IN THE HIGH COURT OF NEW ZEALAND

WELLINGTON REGISTRY
CRI 2008 485 38

KEVIN DOUGLAS LE ROY

Appellant

NEW ZEALAND POLICE

Respondent

Hearing: 19 August 2008

Counsel: D A Ewen for appellant

F S Moraes for respondent

Judgment: 25 August 2008

RESERVED JUDGMENT OF DOBSON J

[1] This matter has had a protracted history. In February 2006, the appellant was
charged with an offence against s 249(1)(a) of the Crimes Act 1961, in that, between
26 September 2004 and 26 August 2005, he:

…dishonestly, and without claim of right, accessed a computer system for

the purpose of obtaining a benefit, namely access to the electronic mail
messages and password for Sarah Anderson’s e-mail account stored on
Telstra Clear’s computer system.

[2] District Court Judge Behrens QC determined that the reference to a “benefit”
was confined to benefits of a financial nature. There being none present, he was
inclined to dismiss the information. An appeal by way of Case Stated was pursued

Le Roy V New Zealand Police HC WN CRI 2008 485 38 [25 August 2008]
on behalf of the Police, and was the subject of a reserved judgment delivered by
Gendall J on 12 October 2006. That decided that the word “benefit” where it
appears in the section is not confined to benefit of a financial or pecuniary nature.
Gendall J’s judgment also answered “yes” to the question:

Whether in all the circumstances of the case the information as worded and
set out above in paragraph 1 of this Case Stated discloses an offence
pursuant to section 249(1)(a) of the Crimes Act 1961?

[3] That judgment directed that the information be remitted back to the District
Court for a rehearing in light of the answers provided in the Case Stated.

[4] In an oral judgment on 12 July 2007, District Court Judge Broadmore found
the charge proven. In September 2007 the Judge found that grounds were made out
under s 107 of the Sentencing Act 2002 to discharge without conviction and that
outcome was ordered under s 106 of that Act. In the exchanges leading to that
outcome, Mr Ewen in submissions had apparently requested that, to preserve an
entitlement to appeal, a discharge on those terms be accompanied by an order that
the defendant pay a nominal amount in costs, so as to give this Court “unquestioned
jurisdiction on appeal”.

[5] In April 2008, the Judge obliged, by ordering that the defendant was to pay
costs of $5. The Police did not accept that that order did create jurisdiction, and the
jurisdiction to bring the present appeal was the subject of a separate argument before
MacKenzie J on 29 July this year, resulting in a reserved judgment on 31 July 2008
confirming that an appeal does lie in these present circumstances.

The facts

[6] The appellant and the complainant had previously been married, having
separated in 2001, and subsequently divorced. The complainant obtained a
temporary protection order against the appellant in December 2001 and that was
made permanent in June 2002. During the course of their marriage, the couple had
operated a joint email account and the arrangements made on separation included
that the email account would be transferred to the complainant. Sometime after their
separation, the appellant became an employee of Telstra Clear in a position which
gave him access to email addresses maintained via the internet service provider,
Paradise, which by that time had been taken over by Telstra Clear. In the period
starting in September 2004 and continuing to August 2005, the appellant accessed
the formerly joint email account which had been transferred to the complainant in
2001.

[7] The agreed summary of facts relied upon at the original hearing included a
statement that the appellant had accessed the account (“obsidian-
jaguar@paradise.net.nz”) some 36 times. At the subsequent hearing before District
Court Judge Broadmore where contested evidence was heard, a former Telstra Clear
employee produced a business record which purported to record in the period
between September 2004 and August 2005 that the obsidian-jaguar email account
had been accessed some 36 times by Mr Le Roy, as well as there being 14 other
entries recording occasions on which some eight other Telstra Clear employees had
access to that email account. That business record had been produced without
objection, but there was a subsequent dispute as to what it established. The witness
who produced it was unable to confirm from his personal knowledge the significance
of the entries recorded in it.

[8] Perhaps for that reason, or perhaps because of a measure of confusion as to

what was involved in accessing the email account, and how it was achieved, focus at
the last District Court hearing centred upon the admission by the appellant that he
had gone into that email account on between two and four occasions in the relevant
period, and that he had done so to check for any emails addressed to him.

[9] The appeal raised two issues. First, whether the prosecution had established
that the appellant obtained a benefit from accessing the email account, and secondly
whether the District Court Judge was correct in rejecting a defence of claim of right.

Establishing a benefit

[10] There seemed to be two aspects to the appellant’s argument on this first issue.
First, that the information transposed the element of the offence that required
dishonesty, and secondly that the Judge erred in treating the Case Stated decision of
Gendall J as establishing that a benefit had been obtained, whereas all that the Case
Stated established was that a benefit might be made out without establishing a
financial advantage, and that it remained for the Police to establish that on evidence
whereas the learned District Court Judge did not require the Police to prove this
element of the charge at the second hearing.

[11] I consider the first argument to be an unsustainably narrow approach to the

interpretation of s 249(1)(a). That section provides:

249 Accessing computer system for dishonest purpose

(1) Every one is liable to imprisonment for a term not exceeding 7 years
who, directly or indirectly, accesses any computer system and
thereby, dishonestly or by deception, and without claim of right,—

(a) obtains any property, privilege, service, pecuniary

advantage, benefit, or valuable consideration; or …

[12] The linking of access to the obtaining of, inter alia, a benefit, using the word
“thereby” cannot require a separate element to be proved that the benefit was
obtained dishonestly. I accept the submission for the Police that the phrase “and
thereby, dishonestly or by deception, and without claim of right,” relates to the
conduct in obtaining access to a computer system and achieving some measure of
success in the sense of accessing data or information to constitute an outcome that
will render the conduct an offence in terms of s 249(1). There is no justification,
either as a matter of interpretation, or in terms of the evident policy behind the
introduction of the offence created by s 249, to require the establishment of a
separate requirement attributing dishonesty to the obtaining of the benefit.

[13] Mr Ewen’s argument was to the effect that the terms of the information
required proof of a dishonest mode of gaining access to the electronic mail messages,
and that this had not been made out. “Dishonestly” is defined in s 217 of the Crimes
Act as:

In relation to any act or omission, means done or omitted without a belief

that there was express or implied consent to, or authority for, the act or
omission from a person entitled to give such consent or authority.
[14] Here, it was clear that access for personal purposes was certainly beyond the
permitted circumstances in which Telstra Clear recognised any entitlement to exploit
the power its position gave to employees, by virtue of being a provider of the internet
service. More particularly, common sense strongly supports the Judge’s finding that
the circumstances of separation from the complainant meant that the appellant could
not thereafter access the email account, without the consent or authority of the
complainant, which he clearly did not have. After a lapse of three years, he sought
to exploit surreptitious access to it, by misusing a power available to him by his
employment.

[15] Accordingly, this challenge to the requirement to establish an element of

dishonest conduct cannot succeed.

[16] On the second aspect of this ground, the District Court Judge did treat the
issue of whether the appellant received a benefit as being resolved by the decision of
Gendall J:

The appeal was on the question of whether it could be said that Mr Le Roy
had received a benefit, the High Court holding that he had. That is now,
therefore, not an issue between the parties. ([9])

[17] Mr Ewen now argues that was not the position, inviting an analysis of
paragraphs [21] and [29] of the decision of Gendall J as going no further than
recognising that a non-financial or non-pecuniary benefit would be sufficient. His
Honour said:

…access to any computer system may be for an infinite variety of reasons or

purposes not all of which are to obtain pecuniary advantages. Access may
afford the accessing party information to which the wrongdoer is not
entitled. Of course, there must be a dishonest intent in obtaining such
access. ([21])

[18] A clear indication on the way the matter had been argued up to that point is
also disclosed in a later comment in the judgment where the wording of the
information was being considered:

But the respondent was not prejudiced by this, and nor was his counsel,
given that the matter proceeded by consent on the basis of agreed facts with
counsel accepting that the charge would be proven if the interpretation of
“benefit” relied upon by the prosecution was correct. ([29])
[19] The tenor of District Court Judge Broadmore’s decision now subject to
appeal is consistent with the view that a requisite benefit had been obtained.
However, Mr Ewen is correct that, given the stance indicated in paragraph [9] of the
judgment quoted above, the existence of some form of non-pecuniary benefit
accruing to the appellant was not the subject of a specific finding.

[20] Mr Ewen went on to argue that there was no benefit made out by reference to
the definition of that notion in Gendall J’s decision, recognising that the absence of a
specific finding on the point by Judge Broadmore is not the end of the matter. Given
the protracted history, and the basis on which various defences appear to have been
run at the successive hearings of the matter, I do consider it appropriate to go on and
evaluate whether the evidence established a benefit, or whether Mr Ewen’s
submission is correct that none is made out.

[21] Accessing the email account that he had agreed, some three years earlier, was
to become the separate and private property of his former partner, gave the appellant
access to the history of both inwards and outwards electronic mail through that
particular email address. In the context of this relationship, and the existence of a
protection order enforcing the absence of contact, accessing the email account gave
the appellant a meaningful benefit, irrespective of the extent to which he opened
particular emails, or even considered the sender and the subject line indicating the
nature of the content of individual emails.

[22] Here, the appellant exploited a means of getting access that was not properly
available to him, without the knowledge or consent of his former partner whose
separate property the account had become.

[23] Mr Ewen’s argument depended on the proposition that the prosecution could
not make out any requisite “benefit” unless it established that the defendant had
opened a particular email, or learned particular information which was of benefit to
him. There was no evidence as to whether it is possible to electronically reconstruct
whether particular emails have been opened and, if so, by whom. However, I take
the view that the terms of s 249 cannot impose any such evidentiary obligation. The
notion of obtaining any property, privilege, service, pecuniary advantage, benefit or
valuable consideration is sufficiently established once the prosecution makes out that
access has been gained to a computer system, the contents of which are such as to
confer an advantage. Mr Ewen argued that this must be insufficient, otherwise the
section does not have any additional element beyond the somewhat simpler charge
under s 252 of accessing a computer system without authorisation. However, the
additional element that constitutes the benefit in the present circumstances is the
access it afforded to the electronic property of his former partner, from which he was
excluded both by agreement, and arguably also by the terms of the protection order
in place.

[24] Although the judgment under appeal does not arrive at this conclusion by
reasoning along these lines, the approach is consistent: once the definition of
“benefit” extending to non-pecuniary advantage is applied, the appellant’s admission
of accessing the email account makes it a non-issue. Accordingly, the first ground of
the appeal cannot be made out.

Was the defence of claim of right made out?

[25] It appears this may have been argued somewhat differently on behalf of the
appellant, in the District Court. Judge Broadmore began his reasoning on the
claimed defence in the following terms:

As to the defence of claim of right, Mr Le Roy’s explanation is that he

thought he was entitled to access the account because he had set it up
initially and remained associated with it as a registered user. I reject that
explanation as a recent construct… ([24])

[26] On appeal, this argument was cast rather as a claim that Mr Le Roy believed
he was entitled to access it because emails might have been sent to him there, so he
could go into it for the purposes of checking his own emails. I do not consider this
makes a material difference to the factual finding which was, in essence, that the
appellant did not genuinely believe he had authority or the necessary consent to
surreptitiously access this email account, without it being cleared, by some means,
with the complainant in advance. It is relevant that he apparently had not made any
attempt to check the emails that might have come to him on that account for a period
of three years, and that he only sought to do so, in essence by stealth, when the
opportunity presented itself as a power that would not have been available but for his
employment with the company operating the email server.

[27] The Supreme Court decision in R v Hayes [2008] 2 NZLR 321 emphasised
that the claim of right needs to relate to a belief in respect of the specific conduct in
question. If the appellant considered he had some moral entitlement to get at his
emails, that does not constitute a claim of right to repeatedly and secretively access
the user account. Conceptually, the point is that if he did consider he had a right to
access his own emails, he ought nonetheless to recognise he had no right to access
the other information that would necessarily be available to him, if he secretly
accessed the email account. Pursuing anything that he believed to be his right by a
means that enabled him, should he choose to, to access information to which he did
not have a right, would deprive him of being able to assert that he had a claim of
right to proceed as he did.

[28] For all these reasons, the second argument on the appeal must also fail and
accordingly the appeal is dismissed.

_________________
Dobson J

Solicitors:
D A Ewen, Wellington for appellant
Crown Solicitor’s Office, Wellington for respondent