1

So, the act states an individual has to know the access is "unauthorised". How is this proven by the state? Of course, for a simple act like entering a username/password that they know they're not supposed to be in control of is easy.

But, what about more complex cases? If, say, there is a dispute about whether access is or isn't authorised, and one party(Say an employer) has given another a password, without any existing evidence anymore, how do they prove this? Do they just take the general approach of 'Would a reasonable person deem this as unauthorised'?

Does external evidence get taken into account, for example, conversations indirectly linked to the account? Or would, say, a lack of explicit links to a password be deemed as unauthorised?

To clarify: My question was essentially how is it proven? For theft, there is the 'would a reasonable person deem is dishonest'. Whereas, there's no real evidence of what test there is for unauthorised. How do they determine the mens rea? However, there was also an element, I suppose, which was what elements can be shown as a a defence that the access was authorised? Would it be solely explicit statements saying 'You have access to the computer'. Or would various implicit statements also be used?

SpoiltAroma14
  • 21
  • 3

2 Answers2

1

The way any other contested fact is determined

Each side introduces evidence, the trier of fact weighs the evidence and decides if the prosecution/plaintiff has met their burden: beyond reasonable doubt for a criminal matter or on the balance of probabilities for a civil one.

Evidence is anything that is probative and relevant and not excluded by the rules of evidence.

Dale M
  • 237,717
  • 18
  • 273
  • 546
1

For "unauthorised access" you have to prove two things: One, that I did indeed access your computer, and that it wasn't someone else. Two, that the access was indeed not authorised.

As an example where the second may have unexpected outcomes: A woman whose job it was to use her computer to print lottery tickets (that store customers paid for) printed about $1,000 worth of tickets for herself without payment. In court it was found that this was absolutely 100% theft, but that she was indeed authorised to access the computer.

On the other hand, if James Smith leaves his company, all his access rights are supposed to be revoked, but IT revokes Jimmy Smith's access rights by mistake, then it can be argued whether James is still authorised to access his computer, and whether Jimmy is indeed not authorised, for example if Jimmy uses a colleague's password to access the data that are his job to access.

gnasher729
  • 35,915
  • 2
  • 51
  • 94