The Computer Misuse Act is designed to protect computer users against willful attacks and theft of information.
Offences under the act include hacking, unauthorized access to computer systems and purposefully spreading malicious and damaging software (malware), such as viruses.
Offences under the act include hacking, unauthorized access to computer systems and purposefully spreading malicious and damaging software (malware), such as viruses..
The act makes it an offence to access or even attempt to access a computer system without the appropriate authorization. Therefore, even if a hacker tries to get into a system but is unsuccessful they can be prosecuted using this law. The act also outlaws “hacking” software, such as packet sniffers, that can be used to break into or discover ways to get into systems.
Although intention to do willful damage can not be easily proved, the act makes it an offence for a hacker to access and use a system using another person’s user name, including e-mail, chat and other services.
The act also covers unauthorized access to different parts of a computer system, therefore, a person may be allowed to access one part of a system but not others, and the accessing of the other parts will be an offence.
Note: the downloading or exchange of pirate software is not covered by this act but by other legislation.
The penalties of breaking the Computer Misuse Act range from fines to imprisonment.
Computer Misuse Act 1990
An Act to make provision for securing computer material against unauthorized access or modification; and for connected purposes. [29th June 1990]
Be it enacted by the Queen’s most Excellent Majesty, by and with the advice and consent of the Lords Spiritual and Temporal, and Commons, in this present Parliament assembled, and by the authority of the same
Origins of the Act
It is generally agreed that it was the actions of two computer hobbyists; Robert Schifreen and Stephen Gold, who used their home computers to access without authorization British Telecom’s (BT) Prestel system that highlighted the need for new legislation.
The two “hackers” managed to get access to Prince Phillip’s personal message box. They did this, when they were visiting an ICT trade fair, by surreptitiously observing a BT engineer entering a user name of 1234 and a password of 22222222. This technique for finding out restricted information is known as shoulder surfing.
After this unauthorized access was discovered, the authorities struggled to find a law that covered the perpetrator’s actions and this led to the drawing up of the Computer Misuse Act.
The case against Gold and Schifreen took place in 1988.
The Computer Misuse Act is divided into three offences:
- Unauthorized access to computer material.
- Unauthorized access with intent to commit or facilitate commission of further offences.
- Unauthorized modification of computer material.
1. Unauthorized access to computer material.
A person is guilty of an offence if:
- He causes a computer to perform any function with intent to secure access to any program or data held in a computer;
- The access he intends to secure is unauthorized; and he knows at the time when
- He causes the computer to perform the function that this is the case.
The intent a person has to commit an offence under this section need not be directed at;
- any particular program or data;
- a program or data of any particular kind; or
- a program or data held in any particular computer.
A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5, on the standard scale or both.
2. Unauthorized access with intent to commit or facilitate commission of further offences.
A person is guilty of an offence under this section if he commits an offence under section 1 above (“the unauthorized access offence”) with intent
- To commit an offence to which this section applies; or
- To facilitate the commission of such an offence (whether by himself or by any other person) and the offence he intends to commit or facilitate is referred to below in this section as the further offence.
This section applies to offences
- for which the sentence is fixed by law; or
- for which a person of twenty one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years.
It is immaterial for the purposes of this section whether the further offence is to be committed on the same occasion as the unauthorized access offence or on any future occasion.
A person may be guilty of an offence under this section even though the facts are such that the commission of the further offence is impossible.
A person guilty of an offence under this section shall be liable
- on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or both; and
- on conviction on indictment, to imprisonment for a term not exceeding five years, or to a fine, or both.
3. Unauthorized modification of computer material.
A person is guilty of an offence if
- he does any act which causes the unauthorized modification of the contents of any computer; and
- at the time when he does the act he has the requisite intent and the requisite knowledge.
For the purposes of the subsection above, the requisite intent is an intent to cause a modification of the contents of any computer and by so doing:
- to impair the operation of any computer;
- to prevent or hinder access to any program or data held in any computer; or
- to impair the operation of any such program or the reliability of any such data.
The intent need not be directed at
- any particular computer;
- any particular program or data or a program or data of any particular kind; or
- any particular modification or a modification of any particular kind.
For the purpose of subsection 1b above, the requisite knowledge is knowledge that any modification he intends to cause is unauthorized.
It is immaterial for the purposes of this section whether an unauthorized modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.
Federal law defines computer fraud as the use of a computer to create a dishonest misrepresentation of fact as an attempt to induce another to do or refrain from doing something which causes loss. Criminals create fraudulent misrepresentation in a number of ways. First, they can alter computer input in an unauthorized way. Employees may embezzle company funds by altering input data. Second, criminals can alter or delete stored data. Third, sophisticated criminals can rewrite software codes and upload them into a bank’s mainframe so that the bank will provide its users’ identities to the thieves. The thieves can then use this information to make unauthorized credit card purchases.
Violators may be prosecuted under
- 18 U.S.C. § 506 No Electronic Theft Act
- 18 U.S.C. § 1028 Identity Theft and Assumption Deterrence Act of 1998
- 18 U.S.C. § 1029 Fraud and Related Activity in Connection with Access Devices
- 18 U.S.C. § 1030 Fraud and Related Activity in Connection with Computers
- 18 U.S.C. § 1343 Wire Fraud
- 18 U.S.C. § 1362 Communication Lines, Stations, or Systems
- 18 U.S.C. § 2511 Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited
- 18 U.S.C. § 2701 Unlawful Access to Stored Communications
- 18 U.S.C. § 2702 Disclosure of Contents
- 18 U.S.C. § 2703 Requirements for Governmental Access
- How to Become a Data Analyst – Salary, Qualifications, skills.How to Become a Data Analyst – Salary, Qualifications, skills. Hello, hope you are doing great. Let’s start by defining what a data analyst is? Whether it’s sales figures, audience demographics, and market research, or…
- The truth about Crypto-Currency.The truth about Crypto-Currency. What to Know About Cryptocurrency. What is cryptocurrency? Cryptocurrency is a type of digital currency that generally only exists electronically. There is no physical coin or bill unless you use a…
- Basic Computer OperationsBasic Computer Operations. A computer as shown in the figure below performs basically five major operations or functionsirrespective of its size and make. These are 1) it accepts data or instructions by way of input,…
- Classification of ComputersClassification of Computers. i. Classification of Computers by Size a) Micro-Computers • Micro –Computers are the Smallest class of Computers• Micro- Computers have one micro-processor in its Central Processing Unit• Micro-Processor refers to Central Data…
- History of ComputersHistory of Computers i. First generation computers (1946-1956) Overview of the Intelligent System They made use of vacuum tubes to store and process information. The tubesconsumed a lot of power and generated a lot of…