The Computer Misuse Act 1990 is an Act of the UK Parliament. The Act's introduction followed the decision in R v Gold (1988) 1 AC 1063, with the bill's critics charging that it was introduced hastily and was poorly thought out. Intention, they said, was often difficult to prove, and that the bill inadequately differentiated "joyriding" crackers like Gold and Schifreen from serious computer criminals. The Act has nonetheless become a model upon which several other countries including Canada and the Republic of Ireland, have drawn inspiration when subsequently drafting their own information security laws. More generally, see computer crimes and internet fraud. Type Bicameral Houses House of Commons House of Lords Speaker of the House of Commons Michael Martin MP Speaker of the House of Lords Hélène Hayman, PC Members 1377 (646 Commons, 731 Peers) Political groups Labour Party Conservative Party Liberal Democrats Scottish National Party Plaid Cymru Democratic Unionist... In the criminal law, intention is one of the three general classes of mens rea necessary to constitute a conventional as opposed to strict liability crime. ... Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. ... The term Internet fraud generally refers to any type of fraud scheme that uses one or more online services - such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial...

R v Gold & Schifreen

In R v Gold & Schifreen, Robert Schifreen and Stephen Gold, using a conventional home computer and modem in late 1984 and early 1985, gained unauthorised access to British Telecom's Prestel interactive viewdata service. While at a tradeshow, Gold had observed (doing what latterly became known as shoulder surfing) the password of a Prestel engineer (the username was 22222222 and the password was 1234, giving rise to subsequent accusations that BT had not taken security seriously). Armed with this information, the pair explored the system, even gaining access to the personal message box of Prince Philip. Prestel installed traps which monitored suspect accounts. Acting on information thus obtained, the defendants were arrested and charged under section 1 of the Forgery and Counterfeiting Act 1981, with defrauding BT by manufacturing a "false instrument", namely the internal condition of BT's equipment after it had processed Gold's eavesdropped password. Tried in the Southwark Crown Court, they were convicted on specimen charges (five against Schifreen, four against Gold) and fined. Children playing on a Amstrad CPC 464 in the 1980s. ... For other uses, see Modem (disambiguation). ... This article is about the year. ... This article is about the year. ... BT Group plc (also known as British Telecommunications plc) which trades as BT (and previously as British Telecom) is the privatised UK state telecommunications operator. ... Prestel, the brand name for the British General Post Offices Viewdata technology, was an interactive videotex system developed during the late 1970s and commercially launched in 1979. ... In telecommunication, a viewdata is a Videotex implementation, a type of information-retrieval service in which a subscriber can (a) access a remote database via a common carrier channel, (b) request data, and (c) receive requested data on a video display over a separate channel. ... In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someones shoulder, to get information. ... The Prince Philip, Duke of Edinburgh (born Prince Philippos of Greece and Denmark, 10 June 1921)[2] is the husband and consort of Queen Elizabeth II. Originally a royal Prince of Greece and Denmark, Prince Philip renounced these titles shortly before his marriage. ... For other places with the same name, see Southwark (disambiguation). ... Crown Court and County Court in Oxford. ...

Although the fines imposed were modest, they elected to appeal to the Criminal Division of the Court of Appeal. Their counsel cited the lack of evidence showing the two had attempted to obtain material gain from their exploits, and claimed the Counterfeiting Act had been misapplied to their conduct. They were acquitted by the Lord Justice Lane and the prosecution appealed to the House of Lords in 1988 which affirmed the acquittal. Lord David Brennan said: The House of Lords, in addition to having a legislative function, has a judicial function as a court of last resort within the United Kingdom. ... Year 1988 (MCMLXXXVIII) was a leap year starting on Friday (link displays 1988 Gregorian calendar). ...

"We have accordingly come to the conclusion that the language of the Act was not intended to apply to the situation which was shown to exist in this case. The submissions at the close of the prosecution case should have succeeded. It is a conclusion which we reach without regret. The Procrustean attempt^[1] to force these facts into the language of an Act not designed to fit them produced grave difficulties for both judge and jury which we would not wish to see repeated. The appellants' conduct amounted in essence, as already stated, to dishonestly gaining access to the relevant Prestel data bank by a trick. That is not a criminal offence. If it is thought desirable to make it so, that is a matter for the legislature rather than the courts"

The Law Lords' ruling led many legal scholars to believe that hacking was not unlawful as the law then stood. The English Law Commission and its counterpart in Scotland both considered the matter. The Scottish Law Commission concluded that intrusion was adequately covered in Scotland under the common law related to deception, but the ELC believed a new law was necessary. The Law Commission is an independent body set up by Parliament in 1965 to keep the law of England and Wales under review and recommend necessary reforms. ... The Scottish Law Commission is an independent body set up by the Parliament of the United Kingdom in 1965 to keep the law of Scotland under review and recommend necessary reforms to improve, simplify and update Scots law. ... Scots law is a unique legal system with an ancient basis in Roman law. ...

The Computer Misuse Act

Based on the ELC's recommendations, a Private Member's Bill was introduced by Conservative MP Michael Colvin. The bill, supported by the government, came into effect in 1990. The Act introduces three criminal offences: The European Localization Center (ELC) is a company providing solutions to the challenges associated with globalization including software localization, website internalization, global content management systems, and testing and interpretation services. ... A Private Members Bill is a proposed law introduced by a backbench member of parliament, whether from the government or the opposition side, to that legislature or parliament. ... The Conservative Party, officially though less commonly known as the Conservative and Unionist Party, is a political party in the United Kingdom. ... Michael Keith Beale Colvin (1932–2000) was a politician in the United Kingdom. ... This article is about the year. ...

1(1) A person is guilty of an offence if:

a) He/she causes a computer to perform any function with intent to secure access to any program or data held in a computer;

b) the access he intends to secure is unauthorized; and

c) he/she knows at the time when he causes the computer to perform the function that this is the case.

1(2) the intent a person has to commit an offence under this section need not be directed at

a) any particular program or data

b) a program or data of any particular kind; or

c) a program or data held in any particular computer.

1(3) a person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six Months or to a fine not exceeding level 5, on the standard scale or both.

2(1) a person is guilty of an offence under this section if he commits an offence under section 1 above ("the unauthorized access offence") With intent

a) to commit an offence to which this section applies; or

b) to facilitate the commission of such an offence (whether by himself/herself or by any other person) and the offence he intends to commit or facilitate is referred to below in this section as the further offence.

2(2) this section applies to offences

a) for which the sentence is fixed by law; or

b) for which a person of twenty one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or in England and Wales might be so sentenced but for the restrictions imposed by section 33 of the Magistrates Courts Act 1980).

2(5) a person guilty of an offence under this section shall be liable

a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or both; and

b) on conviction on indictment, to imprisonment for a term not exceeding five years, or to a fine, or both.

3(1) A person is guilty of an offence if

a) he/she does any act which causes the unauthorized modification of the contents of any computer; and

b) at the time when he does the act he has the requisite intent and the requisite knowledge.

3(2) for the purposes of subsection 3(1)b above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing

a) to impair the operation of any computer;

b) to prevent or hinder access to any program or data held in any computer; or

c) to impair the operation of any such program or the reliability of any such data.

3(3) the intent need not be directed at

a) any particular computer;

b) any particular program or data or a program or data of any particular kind; or

c) any particular modification or a modification of any particular kind.

3(4) For the purpose of subsection 1b above, the requisite knowledge is knowledge that any modification he intends to cause is unauthorized. 3(5) it is immaterial for the purposes of this section whether an unauthorized modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.

The Act was created to criminalize unauthorized access to computer systems (the s1 offence) and to deter the more serious criminals from using a computer to assist in the commission of a criminal offence or from impairing or hindering access to data stored in a computer (the ss2 and 3 offences). The basic offence is to attempt or achieve access to a computer or the data it stores, by inducing a computer to perform any function with intent to secure access. Hackers that program their computers to search through password permutations are therefore liable, even though all their attempts to log on are rejected by the target computer. This makes all versions of hacking code designed to crack the security in operating systems unlawful whether or not harm is intended and no matter what the motive might be, e.g. simple curiosity or responding to a security system seen as a challenge. The only precondition to liability is that the hacker should be aware that the access attempted is unauthorized. Thus, using another person's username or identifier (ID) and password without proper authority to access data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data to a screen or printer, or to impersonate that other person using e-mail, online chat, web or other services, constitute the offence. Even if the initial access is authorized, subsequent exploration if there is a hierarchy of privileges in the system, may lead to entry to parts of the system for which the requisite privileges are lacking and the offence will be committed. But looking over a user's shoulder or using sophisticated electronic equipment to monitor the electromagnetic radiation emitted by VDUs ("electronic eavesdropping") is outside the scope of this offence. The crime of attempt occurs when a person does an act amounting to more than mere preparation for a criminal offense, with specific intent to commit a crime, if that act tends but fails to effect the commission of the offense intended. ... This article is about computer hacking. ... An operating system (OS) is a software that manages computer resources and provides programmers with an interface used to access those resources. ... Note: to create a user account for Wikipedia, go to the login page. ... Identifiers (IDs) are lexical tokens that name entities. ... A password is a form of secret authentication data that is used to control access to a resource. ... Wikipedia does not yet have an article with this exact name. ... Online chat can refer to any kind of communication over the Internet, but is primarily meant to refer to direct one-on-one chat or text-based group chat (formally also known as synchronous conferencing), using tools such as instant messaging applications—computer programs, Internet Relay Chat, talkers and possibly... This box:      Electromagnetic (EM) radiation is a self-propagating wave in space with electric and magnetic components. ... VDU is an abbreviation for Visual Display Unit. ...

The ss2 and 3 offences are aggravated offences, requiring a specific intent to commit another offence (for these purposes, the other offences are to be arrestable, and so include all the major common law and statutory offences of fraud and dishonesty). So a hacker who obtains access to a system intending to transfer money or shares, intends to commit theft, or to obtain confidential information for blackmail or extortion. Thus, the s1 offence is committed as soon as the unauthorized access is attempted, and the s2 offence overtakes liability as soon as specific access is made for the criminal purpose. The s3 offence is specifically aimed at those who write and circulate a computer virus (see Simon Vallor) or worm, whether on a LAN or across networks. Similarly, using phishing techniques or a Trojan to obtain identity data or to acquire any other data from an unauthorized source, or modifying the operating system files or some aspect of the computer's functions to interfere with its operation or prevent access to any data, including the destruction of files, or deliberately generating code to cause a complete system malfunction, are all criminal "modifications". In 2004 John Thornley pleaded guilty to four offences under s3 having mounted a hack attack on a rival site, and introduced a Trojan form of virus to bring it down on several occasions, but it is recognized that the wording of the offence should be clarified to confirm that all forms of denial of service attack are included. Warez and software cracking codes which modify algorithms or patches stored on a computer and designed to limit access to, or prevent the copying of software packages or files, are caught by s3. But the exchange or downloading of cracked packages or files is not an offence under this Act. For other uses, see Arrest (disambiguation). ... This article concerns the common-law legal system, as contrasted with the civil law legal system; for other meanings of the term, within the field of law, see common law (disambiguation). ... A statute is a formal, written law of a country or state, written and enacted by its legislative authority, perhaps to then be ratified by the highest executive in the government, and finally published. ... Dishonesty is a term which in common usage may be defined as the act of being dishonest; to act without honesty; a lack of probity, to cheat, lying or being deliberately deceptive; lacking in integrity; to be knavish, perfidious, corrupt or treacherous; charlatanism or quackery. ... A young waif steals a pair of boots Stealing redirects here. ... For other uses, see Blackmail (disambiguation). ... Extortion is a criminal offense, which occurs when a person either obtains money, property or services from another through coercion or intimidation or threatens one with physical harm unless they are paid money or property. ... A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ... Simon Vallor Simon Vallor is a twenty-two year old web designer from North Wales who, in December 2002, pleaded guilty to writing and distributing three computer viruses. ... A computer worm is a self-replicating computer program. ... LAN redirects here. ... A computer network is an interconnection of a group of computers. ... An example of a phishing email, disguised as an official email from a (fictional) bank. ... In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. ... A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ... Warez refers primarily to copyrighted works traded in violation of copyright law. ... Software cracking is the modification of software to remove protection methods: copy prevention, trial/demo version, serial number, hardware key, CD check or software annoyances like nag screens and adware. ...

Latest situation

In 2004 the All Party Internet Group published its review of the law and highlighted areas for development. Their recommendations led to the drafting of the Computer Misuse Act 1990 (Amendment) Bill. which sought to amend the CMA to comply with the European Convention on Cyber Crime [1]. Under its terms, the maximum sentence of imprisonment for breaching the act changed from six months to two years. It also sought to explicitly criminalise denial-of-service attacks and other crimes facilitated by denial-of-service. The Bill did not receive Royal Assent because Parliament was prorogued. Year 2004 (MMIV) was a leap year starting on Thursday of the Gregorian calendar. ... DoS redirects here. ... // The granting of Royal Assent is the formal method by which a constitutional monarch completes the legislative process of lawmaking by formally assenting to an Act of Parliament. ... A prorogation is the period between two sessions of a legislative body. ...

Sections 35 to 38 of the Police and Justice Act 2006 contains amendments to the Computer Misuse Act 1990. This article or section is not written in the formal tone expected of an encyclopedia article. ...

Section 37 (entitled Making, supplying or obtaining articles for use in computer misuse offences) inserts a new section 3A into the 1990 Act and has drawn considerable criticism.

Schifreen now works as a Web developer and trainer at a UK university. In 2006 his book, Defeating The Hacker, was published by John Wiley & Sons (ISBN 0470025557). Gold works as an independent computer security consultant.

References

• Yaman Akdeniz, Section 3 of the Computer Misuse Act 1990: an Antidote for Computer Viruses! (1996) 3 Web JCLI [2] including reference to the case of Christopher Pile (aka 'the Black Baron') in November 1995.
• Derek Wyatt, Computer Misuse Act (amendment) speech. [3]
• Details of the Regina v. Gold case
• The Law Lords' ruling
• Interview with Robert Schifreen
• Data_Protection_Act

The Data Protection Act (DPA) is a United Kingdom Act of Parliament. ...

Notes

1. ^ Here Lord Brandon alludes to the classical myth of Procrustes, who would stretch his victims to fit a bed for which they were ill suited.

Theseus and Procrustes, Attic red-figure neck-amphora, 570–560 BC, Staatliche Antikensammlungen (Inv. ...

External links

• The Internet Crime Forum [4]
• EURIM – IPPR E-Crime Study [5]
• Text of the Act
• Wording of the 2004 amendment bill
• Recent potential additions to the Computer Misuse Act
• Amendments to the Computer Misuse Act 1990 covered by the .Open Rights Group