I am not a criminal lawyer, and the extent of my involvement in the criminal legal process was when representing a child victim of a crime as a curator ad litem (a frustrating process at the best of times).
Accordingly this piece of writing is an explorative piece, hopefully to be read by people more conversant than I in the vagaries of the criminal process, and hopefully to engender some conversation around what has become an alarmingly common occurrence:
My G-Mail account was hacked. The G-Mail Security Log identified the IP address from which the hack emanated. It was 188.8.131.52. Upon investigation it was determined that this IP address was used by Leeson Telecom Limited, who are situated at Trinity Street, Dublin, and appear to be a broadband service provider. They are better known by their trading name HostIreland. I telephoned Leeson and a very polite gentleman confirmed that the IP address did indeed belong to one of their customers.
When I asked him for the name of the customer he asked me to e-mail their support team with the details of my hack. I did so. The receipt of my e-mail was confirmed and subsequently I was informed that the matter was being handled by a Director of HostIreland, a Mr Ben Kitchins. I was impressed by the rapid response and felt that I was hot on the heels of my attacker.
Very soon thereafter I was e-mailed by Mr Kitchins who informed me that they could not provide me with the information that I requested, and he very kindly advised me to contact Google. Unfortunately, Google were the ones who contacted me in the first place.
Due to my lack of knowledge of the criminal law, I am confused, as it all seemed fairly straightforward until Mr Kitchins burst my bubble by declining to name the offending customer.
My research informs me that the two main offences regarding hacking in Ireland are found in the Criminal Damage Act 1991. The basic hacking offence covered in Section 5 prohibits the accessing of another person’s data, via a computer, without that said person’s consent. Section 2 of the Act supplements Section 5, by creating further offences such as the damaging of data by way of a computer. Both offences must occur ‘without lawful excuse.’
Section 5(1) reads:
(1) A person who without lawful excuse operates a computer- (a) within the State with intent to access any data kept either within or outside the State, or (b) outside the State with intent to access any data kept within the State, shall, whether or not he accesses any data, be guilty of an offence and shall be liable on summary conviction to a fine not exceeding £500 or imprisonment for a term not exceeding 3 months or both.
Therefore, on the face of it, if somebody accesses my G-Mail account without my consent, it is an offence unless they have ‘lawful excuse’, which I am assuming means for a reason recognised as valid in law. I do not use my G-Mail account for any illegal activity, and even if I did one would assume a warrant would be issued and my account would be accessed along more conventional means. Therefore I can think of no objective grounds for ‘legally hacking’ my account. I am assuming that the intrusion was not by the NSA or suchlike as they would be in and out without my knowledge, whereas this hacker very kindly e-mailed a virus to every person on my mailing list, using my address – a source of great embarrassment (and hopefully nothing more as I have clients on that list), and seemingly another offence in terms of Section 2 of the abovementioned Act.
Accordingly, I can only assume that a criminal offence has been committed, and this is what I informed Mr Ben Kitchins of HostIreland. I have not received a reply from Mr Kitchins, but it is the Easter weekend. I have no doubt that once he knows that a crime has been committed, he will give up the name of the customer.
Section 7(2) of the Criminal Law Act of 1997 says that: “Where a person has committed an arrestable offence, any other person who, knowing or believing him or her to be guilty of the offence or of some other arrestable offence, does without reasonable excuse any act with intent to impede his or her apprehension or prosecution shall be guilty of an offence.”
That begs the question – is hacking an arrestable offence? And if it is, does this mean that a service provider who fails or refuses to give up the name of a client who has hacked somebody else’s account is an accessory after the fact? I have no doubt that a business as well established as HostIreland knows the answer to that one and I am eager to hear their reply, which I will share on this blog, for the information of individuals in a similar jam to the one in which I find myself.
This is unfamiliar territory to me, and I look forward to hearing some answers from those learned criminal lawyers out there.