criminal law Acts

The legal act summary below is supplied by Law Teacher as a free information resource to help you with your studies.

Computer Misuse Act 1990

Describe the origins and function of the Computer Misuse Act 1990. Evaluate the extent to which it is intended to serve as a deterrent to 'hacking'.

The Computer Misuse Act (1990) was introduced to help deal with the problems caused by the misuse of computers and communication systems, especially that of 'hacking' and 'unauthorised access.' This essay will give an insight into the workings of the Act. It will introduce the concept of 'computer misuse' and the work by the English and Scottish Law Commission to categorise it. This essay will identify the reasons behind the Act's introduction and shed led light on the forthcoming of the Act in dealing with misuse and hacking. I will identify with the use of cases, the protections covered in the Act and evaluate whether or not it has been an effective deterrent to hackers.

The most significant area when discussing the Computer Misuse Act is how to define 'computer misuse'. Computers can be described as tools, and like any other tools, can be used by people with the intent of carrying out illegal activity or causing damage. There are a variety of ways in which computers can be used for crime. These crimes include piracy, fraud, forgery, and damaging or modifying computerised systems. Prior to the Act, the legal precedent set for the criminal damage to computers is set in the case of Cox v Riley [1986]. Computers and the Internet is a very large and complex area, however they function on a narrow set of technical principles. This provides an amount of 'flexibility', however it is difficult to legislate certain types of activity without affecting others, and to categorise the misuse of any one of them.

The English Law Commission, combined with the extensive work done by the Scottish Law Commission, proposed new criminal offences for simple unauthorised access, and also for the unauthorised modification of computer material. They also identified 'hacking' as a more serious offence than it had been in the past, and proposed a new two-tier structure of offences – 'hacking' and 'hacking in pursuit of a further serious crime'. They concluded that 'hacking' or unauthorised access had 'become sufficiently widespread in the UK to be a matter of legitimate and significant concern to computer users.' This decision was based on the escalating losses and costs incurred by computer communications owners whose systems had been breached.

A number of significant problems remained after the categorisation of computer misuses by the Scottish and English Law Commissions. Most important of all was that there was no Parliament legislation in place which could cover all the offences made. This became clear with the case of R v Gold [1988], which became the driving-force behind the passing of The Computer Misuse Act. The defendants were charged under the Forgery and Counterfeiting Act (1981), however they could not be charged on the grounds that the use of recorded electronic information did not fall under the definition of 'false instrument'. It was also at the time where hacking was not regarded as a criminal offence, and the hacker was relatively free to attempt to break into computer systems with the use of intellect to bypass the various security measures. One judge proclaimed 'hacking is a simple case of intellectual mischief'. It became increasingly clear after R v Gold that hacking should be against the Law and that laws should be drawn up to effectively prosecute computer crime offenders. Legislation was required to secure computer material against unauthorised access and this would become known as the Computer Misuse Act.

In the period prior to the passing if the Computer Misuse Act in 1990, there was confusion over its jurisdiction, since it is quite possible for the offender to be in one country, the relevant computer in another and the victim in a third. For example, when a person uses a computer in one country connected by a network to a computer in another in order to commit a crime, it is hard to decide in which country this person is to be tried. The Appeal Court in 1985 indicated that if a person sent a message from London to divert funds from New York to his accounts in Geneva, the theft would not have taken place in London and so English courts would not have had jurisdiction to try the offender. However this was corrected by the Computer Misuse Act as it now stated it is an offence to use a computer to commit a crime in this country from a computer in another country.Also in certain circumstances, it may be possible to bring in prosecution where access has occurred from abroad. However this would require mutual co-operation between the countries involved to effectively enforce the Law.

The Computer Misuse Act introduced three new criminal offences. The first offence which is covered in section 1 of the Act is the 'unauthorised access to computer material.' Even if no damage is done by the offender, it remains an offence because the access of material without permission is illegal. The case of Ellis v DPP [2001] is a significant example of the breaching of conditions in section 1 of the Act. The second offence under the Act is 'unauthorised access with the intent to commit or facilitate commission of further offence.' The case of R v Delamare [2003] is an example of an offence in breach of section 2 of the Act. The third offence is the 'unauthorised modification of computer material'. This can be in the form of introducing viruses, corruption of programs or data, and the deliberate deletion of files. One of the heaviest punishments given under this section of the Act was during the case of R v Vallor [2003], in which the defendant was sentenced to two years of prison for each of the three offences he committed.

The Computer Misuse Act (1990) contains a number of significant flaws and has failed to provide a complete answer to the problems of unauthorized access to computers. The case of R v Bedworth [1991] highlights the problem with proving 'intent' under Section 2, as the offender used 'addiction' as his defence, and said that he was not able to form any intent in committing the crime. Addiction is not a legal defence to a criminal crime; however the jury acquitted Bedworth as they believed he did not deserve heavy penalties. After this case there were calls to remove the need to show 'intent' from the Act. Another problem which arose with the use of the Computer Misuse Act is whether or not judges lack the specialist knowledge of computers to apply the law, and whether they tend to make inappropriate interpretations. This problem arose during the case of R v Cropp [1991] where the judge acquitted the defendant as he mistakenly felt that an offence can only committed if one computer is used to obtain material stored on another computer.

The problems and limitations with the Computer Misuse Act does raise some questions regarding its effectiveness in the prosecution of computer crime offenders, and also its influence on the deterrence of 'hackers'. The Act covers certain offences specific to the penetration, alteration and damage to computer systems. However the definition of 'computer crime' in the Act is too broad as it is simply described as the 'unauthorised access to computer material'. The Law itself was drafted in the hope of ensuring enough scope so that the Law would not date with the continual development of technology. However this has meant that the Act can sometimes be a rather 'blunt instrument' when policing computer crime. The Home Offices own statistics show that in spite of a high level of reported crimes , there have been only 33 prosecutions of which only 22 were sentenced and 7 jailed. In the case of DPP v Bignell [1998] an officer used the Police National Computer to obtain information for his own use. However the officer could not be prosecuted as his actions were not within the Act's definition of 'unauthorised access.'

I conclude that the ever increasing reliance on computers in today's society will more likely serve both as a target and a tool for those whose motives might be regarded as criminal. There are a number of problems with the Computer Misuse Act 1990 and that it has by no means provided a complete answer to problems of unauthorised access to computers whether by the spread of viruses or by hackers. The Government must develop improved methods when tracking hackers, as they sometimes do not use their own IP address. However, in spite of these problems, I am of the opinion that the Computer Misuse Act has been successful in ensuring the protection of peoples work and that their information is kept safe from hackers. I think that public awareness of the Act is the most important factor in why the Act is useful as a deterrent and a safeguard against hacking. However the awareness of the Act can only be effective if it remains in the media, such as the news, and therefore allowing it to be a part of the public's consciousness.