Computer Misuse Act 1990: Difference between revisions
| [pending revision] | [pending revision] |
Content deleted Content added
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
The ''Computer Misuse Act 1990'' is an Act of the Parliament of the United Kingdom-UK Parliament. The act's introduction followed the decision in the ''Regina v .Gold'' case, with the bill's critics charging it was introduced hastily and was poorly thought out. The bill nonetheless became a model upon which several other countries drew inspiration when subsequently drafting their own information security laws. |
|||
Prestel engineer (the username was 1234 and the password was 22222222, giving rise to subsequent accusations that BT had not taken security seriously). Armed with this information, the pair explored the system, even gaining access to the personal message box of [[Prince Philip, Duke of Edinburgh|Prince Philip]]. Schifreen and Gold changed an number of messages in different Prestel files, eventually piqueing the interest of Prestel's security staff. After failing to stop the pair (and a number of other unrelated intruders who were also enjoying the liberties afforded by Prestel's poor security) by changing passwords, Prestel installed traps which monitored suspect accounts. Acting on information thus obtained, the homes of both were raided and Gold and Schifreen were arrested. |
|||
The pair were prosecuted under section one of the [[Forgery and Counterfeiting Act 1981]], with the prosecution alleging they had defrauded British Telecom by manufacturing a "false instrument", namely the internal condition of BT's equipment after it had processed Gold's eavesdropped password. Tried in the [[Southwark]] [[Crown Court]], both were convicted on specimen charges under the act (five against Schifreen, four against Gold) and fined. <!-- some sources claim they were fined 750 and 600 quid, but I've not found a source I trust --> |
|||
Although the fines imposed on the pair were modest, they elected to appeal to the Criminal Division of the Court of Appeal. Their counsel cited the lack of evidence showing the two had attempted to obtain material gain from their exploits, and claimed the counterfeiting act had been misapplied to their conduct. They were acquitted by the [[Lord Justice Lane]], who found the cited act did not apply. Seeking to further clarify the law in the matter, the prosecution appealed the acquittal to the [[Judicial functions of the House of Lords|House of Lords]]. The Law Lords heard the case in [[1988]], and their judgement affirmed the acquittal. In affirmation, the [[Lord Brandon of Oakbrook]] said: |
|||
:''"We have accordingly come to the conclusion that the language of the Act was not intended to apply to the situation which was shown to exist in this case. The submissions at the close of the prosecution case should have succeeded. It is a conclusion which we reach without regret. The Procrustean attempt to force these facts into the language of an Act not designed to fit them produced grave difficulties for both judge and jury which we would not wish to see repeated. The appellants' conduct amounted in essence, as already stated, to dishonestly gaining access to the relevant Prestel data bank by a trick. That is not a criminal offence. If it is thought desirable to make it so, that is a matter for the legislature rather than the courts"'' |
|||
The Law Lords' ruling led many legal scholars to believe that computer hacking was immune from criminal sanction under the laws that then prevailed in the UK. The [[English Law Commission]] and its counterpart in Scotland both undertook an analysis of the prevailing legal framework as it pertained to the new field of computer intrusion. The [[Scottish Law Commission]] concluded that the crime was adequately covered under [[common law]] related to deception, but the ELC believed a new law was necessary. |
|||
==The Computer Misuse Act== |
|||
Based on the ELC's recommendations, a [[Private Member's Bill]] was introduced by [[Conservative Party (UK)|Conservative]] M.P. [[Michael Colvin]]. The bill, supported by the government, came into effect in [[1990]]. The Act introduces two criminal offences: |
|||
;By §1 it an offence to gain "unauthorised access to computer material" |
|||
;By §2 this may be aggravated if a person obtains unauthorised access to computer material with the intent to commit another criminal offence (the ulterior motive offence). |
|||
;By §3 it is an offence to make "unauthorised modification of computer material". |
|||
==Further ramifications of the act== |
|||
The CMA was studied by lawmakers from a number of jurisdictions, and several (including [[Canada]] and the [[Republic of Ireland]]) introduced legislation with similar provisions to the CMA's. |
|||
A number of legal analysts claimed the bill was hastily drafted and overreaching in its scope. Intent, they said, was difficult to prove, and that the bill inadequately differentiated "joyriding" crackers like Gold and Schifreen from serious computer criminals. |
|||
<!-- need a paragraph here about notable convictions under the act --> |
|||
In [[2004]] the [[All Party Internet Group]] published its review of the law and highlighted areas for development. Their recommendations led to the drafting of the ''Computer Misuse Act 1990 (Amendment) Bill''. This strove to amend the 1990 act to comply with the [[European Convention on Cyber Crime]]. Under its terms, the maximum sentence of imprisonment for breaching the act changed from six months to two years. It also sought to explicitly criminalise [[denial-of-service attack]]s and other crimes facilitated by denial-of-service. The Bill did not receive [[Royal Assent]] because Parliament was [[prorogation|prorogued]]. |
|||
Schifreen now works as a university computer technician, and also gives speeches on his experiences (often appearing with the detective who originally arrested him). Gold works as an independent computer security consultant. |
|||
==Legal citations== |
|||
* R v. Gold and another, House of Lords (UK), [1988] 1 AC 1063, [1988] 2 All ER 186, [1988] 2 WLR 984, 87 Cr App Rep 257, 152 JP 445, [1988] Crim LR 437. (The case is also known as ''Regina v. Gold and Schifreen''). |
|||
==References== |
|||
* [http://learning.unl.ac.uk/im283/ncrime.htm Details of the Regina v. Gold case] |
|||
* [http://www.underground-book.com/chapters/ccm/Gold.html The Law Lords' ruling] |
|||
* [http://www.legalitforum.com/ipi/legalitforumv2/index.jsp?pageid=litf_bulletin_015 Interview with Robert Schifreen] |
|||
==External links== |
|||
* [http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm Text of the Act] |
|||
* [http://www.homeoffice.gov.uk/crime/internetcrime/compmisuse.html The Home Office's page on the act] |
|||
* [http://www.publications.parliament.uk/pa/cm200405/cmbills/102/05102.1-i.html Wording of the 2004 amendment bill] |
|||