Updated: No protection against self-incrimination for computer access

POSTED BY Rick Shera
07 October 2010

posted in l@w.geek.nz

VIEWED 3429 TIMES

PERMALINK

Questions around removal of the protection against self incrimination came up in the debate over the Search & Surveillance Bill in 2009 and earlier this year. I remember thinking that people obviously didn't realise that protection was already circumscribed in relation to computer access and that the new Bill wasn't really adding to that.

I noticed today (via @ComputerWorldNZ) that a teenager has been imprisoned for 4 months in the UK for failure to give up a computer password.

Which prompted me to return to the issue and look up the similar provision here. As I recall, it was cunningly snuck in in the Terrorism Suppression Bill, but has much wider application than that.  It is now nicely hidden away in the Summary Proceedings Act (which is why I couldn't find it earlier).  That of course is one of the aims of the S&S Bill, to try to gather all these types of provisons together in one place, which is a good thing.  Unfortunately the Bill went a lot further than that but that's another story (PDF).

Anyway, now that I've found it, the current law reads (Updated: section 198B has been replaced by section 130 of the Search and Surveillance Act 2012 - see below):

198B Person with knowledge of computer or computer network to assist access
  • (1) A constable executing a search warrant may require a specified person to provide information or assistance that is reasonable and necessary to allow the constable to access data held in, or accessible from, a computer that is on premises named in the warrant.

    (2) A specified person is a person who—

    • (a) is the owner or lessee of the computer, or is in possession or control of the computer, or is an employee of any of the above; and

    • (b) has relevant knowledge of—

      • (i) the computer or a computer network of which the computer forms a part; or

      • (ii) measures applied to protect data held in, or accessible from, the computer.

    (3) A person may not be required under subsection (1) to give any information tending to incriminate the person.

    (4) Subsection (3) does not prevent a constable from requiring a person to provide information that—

    • (a) is reasonable and necessary to allow the constable to access data held in, or accessible from, a computer that—

      • (i) is on premises named in the warrant concerned; and

      • (ii) contains or may contain information tending to incriminate the person; but

    • (b) does not itself tend to incriminate the person.

    (5) Subsection (3) does not prevent a constable from requiring a person to provide assistance that is reasonable and necessary to allow the constable to access data held in, or accessible from, a computer that—

    • (a) is on premises named in the warrant concerned; and

    • (b) contains or may contain information tending to incriminate the person.

    (6) Every person commits an offence and is liable on summary conviction to a term of imprisonment not exceeding 3 months or a fine not exceeding $2,000 who fails to assist a constable when requested to do so under subsection (1).

The new provision in section 130 of the Search and Surveillance Act 2012 reads:
Normal 0 false false false EN-NZ X-NONE X-NONE

 

130 Duty of persons with knowledge of computer system or other data storage devices or Internet site to assist access

(1) A person exercising a search power in respect of any data held in a computer system or other data storage device may require a specified person to provide access information and other information or assistance that is reasonable and necessary to allow the person exercising the search power to access that data.

(2) A specified person may not be required under subsection (1) to give any information tending to incriminate the person.

(3) Subsection (2) does not prevent a person exercising a search power from requiring a specified person to provide information or providing assistance that is reasonable and necessary to allow the person exercising the search power to access data held in, or accessible from, a computer system or other data storage device that contains or may contain information tending to incriminate the specified person.

(4) Subsections (2) and (3) are subject to subpart 5 of this Part (which relates to privilege and confidentiality).

(5) In this section,—

specified person means—

(a) a user of a computer system or other data storage device or an Internet site who has relevant knowledge of that system, device, or site; or

(b) a person who provides an Internet service or maintains an Internet site and who holds access information

user, in relation to a computer system or other data storage device or an Internet site, means a person who—

(a) owns, leases, possesses, or controls the system, device, or site; or

(b) is entitled, by reason of an account or other arrangement, to access data on an Internet site; or

(c) is an employee of a person described in paragraph (a) or (b).

 

POSTED BY Rick Shera
07 October 2010

posted in l@w.geek.nz

VIEWED 3429 TIMES

PERMALINK

COMMENTS (0) Post a Comment

← BACK TO NEWS