The Computer Crime Law in Ireland
The existing laws might have been suitable for the old traditional computer crime; the use of a mobile device to denial your keylogg access to your car may have no legal reference in any formal computer crime law.
This paper will point out some of the known legislations that exist in Ireland and the EU relating to computer crime, and the awareness in a computer forensic discipline. Introduction With the vast amount of business documents being written on computers, the popular use of email, transaction of business on the internet, computer keep most civil litigation evidence that exist in our present day. It is unimaginable for any business of a sizable scale to function properly, these days, without the use of computer or any form of computing device.
Unfortunately, what was designed to help solve almost all problem that exist, (being social networking, e-commerce, entertainment, personal dairy, communication), is posing a great threat to the society that should benefit from it. Imagine a company that buys used cars online and re-sell them to make profits, provides its employees with fast internet access. An employer search through the usual websites and found an interesting car at cheap price, instead of doing the transaction unbehalf of the company, he bought the car for himself.
The manager saw him with the car the next day and raised suspicion. He then consulted a forensic investigator to handle the case. Special procedures may have to be carried out during a computer forensic investigation in order that any information gathered is eligible for use in a court of law. The investigation revealed that he used his account to log on to the work computer for the deal during working hours. The investigator found something else, a child pornographic material on his computer. Is this a computer crime? r an abuse of company’s policy? , or something else?. Would the evidence found by an investigator contracted to do one job but did more be accepted in the court, if indicted? Would the Irish Data Protection Act of 1988 protect his secret from prosecution? or face Child Traffic and Pornographic Act 1998? Due to the fact that computer crime is generally new, specialized legislation is in place for some computer and digital specific criminal behaviour, and forensic investigators should be aware of this.
The Irish Computer Crime Law The Irish Legislations that are relevant in the area of computer crime are the Criminal Damage Act, 1991, and the recent Criminal Justice (Theft and Fraud Offences) Act, 2001. The Criminal Damage Act, 1991, Section 2(1) introduced the offence of damage to property, defined as – “a person who without lawful excuse damages any property belonging to another intending to damage any such property or being reckless as to whether any such property should be damaged is guilty of an offence”.
Property includes data and damage to data includes the addition, alteration, corruption, erasure, or movement thereof, or introduction of a virus therein, which causes damage. It shall be noted that the offence requires the absence of “lawful excuse” and, in addition, requires the accused to act with intent or recklessness. Summary conviction or on indictment carries different penalties. On summary conviction the penalties are a fine of up to €1,270 or imprisonment for up to 12 months, while on indictment; the penalties are a fine of up to €12,700 or imprisonment for up to 10 years, or both.
The 1991 Act introduced a range of offences. Section 3 of the 1991 Act introduced the offence of threatening to damage property and Section 4 introduced the offence of possession of any thing with intent to damage property. Both carry the same penalties as a Section 2 offence Section 5 then introduced the offence of operation of a computer with intent to access data without lawful excuse. The offence is efined as – “a person who without lawful excuse operates a computer within the State with intent to access any data kept either within or outside the State, or outside the State with intent to access any data within the State, shall whether or not he accesses any data, be guilty of an offence”. The penalties on a conviction offender are a fine of up to €634, or imprisonment for up to 3 months. The recent update in Irish legislation, regarding computer-related crime in Ireland extends the previous Act and introduced the Criminal Justice (Theft and Fraud) Offences Act, 2001.
The 2001 Act introduced various new offences into Irish law, most importantly, the Act which appear under Section 9. Section 9 states – “a person who dishonestly, whether within or outside the State, operates or causes to be operated a computer within the State with the intention of making a gain for himself or herself or another, or of causing loss to another, is guilty of an offence”. This section introduced the concept of “dishonesty” into Irish computer related crime.
The offender can be located either inside or outside the State and is required to act dishonestly, meaning “without a claim of right made in good faith”. The operation of a “computer” is required. The ever-increasing development of technology available to commit crime over the internet requires international co-operation beyond ordinary domestic legislation. Section 9 of the 2001 Act, which aim at a person, “whether within or outside the State”, point out the possibility of jurisdictional issues that comes up, and has allowed the courts to try an offender irrespective of their location at the relevant time. operates” physical machine must be operated from the state or cause to be operated; doesn’t require physical control of the machine, can be remotely controlled outside of the state. Section 9 of the 2001 Act, the presence of intent is required, that could relate to the unauthorised access of another’s computer or, alternatively, authorised access of a computer for unauthorised purposes bad faith use e. g. DOS.
The intention must be to make a gain, whether for himself, or herself, or another, or, alternatively, to cause a loss to another. This carries a more severe offence than existed law under the 1991 Act. An indictable offence that carries a potential fine of unspecified amount, or maximum of 10 years in prison, or both. Privacy and Data Protection Even if the Irish Constitution of 1937 does not clearly state the right to privacy, in the Kennedy & Arnold v Ireland  IR 587, the Irish court recognised the existence of this law.
Article 8 of the European Convention on Human Rights provides that: • Everyone has the right to respect for his private and family life, his home and correspondence. • There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
The Irish Data Protection Act 1988 was passed on 13 July 1988, and implemented on 19 April 1989. This Act established the Irish Data Protection Commission. The Irish legislation was updated in 2003 by the Data Protection (Amendment) Act, which incorporates Directive 95/46/EC into Irish law. The law means Data protection is about your fundamental right to privacy.
You may access and correct data about yourself, but those who keep data about you have to comply with Data Protection Act. An individual or an organisation that collects stores or processes any data about living people on any type of computer or in a structured filing digital system, found guilty of an offence under the Acts can be fined amounts up to €100,000, on conviction on indictment and/or may be ordered to delete all or part of the database.
There are two major sections in 2003 Data Protection amendment; (1) Manual data which are held in filing systems, that is data that is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system. (2) Relevant filing system means that the set is structured in such a way that specific information relating to a particular individual is readily accessible