Criminal Justice (Offences Relating to Information Systems) Act 2017

• Jurisdiction: Ireland
• Citation: IR No. 11/2017
• Year: 2017

Number 11 of 2017
CRIMINAL JUSTICE (OFFENCES RELATING TO INFORMATION SYSTEMS) ACT 2017
CONTENTS
Section
1. Interpretation
2. Accessing information system without lawful authority, etc.
3. Interference with information system without lawful authority
4. Interference with data without lawful authority
5. Intercepting transmission of data without lawful authority
6. Use of computer programme, password, code or data for purposes of section 2, 3, 4 or 5
7. Search warrant
8. Penalties
9. Liability for offences by body corporate, etc.
10. Jurisdiction
11. Evidence in proceedings for offences outside State
12. Double jeopardy
13. Amendment of Criminal Damage Act 1991
14. Amendment of Bail Act 1997
15. Amendment of Criminal Justice Act 2011
16. Expenses
17. Short title and commencement
Acts Referred to
Bail Act 1997 (No. 16)
Companies Act 2014 (No. 38)
Criminal Damage Act 1991 (No. 31)
Criminal Justice (Female Genital Mutilation) Act 2012 (No. 11)
Criminal Justice Act 1951 (No. 2)
Criminal Justice Act 2011 (No. 22)
Garda Síochána Act 2005 (No. 20)
Police (Property) Act 1897 (60 & 61 Vict. c.30)
Number 11 of 2017
CRIMINAL JUSTICE (OFFENCES RELATING TO INFORMATION SYSTEMS) ACT 2017
An Act to give effect to certain provisions of Directive 2013/40/EU of the European Parliament and of the Council of 12 August 20131 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA; for those and other purposes to amend the Criminal Damage Act 1991 , the Bail Act 1997 and the Criminal Justice Act 2011 ; and to provide for related matters.
[24th May, 2017]
Be it enacted by the Oireachtas as follows:
		Interpretation
1.(1) In this Act—
	“act” includes an omission;
	“data” means any representation of facts, information or concepts in a form capable of being processed in an information system, and includes a programme capable of causing an information system to perform a function;
	“information system” means—
	(a) a device or group of interconnected or related devices, one or more than one of which performs automatic processing of data pursuant to a programme, and
	(b) data stored, processed, retrieved or transmitted by such a device or group of devices for the purposes of the operation, use, protection or maintenance of the device or group of devices, as the case may be;
	“lawful authority”, in relation to an information system, means—
	(a) with the authority of the owner of the system,
	(b) with the authority of a right holder of the system, or
	(c) as permitted by law;
	“Minister” means the Minister for Justice and Equality;
	“relevant offence” means an offence under section 2 , 3 , 4 , 5 , 6 or 9 (1);
	“right holder”, in relation to an information system, means a person who is not the owner of the system but who has the right to access the system (including the right to access the system for the purposes of maintaining, testing or protecting the system).
	(2) In this Act a reference to an information system includes a reference to a part of the system.
		Accessing information system without lawful authority, etc.
2. A person who, without lawful authority or reasonable excuse, intentionally accesses an information system by infringing a security measure shall be guilty of an offence.
		Interference with information system without lawful authority
3. A person who, without lawful authority, intentionally hinders or interrupts the functioning of an information system by—
	(a) inputting data on the system,
	(b) transmitting, damaging, deleting, altering or suppressing, or causing the deterioration of, data on the system, or
	(c) rendering data on the system inaccessible,
	shall be guilty of an offence.
		Interference with data without lawful authority
4. A person who, without lawful authority, intentionally deletes, damages, alters or suppresses, or renders inaccessible, or causes the deterioration of, data on an information system shall be guilty of an offence.
		Intercepting transmission of data without lawful authority
5. A person who, without lawful authority, intentionally intercepts any transmission (other than a public transmission) of data to, from or within an information system (including any electromagnetic emission from such an information system carrying such data), shall be guilty of an offence.
		Use of computer programme, password, code or data for purposes of section 2, 3, 4 or 5
6. A person who, without lawful authority, intentionally produces, sells, procures for use, imports, distributes, or otherwise makes available, for the purpose of the commission of an offence under section 2 , 3 , 4 or 5 —
	(a) any computer programme that is primarily designed or adapted for use in connection with the commission of such an offence, or
	(b) any device, computer password, unencryption key or code, or access code, or similar data, by which an information system is capable of being accessed,
	shall be guilty of an offence.
		Search warrant
7. (1) If a judge of the District Court is satisfied by information on oath of a member that there are reasonable grounds for suspecting that evidence of, or relating to, the commission of a relevant offence is to be found in any place, the judge may issue a warrant for the search of that place and any persons found at that place.
	(2) A search warrant under this section shall be expressed, and shall operate, to authorise a named member, accompanied by such other members or persons or both as the member thinks necessary—
	(a) to enter, at any time within one week of the date of issue of the warrant, on production if so requested of the warrant, and if necessary by the use of reasonable force, the place named in the warrant,
	(b) to search it and any persons found at that place, and
	(c) to examine, seize and retain anything found at that place, or anything found in possession of a person present at that place at the time of the search, that that member reasonably believes to be evidence of, or relating to, the commission of a relevant offence.
	(3) The authority conferred by subsection (2)(c) to seize and retain anything includes, in the case of a document or record, authority—
	(a) to make and retain a copy of the document or record, and
	(b) where necessary, to seize and, for long as is necessary, retain any computer in which any record is kept.
	(4) A member acting under the authority of a search warrant under this section may—
	(a) operate any computer at the place that is being searched or cause any such computer to be operated by a person accompanying the member for that purpose, and
	(b) require any person at that place who appears to the member to have lawful access to the information in any such computer—
	(i) to give to the member any password necessary to operate it and any encryption key or code necessary to unencrypt the information accessible by the computer,
	(ii) otherwise to enable the member to examine the information accessible by the computer in a form in which the information is visible and legible, or
	(iii) to produce the information in a form in which it can be removed and in which it is, or can be made, visible and legible.
	(5) A member acting under the authority of a search warrant under this section may, for the purpose of investigating the commission of a relevant offence,require any person at the place to which the search warrant relates to—
	(a) give to the member his or her name and address, and
	(b) provide such information to the member as he or she may reasonably require.
	(6) The Police (Property) Act 1897 or, where appropriate, section 25 of the Criminal Justice Act 1951 shall apply to property which has come into the possession of the Garda Síochána under this section as that Act or such section 25, as the case may be, applies to property which has come into the possession of the Garda Síochána in the circumstances mentioned in that Act concerned.
	(7) A person who—
	(a) obstructs or attempts to obstruct a member acting under the authority of a search warrant under this section,
	(b) fails to comply with a requirement under subsection (4)(b) or (5), or
	(c) in relation to a requirement under subsection (5), gives a name and address or provides information which the member has reasonable cause for believing is false or misleading in a material respect,
	shall be guilty of an offence.
	(8) The power to issue a warrant under this section is without prejudice to any other power conferred by statute to issue a warrant for the search of any place or person.
	(9) In this section—
	“computer” includes a personal organiser or any other electronic means of information storage and retrieval;
	“computer at the place that is being searched” includes any other computer, whether at the place being searched or at any other place, which is lawfully accessible by means of that computer;
	“member” means a member of the Garda Síochána who falls within paragraph (a) of the definition of “member” in section 3 (1) of the Garda Síochána Act 2005 .
		Penalties
8. (1) A person who commits an offence under section 2 , 4 , 5 , 6 or 9 (1) shall be liable—
	(a) on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months or both, or
	(b) on conviction on indictment, to a fine or imprisonment for a term not exceeding 5 years or both.
	(2) A person who commits an offence under section 3 shall be liable—
	(a) on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months or both, or
	(b) on conviction on indictment, to a fine or imprisonment for a term not exceeding 10 years or both.
	(3) A person who commits an offence under section 7 (7) shall be liable on summary...