Meanwhile, a look-see hacker breaks into a university computer without doing any damage. He doesn't delete any files. He FTPs a public-domain file from another system and quietly tucks it away in a hidden, unused corner of the university machine. Maybe he writes a message to someone else on-line. If caught, the law, as interpreted by the AFP and the DPP, says he faces up to ten years in prison. The reason? He has inserted or deleted data.
Although the spy hacker might also face other charges—such as treason—this exercise illustrates some of the problems with the current computer crime legislation.
The letter of the law says that our look-see hacker might face a prison term five times greater than the bank fraud criminal or the military spy, and twenty times greater than the anti-Liberal Party subversive, if he inserts or deletes any data. The law, as interpreted by the AFP, says that the look-see hacking described above should have the same maximum ten-year prison penalty as judicial corruption. It's a weird mental image—the corrupt judge and the look-see hacker sharing a prison cell.
Although the law-makers may not have fully understood the technological aspects of hacking when they introduced the computer crimes legislation, their intent seems clear. They were trying to differentiate between a malicious hacker and a look-see hacker, but they could have worded it better.
As it's worded, the legislation puts malicious, destructive hacking on a par with look-see hacking by saying that anyone who destroys, erases, alters or inserts data via a carrier faces a prison term, regardless of the person's intent. There is no gradation in the law between mere deletion of data and `aggravated deletion'—the maximum penalty is ten years for both. The AFP has taken advantage of this lack of distinction, and the result has been a steady stream of look-see hackers being charged with the most serious computer crime offences.
Parliament makes the laws. Government institutions such as the AFP, the DPP and the courts interpret and apply those laws. The AFP and to some extent the DPP have applied the strict letter of the law correctly in most of the hacking cases described in this book. They have, however, missed the intention of the law. Change the law and they may behave differently. Make look-see hacking a minor offence and the institutions will stop going after the soft targets and hopefully spend more time on the real criminals.
I have seen some of these hackers up close, studied them for two years and learned a bit about what makes them tick. In many ways, they are quintessentially Australian, always questioning authority and rebelling against `the establishment'. They're smart—in some cases very smart. A few might even be classified as technical geniuses. They're mischievous, but also very enterprising. They're rebels, public nuisances and dreamers.
Most of all, they know how to think outside the box.
This is not a flaw. Often, it is a very valuable trait—and one which pushes society forward into new frontiers. The question shouldn't be whether we want to crush it but how we should steer it in a different direction.