Salter v The Director of Public Prosecutions (NSW)

Case

[2011] NSWCA 190

14 July 2011

Court of Appeal


Supreme Court


New South Wales

Medium Neutral Citation: Salter v The Director of Public Prosecutions (NSW) [2011] NSWCA 190
Hearing dates:30 May 2011
Decision date: 14 July 2011
Before: Allsop P at [1]
McClellan CJ at CL at [2]
Sackville AJA at [33]
Decision:

1. Leave to appeal granted.

2. Appeal dismissed.

3. No order as to costs.

[Note: The Uniform Civil Procedure Rules 2005 provide (Rule 36.11) that unless the Court otherwise orders, a judgment or order is taken to be entered when it is recorded in the Court's computerised court record system. Setting aside and variation of judgments or orders is dealt with by Rules 36.15, 36.16, 36.17 and 36.18. Parties should in particular note the time limit of fourteen days in Rule 36.16.]

Catchwords: APPEAL - s308H Crimes Act 1900 - unauthorised access to restricted data - ulterior purpose for access - can 22 convictions be considered oppressive - leave to appeal granted - appeal dismissed.
Legislation Cited: Crimes Act 1900
Crimes Act 1914 (Cth)
Crimes (Appeal and Review) Act 2001
Crimes Amendment (Computer Offences) Act 2001 (NSW)
Interpretation Act 1987 (NSW)
Supreme Court Act 1970
Cases Cited: Australian Boot Trade Employees Federation v Whybrow & Co (1910) 11 CLR 311
Ballysingh (1953) 37 Cr App R 28
Barker v R [1983] HCA 18
Director of Public Prosecutions v Merriman [1973] AC 584
Director of Public Prosecutions v Murdoch (1993) 1 VR 406
Gilmour v DPP (Cth) (1995) 43 NSWLR 243
Category:Principal judgment
Parties: Natalie Maree Salter (Applicant)
Director of Public Prosecutions (NSW) (Respondent)
Representation: J L Glissan QC/W J Wilcher (Applicant)
D Arnott SC (Respondent)
Prime Lawyers (Applicant)
Director of the Office of Public Prosecutions (NSW) (Respondent)
File Number(s):2010/133061
 Decision under appeal 
Date of Decision:
2010-04-30 00:00:00
Before:
Magistrate O'Shane
File Number(s):
H32557587

Judgment

  1. ALLSOP P: I agree with the orders proposed by the Chief Judge at Common Law and with his Honour's reasons.

  1. McCLELLAN CJ at CL: The applicant was charged and convicted in the Local Court of 22 breaches of s 308H of the Crimes Act 1900 ("the Act"). She appealed to the Supreme Court. Because of the history of the proceedings Hidden J referred that appeal to this Court without expressing any opinion in relation to the merits of the appeal.

  1. The applicant seeks leave to appeal in this Court in accordance with s101(2)(h) Supreme Court Act 1970.

  1. The original proceedings in the Local Court were heard by Magistrate O'Shane. On 24 June 2008 her Honour made a decision with respect to what were referred to as "preliminary matters." An appeal was brought from that decision which was heard by R S Hulme J. His Honour purported to dismiss the appeal and the matter came before this Court. This Court concluded that there was no judgment or order amenable to appeal, set aside the orders of R S Hulme J and dismissed the summons. In the course of his reasons Spigelman CJ indicated that the Court expected that the proceedings would continue in the Local Court and that the issues which were sought to be raised would, if the applicant was convicted, be ventilated either by way of appeal to the District Court or by an appeal to the Supreme Court pursuant to s 52(1) or 53(1) of the Crimes (Appeal and Review) Act 2001. As it happens the applicant was convicted and now seeks to raise the issues in this Court which had previously been ventilated.

  1. Section 308H of the Act is in the following terms:

"Unauthorised access to or modification of restricted data held in computer (summary offence)
(1) A person:
(a) who causes any unauthorised access to or modification of restricted data held in a computer, and
(b) who knows that the access or modification is unauthorised, and
(c) who intends to cause that access or modification,
is guilty of an offence.
Maximum penalty: Imprisonment for 2 years.
(2) An offence against this section is a summary offence.
(3) In this section:
restricted data means data held in a computer, being data to which access is restricted by an access control system associated with a function of the computer."

  1. The Act provides the meaning of "unauthorised access modification or impairment" in s 308B. That section is as follows:

"(1) For the purposes of this Part, access to or modification of data, or impairment of electronic communication, by a person is unauthorised if the person is not entitled to cause that access, modification or impairment.
(2) Any such access, modification or impairment is not unauthorised merely because the person has an ulterior purpose for that action.
(3) For the purposes of an offence under this Part, a person causes any such unauthorised access, modification or impairment if the person's conduct substantially contributes to the unauthorised access, modification or impairment."

  1. The relevant facts can be shortly stated. The applicant was a serving police officer with the rank of sergeant. By reason of her position she was entitled to access the police computer system commonly referred to as the "COPS" database. On 22 January 2007 the applicant accessed the COPS system and looked at 22 screens of different data during an 11 minute period. The information on the screens was not relevant to any current investigation then being undertaken by the NSW Police Service.

  1. The applicant was motivated to access the COPS system when Mr Garibaldi, with whom she had a personal relationship, told her that Mr Garibaldi's partner, Karen Griffiths, was pregnant with his child. The applicant threatened to tell Ms Griffiths about their relationship but Mr Garibaldi discouraged her from doing so. The restricted data which the applicant accessed related to Mr Garibaldi, Ms Griffiths, a premises at Bondi and persons associated with those premises.

  1. The agreed statement of facts indicated that, although the applicant was authorised to access the COPS system in the course of her duties, she did not access the relevant information in the course of her duties as a police officer.

  1. The agreed statement indicated that the applicant "accessed 22 discrete pieces of data on the COPS system (police computer system)" between 11.58 am and 12.09 am.

  1. There are two issues. The first issue is whether the applicant, by reason of her authority to access the COPS database, could be guilty of a breach of s 308H of the Act. The second issue was originally expressed as "whether the charges brought are unfair with reference to the law of duplicity."

Authority

  1. Section 308H(1) makes it an offence for a person to knowingly have unauthorised access to restricted data. The COPS system is restricted data.

  1. Section 308B provides that access by a person "is unauthorised if the person is not entitled to cause that access." Section 308B(2) on which the applicant's argument relies provides that "any ... access ... is not unauthorised merely because the person has an ulterior purpose for that action."

  1. It was submitted by the applicant that the use of the word "any" in s 308B(2) operates to render all access "not unauthorised" for the purposes of s 308H of the Act where the person gaining access is otherwise authorised to do so. It was submitted that such an interpretation was consistent with the obligation to construe legislation in accordance with its natural and ordinary meaning unless this causes ambiguity: Australian Boot Trade Employees Federation v Whybrow & Co (1910) 11 CLR 311 at 341. Reliance was also placed on s 34 of the Interpretation Act 1987 (NSW).

  1. It was further submitted that the legislative intention that computer offences operate in this manner may be inferred from the fact that s 309(1) of the Act, which has been repealed, but which previously provided the relevant offence, expressed the offence by reference to a lack of "lawful excuse" in the person accessing the computer system. It was submitted that by not including the words "without ... lawful excuse" in s 308H it could be inferred that the Parliament intended s 308B(2) to operate in the way contended by the applicant.

  1. The ultimate submission by the applicant was that "the function of s308B of the Act is to provide a statutory defence to persons who are authorised to access a computer system, but do so for an ulterior motive."

  1. In my opinion the submission should be rejected.

  1. Section 308H(1) creates an offence where a person knowingly has unauthorised access to restricted data in the computer. Section 308B(1) provides that access is unauthorised if the person is not entitled to cause that access. Although an officer of the police service who has the relevant authority is entitled to access the system in furtherance of a task required of that person in the discharge of their duties as a police officer, they are not otherwise entitled to access the system.

  1. The object of s 308B(2) is to protect an officer who has a legitimate entitlement to access particular data but who may also have an ulterior purpose for that access. Accordingly, if there is a legitimate purpose even though there is also an ulterior purpose, the officer will not breach the Act.

  1. The parameters of the authority given to a police officer to access the COPS system are made plain by a warning screen which appears on each occasion a police officer enters the computer system. The screen provides the following:

"This computer system is the property of NSW Police. No person is allowed access other than for a lawful purpose. Your access is being monitored to ensure it is lawful ...
... Data on the system must NOT be disclosed to authorised persons and you are NOT authorised to access it for personal, demonstration or training reasons ...
If you proceed to use this system you acknowledge this warning and conditions. LOG OFF, if you do not accept them."

  1. The present issue is not dissimilar to that considered by the Court of Criminal Appeal in Gilmour v DPP (Cth) (1995) 43 NSWLR 243 where an employee of the Australian Tax Office was charged with a breach of s 76C of the Crimes Act 1914 (Cth). The offender had access via a password and user ID to the Tax office computer. He made entries granting tax-payers relief from obligations without the required authorisation from his superior to do so. The NSW Court of Criminal Appeal upheld his conviction for unlawful alteration of data. The fact that the offender was authorised to use the computer and had the capacity to make the entries was not accepted as an answer to the charge for the reason that he had no authority to alter the particular data in question. In the course of his judgment Dunford J referred to the following remarks by Hayne JA in Director of Public Prosecutions v Murdoch (1993) 1 VR 406 at 409:

"... Where, as is the case here, the question is whether the entry was with permission, it will be important to identify the entry and to determine whether that entry was within the scope of the permission that had been given. If the permission was not subject to some express or implied limitation which excluded the entry from its scope, then the entry will be with lawful justification but if the permission was subject to an actual express or implied limitation which excluded the actual entry made, then the entry will be 'without lawful authority to do so.'

  1. And (at 410):

In my view the section requires attention to whether the particular entry in question was an entry that was made without lawful authority. In the case of a hacker it will be clear that he has no authority to enter the system. In the case of an employee the question will be whether that employee had authority to affect the entry with which he stands charged. If he has a general and unlimited permission to enter the system then no offence is proved. If however there are limits upon the permission given to him to enter that system, it will be necessary to ask was the entry within the scope of that permission? If it was, then no offence was committed; if it was not, then he has entered the system without lawful authority to do so."

  1. In Murdoch a bank employee accessed the bank computer to enable him to overdraw his own account. He was found to have entered the computer system without lawful excuse. To a similar effect is the decision In Barker v R [1983] HCA 18 where the High Court held that a person who had permission to enter a building may nevertheless be a trespasser if entry is made for a purpose which was expressly or impliedly excluded by the terms of their permission.

  1. In the present case the applicant's authority to access data in the COPS system was confined. The access which she obtained was for a personal purpose having no relationship with any function she performed on behalf of the police.

  1. The applicant's reliance upon s 308B(2) is misplaced. That subsection has the purpose of ensuring that when a person accesses the COPS system exercising their authority they will not commit an offence "merely" because they have in addition some ulterior purpose. That was not the present case.

  1. I do not consider the repeal of s 309(1) to be of any consequence. It is apparent from the second reading speech of the Crimes Amendment (Computer Offences) Act 2001 (NSW) where reference is made to the Model Criminal Code of the Standing Committee of Attorneys General 2001, that the intention was to provide for offences committed without lawful excuse under the offences relating to theft, fraud and related offences. It was however intended that unauthorised access to computer data would be controlled under s308H.

  1. With respect to the second question although the written submissions canvassed other matters (the applicant originally submitted that the charges were bad for duplicity) in the course of oral argument the submission was confined to a single proposition. It was submitted that to charge 22 separate offences was an abuse of process because it was oppressive to the applicant to have a record containing 22 convictions where only one offence could have been charged. For this reason it was submitted that only one charge should have been brought.

  1. Although the applicant entered the computer system on one occasion, having entered she accessed data on 22 occasions. The applicant accepts that on each occasion that a separate screen of data was accessed she committed an offence.

  1. I am not persuaded that by charging 22 offences the respondent was unfair to the applicant. Charging in this manner ensured the applicant knew with precision the criminal acts which were asserted against her. As a consequence she was provided with an opportunity to defend any of the charges if she contended that on any occasion she accessed data for a legitimate purpose. There was no suggestion that her trial would be unfair or unnecessarily lengthy or complex by reason of the number of charges. Indeed if not charged as separate offences, the applicant may have asserted that the charge was duplicitous.

  1. The applicant referred to Director of Public Prosecutions v Merriman [1973] AC 584 where Lord Diplock at 607 indicated that it had been the practice for many years to charge a single count where a series of events could be seen as one transaction or criminal enterprise. However, such an approach is not mandatory. In Ballysingh (1953) 37 Cr App R 28 the Lord Chief Justice said at 29 in response to an argument that multiple acts of shoplifting included in the one count was bad for duplicity "the court is of opinion that technically it would have been correct, from the point of view of pleading, to put each matter in a separate count."

  1. The only unfairness which the applicant identified in the present matter was that for those who may not be familiar with the circumstances it was unfair that the applicant's record might show 22 separate offences rather than one criminal activity. However, to my mind once it was acknowledged that 22 offences were committed, the issue was confined to whether or not the appropriate sentence was imposed. The applicant was sentenced to a term of 200 hours of community service in relation to each charge but her Honour made each of the sentences concurrent. This was an appropriate course for her Honour to take and the applicant makes no complaint about it.

  1. In these circumstances there can be no legitimate complaint about the decision of the respondent to charge 22 different offences. It follows that although leave should be granted the appeal should be dismissed. The parties agree that there should be no order as to costs.

  1. SACKVILLE AJA: I agree with the orders proposed by McClellan CJ at CL and with his Honour's reasons.

**********

Decision last updated: 22 July 2011

Actions
Download as PDF Download as Word Document
Most Recent Citation
MJ v Sanders [2020] WASC 150
Cases Citing This Decision

5

Fawns v The The King [2022] NSWDC 488
Abubakar Braimah-Mahamah v The Queen [2016] NSWDC 138
Anderson v Commissioner of Police [2024] QDC 198
Cases Cited

3

Statutory Material Cited

6

Gilmour v Chief Commissioner of State Revenue [2007] NSWADT 145
Salter v Director of Public Prosecutions [2008] NSWSC 1325
Barker v The Queen [1983] HCA 18