Breaching an AUP a Crime In Western Australia 121
An anonymous reader writes "A recent court case highlights that breaching an acceptable use policy at work could land you in court in Western Australia: a police officer doing a search of the police database for a friend was fined — not for disclosing confidential police information, but for unlawful use of a 'restricted-access computer system' — cracking. More worryingly for West Australians, this legal blog points out that breaching any Acceptable Use Policy would seem to be enough to land you in jail for cracking — for example, using your internet connection to break copyright."
I don't see a problem with this (Score:4, Insightful)
I'm authorized to use the computer at work to search through medial records (I'm an Pharm.D), but I can get in trouble (and fined) for searching HIPAA records without cause.
And that's why US law is different. (Score:5, Insightful)
Malicious or stupid. Or both. (Score:5, Insightful)
TFA says right off the bat that in the case in question, Giles v Douglas, was charged under a CRIMINAL statute. Giles was granted special permission under certain specific conditions to use the police database. She did not adhere to those conditions and thus her use of the database was impermissible. Impermissible use of the database is a criminal offence (instance of s440). There's nothing special about this case.
Breaching the AUP is not a crime. Breaching the AUP in a manner that leads to committing a crime is also not a crime. BUT COMMITTING A CRIME IS A CRIME! It just so happens that an AUP is involved in the details of this case.
Re:I don't see a problem with this (Score:5, Insightful)
Exactly.
Almost nothing in this article suggests a vendor's AUP is the topic under discussion.
The guy was using a police database for pete sake. These things are always governed by special rules and regulations just like HIPAA.
Unlawful use of a 'restricted-access computer system' is not the same as an AUP issue. Once the system is covered or by a legal "Restricted-Access" designation its not an AUP.
Re:I don't see a problem with this (Score:3, Insightful)
Accessing a private system in a way that is forbidden by it's owner should get you fired. Accessing confidential information for personal reasons might be a breach of contract or, in the case of medical records and other sensitive information, even be illegal in its own right. However, simply misusing a private system shouldn't be a criminal act.
It seems to me that it could be likened to trespassing. A property owner could allow the public onto property providing that they abide by certain conditions. Failure to abide by those conditions would warrant getting kicked off the property. Refusal to leave would then constitute trespassing; however, trespassing would not occur the instant that an individual broke the conditions.
Accessing a system once authorization to use it has been revoked could be considered unauthorized use. Claiming that authorization is defacto revoked once the acceptable use policy is breached has the effect of using authorized use laws as a proxy to put breach of the acceptable use policy into the criminal code. That, I hope, goes against the intent of the law.
Huh? What's the problem? (Score:5, Insightful)
Re:I don't see a problem with this (Score:5, Insightful)
Being a police officer is very demanding. The same rules can not apply to them. The rules are stricter for them.
There, corrected that for you.