1. Cybercrime and Computer Misuse and the Criminal Law Class Notes for COM347 Computer Networks
2.
3.
4.
5.
6.
7. Computer Misuse Act The created three new offences in response to the Law Commission Working Paper No. 186, on Criminal Law: Computer Misuse (Cm 819), published in October 1989. Even before the Act, dishonest computer activities were quite well-covered by the criminal law, and in particular by theft, and related offences. A common type of computer fraud involves gaining unauthorised access in order to transfer funds to one's own account, or that of a friend. Another common variety is to use a forged bank card to obtain money from a cash dispenser. Because only the computer is deceived, it is probable that neither of these activities amounts to obtaining property by deception, since there is authority that that offence requires deception of a human mind. Nevertheless, it is clear that this type of fraud has always constituted theft.
8. Misuse Act….. Computers can also be used to commit the offence of blackmail, for example where a computer virus is introduced to a system (for example a time bomb, whose purpose is to corrupt or delete stored information after the lapse of a period of time), accompanied later by threats that some or all the files on the system will be corrupted unless a sum of money is paid into a particular account. Such a virus may be introduced directly by a hacker, or simply distributed as part of a software package. If the system is in fact corrupted by a virus, or directly by an unauthorised user, the offence of criminal damage may also be committed. In Cox v Riley (1986) 83 Crim App Rep 54, a disgruntled employee who erased programs on a printed circuit card belonging to his employer was held to have damaged the card, even though no physical damage had occurred. There is also a range of other offences under the general criminal law, which may be committed by unauthorised computer users. Examples are theft of electricity, false accounting and suppression of documents. A hacker who obtains unauthorised access to, and copies information from a computer storage system may also infringe the law of copyright (but confidential information is not property, and so cannot be the subject matter of theft).
9. Misuse Act.. Nevertheless, perhaps because computer misuse was estimated to cost UK industry over £500 million annually, it was felt that the pre-existing law was inadequate in a number of respects. In particular, hacking per se was not a criminal offence, and while unauthorised users may well, in using the computer, commit other offences, there were greater evidential difficulties in prosecuting such offences than in the case of non-computer crime. Nor was the deliberate creation of computer viruses per se a criminal offence. The least serious new offence, to be found in section 1 of the Act, makes hacking per se criminal, whether or not any harm is intended. Thus, even hacking out of curiosity, of for the challenge of breaking through a security system, is covered, so long as the hacker is aware that his access is unauthorised. The offence is triable summarily, and is punishable by a maximum of six months' imprisonment and/or £2,000 fine. While section 1 is aimed at unauthorised access, it is not necessary actually to gain access, attempted accessing also falling within the section. It is necessary only to cause 'a computer to perform any function with intent to secure access', so that, for example, an attempt to log on, which is rejected by the computer, falls within the section. The hacker who programs his computer to search through every possible password is therefore caught, whether or not his or her attempts at accessing are successful. Mere surveillance of data displayed on a VDU is outside the scope of the section, however, even where sophisticated electronic equipment is used, which can monitor from a distance radiation signals emitted from computers ("electronic eavesdropping").
10.
11.
12. Definitions of Unauthorised Access in the Higher Education Context The offences described in the Act can be interpreted within the University and college scene and perhaps extend into areas which in the wider context would not be considered to be offences. The examples which follow are intended as a guide to the seriousness of the offence and do not attempt to cover all eventualities.
13. Example 1, Unauthorised Access to Computer Material. This would include: using another person's identifier (ID) and password without proper authority in order to use data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data (for example, to a screen or printer); laying a trap to obtain a password; reading examination papers or examination results. The response to some actions will depend on the specific conditions of use in force. Take, for example, unauthorised borrowing of an identifier from another student in order to obtain more time for a computer project the student was required to complete. In this case both the student who borrowed the ID and the student who lent it would be deemed to have committed an offence.
14.
15. Example 3, Unauthorised Modification of Computer Material This would include: destroying another user's files; modifying system files; creation of a virus; introduction of a local virus; introduction of a networked virus; changing examination results; and deliberately generating information to cause a complete system malfunction. Universities and Colleges should recognise that action under disciplinary procedures is more effective if a similar view is taken across the sector and if institutions are prepared to discipline their students for offences carried out across the network on the facilities of other universities and colleges. It is desirable that as far as possible similar offences in different institutions carry similar penalties.
16.
17.
18.
19.
20.
21.
22.
23.
24. Unauthorised Removal of Information Under the Theft Act 1968, only property can be stolen, and information is not property. A floppy disk is protected by law, but the information stored on it is not. A new offence of misappropriating information seems to be required, but the Law Commission felt that it is not specific to computing. Such an offence already exists for Government information (under the Official Secrets Act 1989).