Saturday, May 14, 2011

Impact of the Criminal Justice Bill on the investigation of cybercrime

The Minister for Justice yesterday published the Criminal Justice Bill 2011 (pdf) which is primarily aimed at white collar crime and unsurprisingly aims to facilitate the investigation of banking and financial crimes in particular (press release | Irish Times). It will, however, also have a significant impact on the investigation and prosecution of cybercrime.

Under section 3, the Bill applies to “relevant offences” which, as set out in Schedule 2, includes the offence of dishonest use of a computer. In addition, the Bill allows the Minister to add crimes to the list of "relevant offences" including "criminal acts involving the use of electronic communications networks and information systems or against such networks or systems or both". Consequently, assuming the Minister uses this power, the majority of computer crimes are likely to be subject to the provisions of this Bill.

As summarised in the press release, the key parts of the Bill are:
• A new system to make more effective use of detention periods. This will allow persons arrested and detained for questioning by the Gardaí to be released and their detention suspended so that further investigations can be conducted during the suspension period.

• New powers for the Garda Síochána to apply to court for an order to require any person with relevant information to produce documents, answer questions and provide information for the purposes of the investigation of relevant offences. Failure to comply with such an order will be an offence.

• Measures relating to how documents are to be produced to the Gardaí. These measures are aimed at reducing the delays associated with the production of large volumes of poorly ordered and uncategorised documents to the Gardaí in the course of their investigations.

• Measures to prevent unnecessary delays in investigations arising from claims of legal privilege.

• The creation of a new offence, similar to the former misprision of felony offence, which relates to the failure to report information to the Gardaí.
Also, though not mentioned in the press release, s.18 of the Bill will make the admission of documentary and electronic evidence in criminal trials significantly easier by establishing new presumptions regarding the creation, ownership and receipt of documents.

These provisions would dramatically change the rules governing the investigation and prosecution of computer crime in Ireland. Take two examples. The proposed offence of failing to report information would create a positive duty to report computer crimes to the Gardaí - with failure to do so carrying a term of imprisonment of up to five years. One wonders whether this is workable and what effect it might have on the work of computer security researchers. Similarly, the new power to order the production of documents includes a requirement that such documents be provided in decrypted form or that a password be provided (s.15(6)), which appears to address the gap in the law revealed by the encrypted Anglo Irish Bank files.

This is certainly one to watch for anyone with an interest in cybercrime in Ireland, and I'll be coming back to it as it progresses through the Oireachtas.

No comments:

Post a Comment