to prove or disprove a fact in issue. To this general rule there are a number of exceptions where evidence will be inadmissible in spite of its relevance such as the rule against hearsay evidence for example.
3.21 Apart from the general rules as to the admissibility of evidence there are a number of rules prescribing how evidence should be tendered. As a general rule evidence is produced by calling upon a witness to deliver viva voce testimony under oath in an open court.[34] Evidence can also be tendered in the form of real evidence or documentary evidence. Real evidence refers to objects produced for inspection by the court so that the court may draw some conclusion in respect of a fact in issue. The object itself is therefore evidence.[35] Documentary evidence is evidence, usually a statement in writing, contained in a document which is intended to prove the truth of its contents.[36] The contents of the document is therefore evidence as opposed to the document itself.[37]
3.22 Depending on surrounding circumstances, evidence generated by means of a computer can either be classified as real evidence or documentary evidence. Where a computer print-out is simply a reflection of a person’s knowledge stored in an electronic form it will most likely be classified as documentary evidence. Where the evidence represents the result of the processing of a person’s knowledge it will probably be classified as real evidence created by a device.[38] This uncertainty as to the nature of computer generated evidence raises a number of issues as to how the admissibility of such evidence should be determined. Should the computer print-out be proven to be an original and authentic version of the information it reflects?[39] Should its admissibility be dependant on the proper and reliable functioning of the computer and software applications used to generate the evidence reflected in the print-out?[40] Apart from these issues there are also other, more general, exclusion that may apply such as that the evidence reflected in the print-out is hearsay for instance.
3.23 If the issues of admissibility are left out of consideration one is still faced with the question of how the value to be attached to the evidence should be determined. This will depend very much on the knowledge of the persons producing the evidence as well as those evaluating it of computers, their functioning and their capabilities.
3.24 The following example of what may be found in practice will serve to illustrate the frustrations that may be caused by the issues discussed above. For the sake of this example it is assumed that obtaining unauthorised access to a computer constitutes an offence in terms of a statutory provision. It is further assumed that an investigating officer has received information that a certain computer located at a specific address was used to commit this offence.
3.25 The investigating officer obtains authority to search for the computer in terms of a search warrant authorised for that purpose. As a result of the search the investigating officer locates the computer in question. However, the owner of the computer objects to the searching of the computer's storage area for any information as this is not included in the scope of the search warrant. The owner's argument is based on the fact that the information to be searched for is not an "article" and the computer's storage space cannot be described as premisses.
3.26 The only option open to the investigating officer is to seize the computer itself and to remove it from the premisses. This decision may, however, be complicated by the fact that the computer equipment belongs to a legitimate business and that it contains information which is crucial to the operation of the business and which is totally unrelated to the information which the investigating officer is searching for.
3.27 Another problem that may arise in this regard is that the computer on which the relevant information is located may be a file server connected to a huge network which is used for totally lawful purposes and without which the network cannot function. In such circumstances it is doubtful that the investigating officer will be able to remove the relevant computer from the premisses where it is located.
3.28 The computer which is the target of the search may be shared by a number of users. In such a case the computer will contain collateral information which is not associated with the search. The users of the computer will object to the removal of the computer as this will deprive them of their legitimate use of the computer.
3.29 If the investigating officer has the authority to search the storage area of the computer, for instance with the consent of the owner, he or she may find that the information in question is encrypted. The owner of the computer, however, objects to the investigation officer's attempts to de-encrypt the information as this is not included in his or her authority to locate that information. Another possibility is that the information is protected by software that will cause the information to be destroyed if it is not accessed in a specific manner. Again the owner of the computer may object to the investigating officer's attempts to circumvent this software as this is not included in his or her authority to locate that information. The owner may also object to such attempts because the investigating officer's actions may alter some information or the functioning of some software on the computer.
3.30 If it is accepted for the sake of this example that a search of a computer's storage area can be authorised under a search warrant and that the investigating officer has located the computer in question, he or she may find that the computer is linked to other computers via a network. The perpetrator has furthermore made use of this connectivity of the computer in question to store the relevant information on another computer at a different location which is connected to the same network.
3.31 The investigating officer is now faced with the problem that the computer which he or she is authorised to search does not contain the relevant information and that he or she is not authorised to search the computer on which that information is contained. By the time a new search warrant is obtained the perpetrator will have moved the information again or he or she will have altered or destroyed it.
3.32 Another possibility is that the investigating officer may be unable to determine the location of the computer where the perpetrator has stored the relevant information. This means that the investigating officer is not allowed to search for the relevant information in terms of the search warrant which authorises a search of the computer in question, although it is practically possible to search for that information via the network to which that computer is connected.
3.33 A third possibility is that the information is stored via the network on a computer located outside the Republic. The investigating officer is now faced with the task of obtaining mutual legal assistance from another country in order to search for the relevant information. By the time all the formalities associated with mutual legal assistance requests have been complied with the perpetrator will have moved the information to another location or he or she will have altered or destroyed that information.
3.34 The computer which is the target of the search may contain privileged information which does not relate to the search. The owner of the computer will object to the investigating officer obtaining access to such information in the course of his or her search. It is, however, impossible to locate the relevant information on the storage area of the computer and to sift this from the other information on the computer without accessing all the information on the computer. This may mean that the whole search has to be abandoned.
3.35 If the investigating officer succeeds in obtaining the relevant information in the course of an authorised search that information must be produced as evidence at the trial of the accused. At this stage the accused may object against the admissibility of the evidence on the basis that the correct procedure for its presentation to the court was not followed or that it constitutes hearsay evidence. If the accused accepts the admissibility of the evidence he or she may attack the value of the evidence because the information obtained from the computer may have been altered by the investigating officer, or because the chain of events leading from the collection of the information to its production in court as evidence have not been preserved.
3.36 All of these pitfalls indicate the near impossible task of investigating and prosecuting authorities when faced with computer related offences
[29] Such methods can include the duplication of information on a computer, the removal of information on a computer, the alteration of information stored on a computer, the alteration of the functioning of a computer etc.
[30] Section 1 of the Trespass Act, 6 of 1959.
[31] The offence of crimen inuria prohibits the impairment of a person’s dignitas which includes his or her privacy.
[32] Par. 3.3 supra.
[33] Schmidt 360; Van der Merwe et al 53.
[34] Schmidt 245; Van der Merwe et al 286.
[35] Schmidt 305; Van der Merwe et al 269.
[36] Van der Merwe et al 275.
[37] Schmidt 305.
[38] Schmidt 346.
[39] Originality and authenticity are the general requirements for the admissibility of documentary evidence.
[40] This would be similar to other evidence produced by means of a device such as a speed measuring apparatus.
SAFLII:
|
|
Terms of Use
|
Feedback
URL: http://www.saflii.org/za/other/zalc/ip/14/14-CHAPTER-3.html