The Cybercrime Act 2001 (QLD) was introduced into Australian Parliament as a result of terrorist attacks that occurred on 11 September. However, there are concerns in regards to the breadth of investigative powers stipulated in the act.

The Cybercrime Act 2001 (QLD) was introduced into Australian Parliament as a result of terrorist attacks that occurred on 11 September. However, there are concerns in regards to the breadth of investigative powers stipulated in the act. These concerns include broad definitions that were adopted by legislation and persuading stakeholders to report cybercrime incidents.

Division 477.2 of the Cybercrime Act 2001 (QLD) stipulates that those “who access or modify computer data from a computer that they are not authorised access with the intention of committing a serious offence are punishable by five or more years imprisonment. However, the nature of the evidence obtained makes cybercrime complex to investigate and prosecute in contrast to crimes committed in the “real world”. One of the main problems with digital evidence is the limitations of its reliability and authenticity in capturing perpetrators. Digital evidence obtained can range from magnetisation, light pulses, radio signals and other means. This type of evidence is not only fragile, but it can also easily be exploited through editing.

Recommendations:

It is imperative that computer forensics needs to obtain more conclusive evidence in order to avoid a long, drawn-out process. Tools should be available to authorities of all levels that allow them to examine digital evidence without tampering with it. Trained forensics examiners should also be more desired in police stations as they can preserve data in preparation to present in court and can even recover deleted data. Also, an attempt should be made to reduce anonymity to a certain extend. A section should be added to the Cybercrime Act 2001 (QLD) that stipulates that whoever purchases a computer, handheld mobile device, tablet or laptop must have their contact details embedded into the devices before a transaction is complete. This would inarguably help authorities to discover the main perpetrator behind the use of any malicious programs if authorities were able to have access to aforementioned information during investigation.

Definitions within the Cybercrime Act 2001 (QLD) should be having more clarity and specificity within the scope. This allows offences to be confined to malicious activity. In particular to s476 of the Cybercrime Act 2001 (QLD) the word “unauthorised” should be further defined so that guidelines on identifying appropriate authority for access, destruction or modification of data can be used within cases. Both s477(2) and s477(3) should include the requirement of knowledge and intent, as opposed to “recklessness” which lacks clarity as a definition.