Defending Cyber Security and Computer Hacking Charges in Canada

Cybercrime in Canada is rapidly evolving, driven by the rise in digital technologies and the increasing sophistication of cyber tools and methods. Canada’s anti-hacking legal framework primarily relies on the Criminal Code of Canada, which addresses various cybercrimes, including hacking, malware, and phishing. These offences often fall under hybrid offences, allowing prosecutors to pursue either summary conviction or indictable charges.

Cybercrime cases typically involve cyber-dependent crimes (like hacking or DDoS attacks) and cyber-enabled crimes(such as fraud or extortion enhanced by technology). Defending cybercrime charges involves navigating complex technical evidence, often requiring deep technical and legal expertise.

With penalties ranging from fines to life imprisonment, both prosecution and defence must consider considerable technical challenges in handling these sorts of cases. For those seeking representation in defence of such charges, they should look to lawyers who are aware of changing technologies, the law, and the ever-increasing complexity of evidence required to prove such offences.

What is “cybercrime” in Canada?

Cybercrime is a broad concept to cover basic principles surrounding the theft, interception, destruction, or interference of private data and networking infrastructures.

This includes, but is not limited to:

  • Computer “hacking” that includes forms of fraud or theft of private date.
  • Denial-of-Service (DoS) or Distributed Denial-0f-Service Attacks (DDoS)
  • Identify fraud
  • Phishing and other social engineering attacks
  • Data interception
  • Compromising passwords and unauthorized access to private information.
  • Destruction of, or interference with networking or computer systems.

The Criminal Code of Canada provides for various ways a prosecutor may pursue criminal charges for what might be categorized under the broad theme of “cybercrime”.

“Interception”

Interception of private data that is considered a criminal offence is captured under s.184(1) of the Criminal Code of Canada which states:

 (1) Every person who, by means of any electro-magnetic, acoustic, mechanical or other device, knowingly intercepts a private communication is guilty of

(a) an indictable offence and liable to imprisonment for a term of not more than five years; or

(b) an offence punishable on summary conviction.

This broad definition (i.e. “or other device”) would cover any sort of interception of private data. This could includes acts of logging into an email account without authorization, forwarding text messages unbeknownst to the proper recipient, or using various technical devices to access data via radio frequencies, wiretaps, network access, or nearly any means conceivable. In short, any access to private information or data could fall into this broad definition of “interception”.

“Mischief to Property”

Under section 431.1 of the Criminal Code of Canada it is an offence to willfully destroys or alters computer data, or renders the data meaningless, useless, or ineffective. It is also an offence to obstruct, interrupt, or interfere with the lawful use of computer data or the lawful use of such data but a person entitled to do so.  While this offence is a hybrid offence and that the Crown may proceed in a more serious or less serious way (summary conviction or by indictment respectively).

It is noteworthy to point out that under section 430(2) Every one who commits mischief that causes actual danger to life is guilty of an indictable offence and liable to imprisonment for life. This is a testament as to how serious certain types of computer hacking can be, especially those that might place others’ lives in danger like ransomware to hospitals, hacking infrastructures, cyber-terrorism, or computer data that might compromise national security or other dangers. For this offences specially related to computer data, the Criminal Code states:

(5) Everyone who commits mischief in relation to computer data

(a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or

(b) is guilty of an offence punishable on summary conviction.

Many of those who engage in computer hacking that results in mischief offences to those noted above, are not aware of how serious the implications may be and how serious the Criminal Code of Canada treats such offences.

“Unauthorized use of a computer”

Under section 342.1, the Criminal Code of Canada makes it a criminal offence for someone who fraudulently obtains, intercepts, or who causes to be intercepted a computer service. It also makes it an offence who uses a computer system to commit a criminal offence (stealing data, phishing, ransomware, etc.), or who obtains passwords they are not entitled to. The laws definitions are deliberately broad and capture a wide range of activity and virtually any sort of theft, fraud, interference, or interception of data, computer systems, or networks by any means available.

“Possession of Hacking Tools”

Under section 342.2(1), the Criminal Code of Canada makes it illegal to possess tools or devices to obtain unauthorized use of computer system or to commit mischief.  It is also an offence to sell, traffic, distribute, or make available any device for this purpose. The Criminal Code also authorizes the state to seize and forfeit these tools (which may include expensive computer systems) that are used for these ends.

Other offences

In addition to those offences set out above under the Criminal Code, there are also serious offences other other Canadian statutes including electronic theft (s.41.1(1))  under the Copyright Act, or national security offence such as terrorism vis a vis cyber terrorism.

Prosecuting cybercrime under the Criminal Code of Canada

While the Criminal Code definitions that capture cybercrime are broad, the prosecutor still has significant challenges to prove these types of crimes.

  1. Like any criminal offence the Crown must prove these offences beyond a reasonable doubt.
  2. The actus reus (or defined criminal “act”) must be met.
  3. The act of the offence must meet the strict and statutorily intended legal definition of the offence alleged.
  4. The criminal act must not fall into any lawful exception, for example, those listed in s.183(2) 
  5. That the court has jurisdiction over the matter, for example is the offence within Canada’s legal framework
  6. That the person charged possessed the minimum intent required (the mens rea). This could require specific intent, recklessness, wilful blindness, or criminal negligence depending on the offence.
  7. The offence may require specialized evidence and experts to prove the offence.
  8. The offence may be outside limitation periods depending on how the Crown elects to proceed.

A defence lawyer with expertise in cybercrime would scrutinize all of these elements to ensure that a wrongful conviction does not occur and that the prosecutor is held to their high burden of proof.

If you have questions about cybercrime, computer hacking, or are facing criminal charges, contact our firm to discuss these issues with a lawyer experienced in these matters.

About the author

Sean RobichaudSean Robichaud holds his masters (LL.M) in criminal law and procedure from Osgoode,  is a Certified Specialist (C.S.) in criminal law by the Law Society, and is currently completing his Cybersecurity, Data Protection and Digital Forensics through the Chang School of Continuation Education at TMU.