[LINK] Can NPP legally conduct secret pen tests on banks?

Brendan brendansweb at optusnet.com.au
Tue Sep 3 11:59:21 AEST 2019

On 3/9/19 10:07 am, Roger Clarke wrote:
> Secret penetration tests, fines for banks under PayID security crackdown
> NPP deploys ‘unilateral’ protections to harden network.
> [I wonder how this squares up with the computer offences provision in s.476 of the what we called (for over a century?) the Crimes Act, but is now the Schedule to the Criminal Code Act:
> http://www8.austlii.edu.au/au/legis/cth/consol_act/cca1995115/sch1.html
> (then search for 476)
> [The mixture of incompetence and obstructiveness of the AGD's legislative draftsdonkeys is on full display in this area.  Critical law isn't in sections of a principal statute, but is buried deep down in a Schedule.  And of course it's expressed in the most excruciatingly messy structure and text imaginable.]

I have previously commented on the drafting of unauthorised access provisions.

> [Does anyone know whether:
> 1.  s.476 has the effect of criminalising pen testing?

Penetration testing can result in unauthorised access to data. So, if you're going to do it, you should make sure you have authorisation to access all data on the network that you're testing.

More information about the Link mailing list