INFORMATION FOR:
	Early Childhood
	Schools
	Kids
	Parents
	Young Adults
	Adults
	Businesses
	Counsellors
	Community Groups
INFORMATION ABOUT:
	Law enforcement & e-Crime
	Criminal Law & the Net
	Legal and Illegal Pornography
	Computer Security - The Net Basics & More
	Privacy & Anonymity on the Net
	Internet Infrastructure
	Sex Offenders & Grooming
	Internet Fraud, Identity Theft, Spam and Scams
	Conferences
	International Perspective
	Products & Services
	Mobile Phone Safety
	Online Gambling
	Copyright Law
	Training
RESOURCES:
	Interviews
	Policies, Use Agreements and Other Resources
	Articles
	Community Contacts
	Research

EXISTING LAW - CASE STUDY 1

Case Study 1 - R v Andrew Garrett T002242
_______________________________________________________________________

In this recent case, Helen Gilbert, prosecuted the offender, Mr Andrew Garrett, for identity theft crimes.

Mr Garrett used a programme called "back orifice", which was a Trojan horse programme. He used it to access a large number of computers and to obtain information stored on those computers including the users' Internet names and passwords.

For those of you who have not encountered a Trojan horse programme, it is a programme that appears to be good or harmless but in reality is hiding something malicious.

Mr Garrett sent this Back Orifice programme to a number of people. On one occasion, this programme was attached to a game called Potato. This was a child's game played on the computer. You can pull pieces of the potato apart and put different arms and legs on it. Like a computerised Lego. In fact, as soon as the computer user opens the attachment and starts to play the game, Back Orifice is activated on the user's system. This gave Mr Garrett (and anyone else who had the other half of the Back Orifice programme) complete access to that user's computer without the user's knowledge. Therefore any material which the user had saved or stored on his computer for example his user name and password to access the internet, personal information such as personal contacts, or any file saved on the computer could be copied, deleted or browsed through by Mr Garrett without the user's knowledge or permission. He could also capture the user's screen. That means he could see what the user was currently looking at or typing - again without the user having any idea.

When the Police arrested Mr Garrett and seized his computer, an analysis of his computer showed that he had obtained vast quantities of material from at least 40 different computer users throughout New Zealand, without their knowledge or permission. A number of users came to Court and were shown information that was found on Mr Garrett's computer, that in fact originated from their computer.

Another thing Mr Garrett was able to do was to send pop-up messages to the victim computer. The user would have no idea where this box came from or how to stop it from re-occurring.

Offences Charged

Mr Garrett was charged with the following offences:

1 Wilful damage - s298 Crimes Act 1961 (max 5 years imprisonment)

Here, the Crown alleged that Mr Garrett sent this Potato game by email, knowing that when the user opened the email it would infect his computer with the Back Orifice programme. He was charged with damaging the software. There were legal arguments over whether sending a programme like this could be wilful damage. This charge would usually be used where for example someone took an axe to a car. Here the external appearance of the computer was unchanged and undamaged, though the system had now been opened up to unwanted interference. The court allowed this charge to go before the jury on the basis that the function of the computer had been affected causing it to behave in a way unexpected by the owner and causing the owner time and money to fix it. The jury could not decide on this charge at the end of the trial.

2 Using a document with intent to defraud - s229A Crimes Act 1961 (max 7 years imprisonment)

There were four charges of using a document, the document being the Back Orifice programme. The elements which the Crown must prove under this offence are fairly involved. This charge would usually be used for someone who takes a cheque, alters it and then uses it to gain some benefit or monetary payout. To prove this charge, the Crown had to show:

(a) An intent to defraud, i.e. dishonest intent;

(b) The use of a document (in this case the use of Back Orifice);

(d) That the document (Back Orifice) was used for the purposes of obtaining (for himself or any other person) a privilege or benefit.

3 Reproducing a document with intent to defraud - s266A Crimes Act 1961 (max 10 years imprisonment)

The third group of offences was reproducing a document. In other words, making an identical copy of the information. Therefore, when Mr Garrett copied files, passwords and information from users' computers without their permission or knowledge, he reproduced the document. The difficulty with this charge is that it must be an identical copy so if you hand wrote the information seen on the system, e.g. a password, you would not be reproducing it.

4 Threatening property - s307 Crimes Act 1961 (max 3 years imprisonment)

The fourth and final charge was one charge of threatening property and this refers to the pop-up box Mr Garrett sent.

Outcome of the Prosecution

Mr Garrett was found guilty of four charges of reproducing a document and one charge of threatening property. The jury were hung (that is they couldn't decide) on the other charges. Although the prosecution went to great lengths to try and help the jury understand these offences, even to the extent of starting up two computers in Court and simulating a Back Orifice infection, at least one jury member could not understand and the Judge received this note from the jury:

"For the ten charges we have made our decisions on all of them, but for at least half of them we can not give a certain decision on because of a person who has limited, or no understanding of the evidence shown to us"

For those of you who have not been involved with a jury, neither the prosecution or the defence can ask the jury any questions when choosing them or during the course of the trial. Therefore, we cannot check that the jurors have ever switched on a computer or used the Internet.

Sentencing

Mr Garrett was sentenced to a 6 month prison sentence suspended for 12 months. This means he didn't have to go to prison, although if he committed another offence during those 12 months, he could be made to go to prison for those 6 months in addition to any new penalty for the new offence. He also had to complete 200 hours of community service.

The District Court Judge was bound by an earlier High Court decision of R v Henderson (High Court, Auckland, AP43/79). In that case the offender, Mr Henderson, had obtained credit card details from an Internet site. He used those credit card details to place a number of orders over the internet. He created false driver's licences using the details from the credit cards and then hired cars using the false driver's licenses. He also obtained multiple telephone and internet connections with three different service providers using the false identification. Mr Henderson gained about $60,000 worth of goods and services from this fraud.

This man had a number of previous convictions for dishonesty. When he was initially sentenced, the District Court Judge placed emphasis on the fact that the internet had been used to perpetrate a very sophisticated scam. In particular the potential for dishonest people to abuse the internet affecting legitimate operators. The Judge sentenced Mr Henderson to five years' imprisonment.

Mr Henderson appealed. The High Court reduced his sentence from 5 to 3 years imprisonment. The High Court did not agree that Mr Henderson should get a higher sentence just because the internet was used to perpetrate the fraud.

Criminal Law & the Net

EXISTING LAW - CASE STUDY 1

EXISTING LAW - CASE STUDY 2

SUMMARY OF EXISTING LAW

PROPOSED CHANGES TO LAW

Be sure to meet Hector while visiting this website!