Is Hacking a Crime in Ireland?

I am not a criminal lawyer, and the extent of my involvement in the criminal legal process was when representing a child victim of a crime as a curator ad litem (a frustrating process at the best of times).
Accordingly this piece of writing is an explorative piece, hopefully to be read by people more conversant than I in the vagaries of the criminal process, and hopefully to engender some conversation around what has become an alarmingly common occurrence:
My G-Mail account was hacked. The G-Mail Security Log identified the IP address from which the hack emanated. It was 185.32.152.108. Upon investigation it was determined that this IP address was used by Leeson Telecom Limited, who are situated at Trinity Street, Dublin, and appear to be a broadband service provider. They are better known by their trading name HostIreland. I telephoned Leeson and a very polite gentleman confirmed that the IP address did indeed belong to one of their customers.
When I asked him for the name of the customer he asked me to e-mail their support team with the details of my hack. I did so. The receipt of my e-mail was confirmed and subsequently I was informed that the matter was being handled by a Director of HostIreland, a Mr Ben Kitchins. I was impressed by the rapid response and felt that I was hot on the heels of my attacker.
Very soon thereafter I was e-mailed by Mr Kitchins who informed me that they could not provide me with the information that I requested, and he very kindly advised me to contact Google. Unfortunately, Google were the ones who contacted me in the first place.

Due to my lack of knowledge of the criminal law, I am confused, as it all seemed fairly straightforward until Mr Kitchins burst my bubble by declining to name the offending customer.

 

My research informs me that the two main offences regarding hacking in Ireland are found in the Criminal Damage Act 1991. The basic hacking offence covered in Section 5 prohibits the accessing of another person’s data, via a computer, without that said person’s consent. Section 2 of the Act supplements Section 5, by creating further offences such as the damaging of data by way of a computer. Both offences must occur ‘without lawful excuse.’
Section 5(1) reads:
(1) A person who without lawful excuse operates a computer- (a) within the State with intent to access any data kept either within or outside the State, or (b) outside the State with intent to access any data kept within the State, shall, whether or not he accesses any data, be guilty of an offence and shall be liable on summary conviction to a fine not exceeding £500 or imprisonment for a term not exceeding 3 months or both.

Therefore, on the face of it, if somebody accesses my G-Mail account without my consent, it is an offence unless they have ‘lawful excuse’, which I am assuming means for a reason recognised as valid in law. I do not use my G-Mail account for any illegal activity, and even if I did one would assume a warrant would be issued and my account would be accessed along more conventional means. Therefore I can think of no objective grounds for ‘legally hacking’ my account. I am assuming that the intrusion was not by the NSA or suchlike as they would be in and out without my knowledge, whereas this hacker very kindly e-mailed a virus to every person on my mailing list, using my address – a source of great embarrassment (and hopefully nothing more as I have clients on that list), and seemingly another offence in terms of Section 2 of the abovementioned Act.
Accordingly, I can only assume that a criminal offence has been committed, and this is what I informed Mr Ben Kitchins of HostIreland. I have not received a reply from Mr Kitchins, but it is the Easter weekend. I have no doubt that once he knows that a crime has been committed, he will give up the name of the customer.
Section 7(2) of the Criminal Law Act of 1997 says that: “Where a person has committed an arrestable offence, any other person who, knowing or believing him or her to be guilty of the offence or of some other arrestable offence, does without reasonable excuse any act with intent to impede his or her apprehension or prosecution shall be guilty of an offence.”

That begs the question – is hacking an arrestable offence? And if it is, does this mean that a service provider who fails or refuses to give up the name of a client who has hacked somebody else’s account is an accessory after the fact? I have no doubt that a business as well established as HostIreland knows the answer to that one and I am eager to hear their reply, which I will share on this blog, for the information of individuals in a similar jam to the one in which I find myself.

This is unfamiliar territory to me, and I look forward to hearing some answers from those learned criminal lawyers out there.

About Neil van Dokkum

Neil van Dokkum (B. SocSc; LLB; LLM; PGC Con.Lit) Neil is a law lecturer and has been so since arriving in Ireland from South Africa in 2002. Prior to that Neil worked in a leading firm of solicitors from 1987-1992, before being admitted as an Advocate of the Supreme Court of South Africa (a barrister) in 1992. He published three books in South Africa on employment law and unfair dismissal, as well as being published in numerous national and international peer-reviewed journals. Neil currently specialises in employment law, medical negligence law, family law and child protection law. He dabbles in EU law (procurement and energy). Neil retired from practice in 2002 to take up a full-time lecturing post. He has published three books since then, “Nursing Law for Irish Students (2005); “Evidence” (2007); and “Nursing Law for Students in Ireland” (2011). He is an accredited and practising mediator and is busy writing a book, with Dr Sinead Conneely, on Mediation in Ireland. His current interest is Ireland’s energy policy and its impact on the people and the environment. He is also researching the area of disability as a politico-economic construct. Neil is very happily married to Fiona, and they have two sons, Rory and Ian.
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

6 Responses to Is Hacking a Crime in Ireland?

  1. Hugo Grotius says:

    This hacking of e-mail seems to be a regular occurrence and something that the police do not have time to investigate unless there has been serious intrusion and theft or damage. This means that the service providers must step up and identify the culprits. In the Netherlands this is happening with more frequency and Ireland should follow suit. I think HostIreland should give you the name at once – they are sheltering a criminal otherwise.

    • Thank you Hugo. It is interesting that this is happening everywhere and unlike Ireland, the service providers are doing something about it. I am sure that HostIreland is aware of best international practice. I am still confident that they will give me the name. I will report it to our Garda but they have enough on their plate without having to go after each hacker. The service providers should take on the responsibility of policing their customers themselves. Confidentiality does not come into it – you cannot keep a crime in confidence, that makes you an accessory surely? What do others think?

  2. Georgina says:

    Hi Neil,

    I stumbled across this v informative post on my own research with regard to hacking. Can I ask whether you ever received a response or had the matter resolved. Thanks & regards,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s