[ISN] Hacker evidence could be accepted in court

InfoSec News isn at c4i.org
Fri Nov 26 01:16:27 EST 2004


Stephen Bell
26 November, 2004

A bill likely to be introduced to Parliament early next year will
clarify the legal status of evidence of an offence gained by hacking,
as well as other evidence collected through illegal acts.

Evidence of electronic or other crime gathered by a hacker illegally
intruding into a suspect's computer system would probably be
admissible in a New Zealand court, according to lawyers and Police
e-crime unit chief Maarten Kleintjes. One lawyer acknowledges the risk
of "vigilantes" hacking into systems in the hope that any detected
crime would be serious enough for the hack to be seen as a lesser
offense not worth prosecuting.

Such evidence would be subject to the same guidelines as evidence
coming from any other informant where the illegal nature of the act of
gathering such evidence may not rule it out, say the sources.But the
principles governing such a judgement are purely case law at present.

Government officials are working on a new bill amending the Evidence
Act, which aims to make such questions as admissibility of illegally
obtained evidence a matter of statute law. At the same time, the Law
Commission is drafting a paper on rights of entry, search and seizure,
which has been delayed until next year to consider more fully the
issues presented by new technology. This could well include further
thoughts on the acceptability of hacking, says Commissioner Warren
Young, though a previous Law Commission paper forms the basis of the
planned Evidence Act amendment bill. This could be tabled early next
year, he says.

Young points to a watershed case two years ago, R v Shaheed, which
modified a previous assumption that such evidence, particularly where
obtained in a way contravening the NZ Bill of Rights, would be
inadmissible. None of the sources consulted can call to mind a case in
the computer hacking arena. Admissibility would depend on the relative
gravity of the two crimes; if murder were at issue, says one lawyer,
it can hardly be imagined that the relatively minor crime of hacking
would render the evidence inadmissible.

The question came up in the wake of a local case where images in
breach of the censorship law were given to the Department of Internal
Affairs by a computer repair shop to which the offender took a failing
hard disk drive. The DIA used that prosecution to warn that it.s not
only the Department.s inspectors that are alert for possible illegal

But the case led IT commentator Bruce Simpson to ask in his online
Aardvark column whether there was any real difference between viewing
files without permission while the PC is being repaired and "hacking
into someone's PC and inspecting the files on its hard drive without
permission over the internet." He sees the latter as unjustifiable and
some of his respondents agree.

A few months ago, a US appeal court allowed evidence gathered by a
freelance hacker. A former judge was charged with an offence where
incriminating information was rooted out by the hacker introducing a
Trojan into the offender.s system. The appeal court found it would be
improper for a government agency to indulge in hacking and evidence
gained in this way could not be used in court. But since the hacker in
this case was not directly employed by the government (although he
considered himself to be working on their behalf) his evidence was
ruled admissible.

Images which the former judge downloaded had had a Trojan attached to
them by the hacker, who used the vulnerability to read other material
on the offender's computer.

The anti-hacking provisions of the Crimes Act are still relatively
untried, says lawyer Craig Horrocks, of Clendon Feeney, so there is
some doubt whether a particular act of hacking could even be
demonstrated to be illegal. Assuming such evidence to be admissible
does open the danger of "vigilante" activity of the kind evident in
the US case, he says.

In the local case, a Christchurch man, Lance Thomas Priestly, was
convicted of possessing objectionable material. His arrest followed
information from a Christchurch computer company to which Priestly
took his hard disk for repair.

The acting director of the department.s gaming and censorship
regulation group, Peter Burke, emphasises that reports of suspected
offences by members of the public are not a breach of privacy. The
repair case is straightforward, since the Privacy Act has exemptions
for cases where maintenance of the law or furtherance of a prosecution
"for an offence carrying a pecuniary penalty" is at issue.

.There is a common misconception that reporting a possible crime is a
breach of privacy laws. It is not. If you see a burglary and report it
to the police you are acting as a responsible citizen and are helping
protect someone.s property," Burke says in a statement on the Priestly
case. "If you find information about movies or pictures of children
being sexually abused or sexually posed and you report that, then you
are being a responsible member of the community by helping protect

The DIA, however, declines comment on the acceptability of hacker
assistance in tracking down the kind of illegal online activity it

More information about the ISN mailing list