Police Officer Charged With Hacking After Leaking Address of Victim
The Queensland Police officer who was found to have unlawfully accessed a police database and leaked a domestic violence victim’s details to his friend, the woman’s abusive former partner, has been charged with multiple criminal offences.
An internal police investigation found that senior constable Neil Punchard illegally accessed the QPrime police database and provided the victim’s new address to her ex. It was further found that the officer even advised his friend to, “Just tell her you know where she lives and leave it at that. Lol. She will flip.”
The abuser had threatened to kill his former partner, strap bombs to their two children and blow them up as “martyrs”.
He is understood to have fled to Greece after failing to appear in court to face a charge of contravening an apprehended domestic violence order.
Despite putting the victim in danger and joking about it, officer Punchard was not suspended and remained on duty.
The Queensland Police Service (QPS) and the state government have been under sustained public pressure to act since details of the conduct first emerged in the media. However, neither the police commissioner, white ribbon ambassador Ian Stewart, nor premier Annastacia Palaszczuk signalled any intention to act upon the matter.
Proceedings for privacy breach
The victim has been seeking compensation through Queensland’s Civil and Administrative Tribunal (QCAT) on the basis that officer Punchard breached her privacy and put her life, and the lives of her children, at risk. She was forced into hiding as a result of the conduct.
As the QCAT hearing progressed, allegations emerged that a car belonging to the abuser was transferred into officer Punchard’s name at around the time he accessed and leaked the victim’s details.
Attempts to suppress information and evade responsibility
Police originally tried to suppress this information, submitting to QCAT that it had nothing to do with the victim’s compensation case.
However, there was enough evidence for the Crime and Corruption Commission (CCC) to launch a fresh investigation into the officer’s conduct.
At the QCAT hearing, officer Punchard invoked his privilege against self-incrimination and refused to answer questions.
The officer and the Queensland government were separately represented by legal teams, while the victim was left to represent herself.
The QCAT has already found that the law does not allow actions to be taken in the tribunal against officer Punchard, and the government’s barrister has submitted that the state cannot be held responsible for the actions of a rogue police officer.
The tribunal’s decision in respect of the proceedings against the state is pending.
Officer charged
Officer Punchard has been charged with nine computer hacking offences and is due to appear before Brisbane Magistrates Court on 30 January 2019.
The QPS has not advised whether he will be been stood down, but a spokesperson said in a statement:
“This matter will be subject to further consideration within the QPS disciplinary system”, adding, “This does not mean that the allegations against the officer have been substantiated.”
Computer hacking in Queensland
Section 408E of the Criminal Code Act 1899 (Qld) makes it an offence punishable by a maximum penalty of two years’ imprisonment to use a ‘restricted computer’ without the consent of the computer’s ‘controller’.
A restricted computer is one for which for which:
- a device, code or a particular sequence of electronic impulses is necessary in order to gain access to or to use the computer; and
- the controller:
- withholds or takes steps to withhold access to the device, or knowledge of the code or of the sequence or of the way of producing the code or the sequence, from other persons; or
- restricts access or takes steps to restrict access to the device or knowledge of the code or of the sequence, or to the way of producing the sequence, to a person or a class of person authorised by the controller.
A controller is a person who has a right to control the computer’s use.
The maximum penalty increases to five years in prison where the person causes or intends to cause detriment or damage, or gains or intends to gain a benefit, from the conduct, or ten years where he or she gains a benefit of more than $5,000 or intend to commit an indictable offence.
Computer data offences in NSW
Part 6 of the Crimes Act 1900 (NSW) prohibits a range of conduct relating to the unauthorised use of, and access to, electronic and digital data.
Section 308C, which falls within that Part, sets down a maximum penalty equivalent to the intended offence where a person causes an unauthorised computer function with the intention of committing a serious indictable offence, which is a crime that carries a maximum penalty of at least five years in prison.
Section 308D prescribes a maximum penalty of ten years’ imprisonment where a person knowingly or recklessly causes the modification of computer data to impair access to or the reliability, security or operation of the data.
Section 308E imposes a maximum prison sentence of ten years for knowingly or recklessly causing any unauthorised impairment of an electronic communication to or from a computer.
Section 308F provides that a person who possesses or controls data with the intention of committing or facilitating a serious computer offence is liable to a maximum penalty of three years in prison.
A serious computer offence is defined by section 308 as an offence against section 308C, 308D or 308E or a similar offence in another jurisdiction.
Section 308G sets a maximum penalty of three years’ imprisonment for producing, supplying or obtaining data with the intention of committing or facilitating a serious computer offence.
Section 308H is a ‘summary offence’, which means it must be dealt with in the local court, rather committed to a higher court such as the district court.
The section prescribes a maximum penalty of two years’ imprisonment for any person who:
- causes unauthorised access to, or modification of, restricted data held in a computer, and
- knows that the access or modification is unauthorised, and
- intends to cause that access or modification.
Restricted data is defined as that which is held in a computer, being data to which access is restricted by an access control system associated with a function of the computer.
Section 308I is also a summary offence and sets down a maximum penalty of two years in prison for:
- causing unauthorised impairment of the reliability, security or operation of any data held on a computer disk, credit card or other device used to store data by electronic means,
- while knowing the impairment is unauthorised, and
- with the intention of causing that impairment.
Commonwealth computer offences
In addition to state and territory laws, the Criminal Code Act 1995 (Cth) imposes prohibitions which apply across Australia.
Section 477.1 sets down a maximum penalty equivalent to the intended offence where a person causes:
- any unauthorised access to, or modification of impairment of, data held in a computer;
- knows the access, modification or impairment is unauthorised; and
- intends to commit, or facilitate the commission of, an offence against a law of the Commonwealth, a State or a Territory which attracts a maximum penalty of at least five years by the access, modification or impairment.
Section 477.2 prescribes a ten year maximum penalty for a person who:
- causes unauthorised modification of data held in a computer; and
- knows the modification is unauthorised; and
- is reckless as to whether the modification impairs or will impair access to that or any other data held in any computer, or the reliability, security or operation, of any such data.
Section 477.3 imposes the same ten year maximum penalty for a person who:
- causes any unauthorised impairment of electronic communication to or from a computer; and
- knows that the impairment is unauthorised.
Section 478.1 of the Act prescribes a maximum penalty of two years’ imprisonment for a person who causes unauthorised access to, or modification of, restricted data; in circumstances where he or she:
- intends to cause the access or modification; and
- knows that the access or modification is unauthorised.
Restricted data is defined as that which is held in a computer, and to which access is restricted by an access control system associated with a function of the computer.
Section 478.2 imposes the same maximum penalty for a person who the causes any unauthorised impairment of the reliability, security or operation of data held on a computer disk, credit card or other storage device where the person:
- intends to cause the impairment; and
- knows that the impairment is unauthorised.
Charged with a computer offence?
If you are suspected of unauthorised use of computer data, call Sydney Criminal Lawyers® anytime on (02) 9261 8881 to arrange a conference at one of our many office locations across Sydney, in Newcastle or Wollongong, or by telephone or Skype.
If you are going to court, we offer a free first consultation with an experienced criminal defence lawyer who will be able to advise you of your options and the best way forward.