[LINK] RFI: Legality of Pentesting
Tom Worthington
tom.worthington at tomw.net.au
Sat Sep 5 10:21:21 AEST 2015
On 04/09/15 07:53, Roger Clarke wrote:
> [I wonder how the Cyber Security Challenge stacks up against the
> computer crimes provisions in the Criminal Code Act 1995, Schedule 1
> at ss. 476-478 and the Telecommunications offences ...
Students should not test the security of computer systems without the
consent of the owner (at least that is what I tell them when teaching IT
ethics at ANU).
If you are accessing a computer system with consent, it is not a crime,
unless you break some other law, for example to do with the privacy of
individual's data on the system (but I am not a lawyer).
To avoid collateral damage, ADFA has a "cyber-range": a network isolated
from the public, for security testing and training:
http://blog.tomw.net.au/2013/03/cloud-computing-at-northrop-grumman.html
> [Or does the competition rely on some 'it's okay if the government
> breaks the law' provision?
Some government officials are authorized to things ordinary citizens
can't, but I doubt that breaking into computer systems just to see if
you can, is one of them.
ps: When working at Defence HQ, I found that in an emergency I just
needed the Minister to sign a letter and could take over any of the
Australian telecommunications network required.
--
Tom Worthington FACS CP, TomW Communications Pty Ltd. t: 0419496150
The Higher Education Whisperer http://blog.highereducationwhisperer.com/
PO Box 13, Belconnen ACT 2617, Australia http://www.tomw.net.au
Liability limited by a scheme approved under Professional Standards
Legislation
Adjunct Senior Lecturer, Research School of Computer Science,
Australian National University http://cs.anu.edu.au/courses/COMP7310/
More information about the Link
mailing list