Does Logging into Another Person’s Social Media Account Amount to a Criminal Offence?
Whether you suspect your spouse of cheating or are just curious about what kinds of group chats your friends are in, it may be tempting to access someone’s social media account without them knowing.
But “hacking” into another person’s social media account can land you on the wrong side of the law.
The NSW Offence of Unauthorised Access to Restricted Data
Under section 308H of the Crimes Act 1900 (NSW), it is an offence punishable by up to 2 years in prison to gain unauthorised access to, or modification of, restricted data held in a computer.
To establish the offence, the prosecution must prove beyond reasonable doubt that:
- You caused access to, or modification of, data held in a computer,
- You did so intentionally,
- You were not authorised to cause that access or modification,
- The data was restricted data, and
- You knew the data was restricted data.
‘Data held in a computer’ means:
- Data entered or copied into a computer,
- Data held in any removable storage which was in a computer for a time, or
- Data held in any data storage device on a computer network of which a computer forms a part.
A ‘data storage device’ is any thing, including a disk or file server, which contains or is designed to contain data for use by a computer.
‘Access’ to data held in a computer means:
- The display of data by the computer or any other output of the data,
- The copying or moving of the data to any other place in the computer or to any data storage device, or
- The execution of any program.
‘Modification’ of data held in a computer means:
- The alteration or removal of data, or
- The addition of data.
Your actions were ‘unauthorised’ if you were not entitled to cause them however, your actions are not unauthorised merely because you had an ulterior motive for them, or if:
- You were an ‘authorised person’ such as a police or other law enforcement officer,
- The computer disk, credit card or other device was in your lawful custody, and
- Your actions were to preserve, or to prevent the concealment, fabrication, destruction or loss of, evidence of any offence.
‘Restricted data’ means data held in a computer to which access is restricted by an access control system associated with a function of the computer.
Proceedings for the offence must be commenced no later than 12 months from the date of the alleged commission of the offence.
The Federal Offence of Unauthorised Access to Restricted Data
A similar offence is contained in section 478.1(1) of the Criminal Code Act 1995 (Cth), which is a piece of legislation that applies across the nation.
To establish the offence, the prosecution must prove beyond reasonable doubt that:
- You caused unauthorised access to, or modification of, data
- You intended to do so,
- You knew the access or modification was unauthorised, and
- The data was restricted data.
‘Data’ is information in any form, including any program or part of a program.
‘Restricted data’ is data:
- Held in a computer, and
- Access to which is restricted by an access control system associated with a function of that computer.
‘Data held in a computer’ includes that which is held in any:
- Removable data storage device being held in a computer, and
- Data storage device on a computer network of which the computer forms a part.
‘Modification’ of data held in a computer, means:
- The alteration or removal of the data, or
- An addition to the data.
You caused unauthorised access or modification if you substantially contributed to it.
Unlike the New South Wales offence, there is no time limit for bringing proceedings under the Commonwealth legislation.
Defending the allegation
If you are accused of one of these offences, you can defend the charge on the basis that:
- You did not intend to access restricted data,
- Access was authorised or you were entitled to cause that access,
- The data accessed does not constitute “restricted data”, and/or
- A legal defence applies to your circumstances, such as duress, necessity or self-defence.