Breaching an AUP a Crime In Western Australia

An anonymous reader writes "A recent court case highlights that breaching an acceptable use policy at work could land you in court in Western Australia: a police officer doing a search of the police database for a friend was fined — not for disclosing confidential police information, but for unlawful use of a 'restricted-access computer system' — cracking. More worryingly for West Australians, this legal blog points out that breaching any Acceptable Use Policy would seem to be enough to land you in jail for cracking — for example, using your internet connection to break copyright."

I don't see a problem with this

I'm authorized to use the computer at work to search through medial records (I'm an Pharm.D), but I can get in trouble (and fined) for searching HIPAA records without cause.

Re:I don't see a problem with this

[icebike]

Exactly.

Almost nothing in this article suggests a vendor's AUP is the topic under discussion.

The guy was using a police database for pete sake. These things are always governed by special rules and regulations just like HIPAA.

Unlawful use of a 'restricted-access computer system' is not the same as an AUP issue. Once the system is covered or by a legal "Restricted-Access" designation its not an AUP.

Re:I don't see a problem with this

The problem here, is that this person is a police officer, yet he is being charged with a crime. Being a police officer is very demanding, and the same rules can not apply to them.

Re:I don't see a problem with this

[Lorens]

Being a police officer is very demanding. The same rules can not apply to them. The rules are stricter for them.

There, corrected that for you.

And that's why US law is different.

[Jane+Q.+Public]

So far, the courts in the U.S. have ruled against such an idea, because in effect it would let companies define the law for themselves, at whim.

Re:And that's why US law is different.

[Carewolf]

How could breach of contract EVER be a crime?? It is a breach of contract, not a violation of a law, when you breach a contract you get the consequences listed in the contract, or if you refuse them a civil law suit, but not a fine and not a prison sentence.

Re:And that's why US law is different.

[vux984]

Contracts that aren't signed are one thing, but if both parties have signed it, then it is a "Breach of contract", and definitely a crime in the US.

Breach of contract is NEVER a crime in the US.

When you borrow money from the bank, and then miss a payment, you are in breach of contract. That's not illegal. You aren't a criminal. Its not a crime.

The contract may spell out consequences when you are in breach that you may be subject to (such as having the full loan amount being immediately repayable...) and the bank can sue you for damages caused by you not making your payment... and so forth.

Pretty sure article/summary is overboard

[rrossman2]

It's no different than having access to a system tied into say patient records. There's no need or reason for you to go looking at information on someone else who you aren't treating or don't have permission to look at (for example in the US you have to sign papers for doctors to transfer your medical records etc to another doctors office).

I think the article is extrapolating something to include everything, where it shouldn't

Malicious or stupid. Or both.

[SpeedyDX]

TFA says right off the bat that in the case in question, Giles v Douglas, was charged under a CRIMINAL statute. Giles was granted special permission under certain specific conditions to use the police database. She did not adhere to those conditions and thus her use of the database was impermissible. Impermissible use of the database is a criminal offence (instance of s440). There's nothing special about this case.

Breaching the AUP is not a crime. Breaching the AUP in a manner that leads to committing a crime is also not a crime. BUT COMMITTING A CRIME IS A CRIME! It just so happens that an AUP is involved in the details of this case.

restricted-access computer system

[AfroTrance]

restricted-access computer system means a computer system in respect of which —

(a) the use of a password is necessary in order to obtain access to information stored in the system or to operate the system in some other way; and

(b) the person who is entitled to control the use of the system —

(i) has withheld knowledge of the password, or the means of producing it, from all other persons; or

(ii) has taken steps to restrict knowledge of the password, or the means of producing it, to a particular authorised person or class of authorised person;

The definition of 'restricted-access computer system'. My interpretation of this, is that a police database would fall under this, but an internet connection would not. But the law isn't worded very well. It seems it was added in 1990, and written by someone with little understanding of computers.

Huh? What's the problem?

[adamofgreyskull]

Another misuse of the "Your Rights Online" tag and there are already a metric crap-tonne of morons saying that this is awful. It's a blog post that completely misses the fucking point. If wikileaks had reported that Australian police were allowed to look up information on citizens without a valid reason (i.e. for shits and giggles) everyone would be up in arms saying, "Isn't this terrible?". This isn't just a breach of an Acceptable Use Policy, it's against the law, for some very fucking good reasons. There are laws and procedures in place to stop simple invasions of privacy (like this) but also to stop criminals from bribing corrupt Police Officers to look up information for them.