2.1 Governing Law: Please cite all applicable laws in your jurisdiction that apply to cybersecurity, including laws that apply to incident monitoring, detection, prevention, mitigation and management. This may include, for example, privacy and electronic privacy laws, intellectual property protection laws, privacy laws, information security laws, and import/export controls. In Australia, unauthorized access to computer systems is criminalized by state and federal laws. In the federal jurisdiction, piracy is criminalized under the Criminal Code Act, 1995 (Cth) (“the Code”). Most often, individuals suspected of involvement in cybercrime are charged under the Code, as it is universally applicable in all australian states and territories. Currently, there are no laws in Australia prohibiting the use of chasm technology. However, the malicious use of sinkhole methods to divert legitimate traffic from its intended recipient may constitute a criminal offence under section 477.3 of the Code. Section 477-478 of the Criminal Code Act describes serious computer offences such as hacking that can be prosecuted at the federal level. Section 477.1 of the Criminal Code Act states that a “public interest lawyer” may be appointed to review arrest warrants sought against a journalist or news organization. It is only recently that Australia has reviewed its national intelligence laws and has yet to implement much of the reforms needed to put its recommendations into practice. A recommendation not to extend the Australian Signal Directorate`s cybercrime function to land use was ignored when the Identification Act was introduced. The powers conferred under the Identity Act are far-reaching and merely complement the ever-growing arsenal of powers transferred to Australian law enforcement. It will be important to monitor how and for what purpose these new powers are used.
It is also necessary to consider whether those powers should remain in place after the expiry of their expiry period. The Joint Parliamentary Committee on Intelligence and Security (JCCS) recommended earlier this month that the so-called “hacking” law be passed, provided its other 33 recommendations are met. Shadow Home Secretary Kristina Keneally confirmed in the Senate on Wednesday that the government had implemented 23 of the 33 recommendations “in whole or in substance” through legislative changes or changes to the bill`s rationale. In the event that the security of a large international company has been breached, we may ask ourselves: how does Australian law deal with such a scenario? The answer to the question is complex and shows how the Internet has been a boon to humanity in terms of easy access to information, but has caused headaches for lawmakers due to the lack of territorial jurisdiction that the online world can represent. Australia has laws to prevent cybercrime, but laws are ineffective if the perpetrator resides in another country, if the crime was committed in another jurisdiction, and if the company whose security was breached is based overseas. Investigations conducted by the OAIC most often result in extrajudicial results. For example, a joint investigation by the Australian Data Protection Commissioner and the Canadian Data Protection Commissioner into a high-profile hacking breach of confidential data from adult online dating service Ashley Madison led the company to make a binding commitment under section 33E of the Privacy Act. Currently, there is no law in Australia that prohibits the use of a near-field beacon or communication technology. Currently, there is no law in Australia prohibiting the use of honeypot technology or similar autonomous deception measures. Currently, there is no law in Australia that prohibits organizations from monitoring or intercepting electronic communications on their networks.
1.3 Are there factors that could mitigate a penalty or constitute an exception to any of the above offences (e.g., if the offence involves “ethical hacking” without intent to cause harm or financial gain? A law that significantly expands the hacking capabilities of Australian authorities investigating suspected cybercriminals has been passed by the country`s Senate. The following laws in Australia relate to cybersecurity: the Data Protection Act (Cth) (“Data Protection Act”); the Crimes Act 1914 (Cth); the Critical Infrastructure Security Act, 2018 (Cth); code (Cth); and the Telecommunications (Interception and Access) Act 1979 (Cth). As an example of state legislation criminalizing the hacking of private computer systems, Part 6 of the New South Wales Crimes Act 1900 (“NSW Crimes Act”) describes several crimes that focus on unauthorized access, alteration or interference with restricted data and electronic communications.