Why is computer misuse act needed

Failure to comply with the Computer Misuse Act can lead to fines and potentially imprisonment. Computer Misuse Act The Computer Misuse Act protects personal data held by organisations from unauthorised access and modification.

The act makes the following illegal: Unauthorised access to computer material. This refers to entering a computer system without permission hacking Unauthorised access to computer materials with intent to commit a further crime.

The defendant received in the order of , total payment for the DDoS program supplied. Psychological and psychiatric reports indicated the offender was autistic. Having reviewed these, the judge imposed a sentence of detention in a young offender institution for two years, given the scale of the offending. The Court of Appeal upheld the custodial sentence but reduced it to 21 months.

Charles Brown, 39, was convicted of one count of possession of articles for use in fraud, contrary to section 6 1 of the Fraud Act and two counts of securing unauthorised access to computer material with intent, contrary to section 2 1 of the CMA. The CMA counts related to access to bank accounts.

The basis of the fraud count was possession on the appellant's computer of the stolen bank and credit card details. The appellant's modus operandi involved changing details online and the subsequent impersonation of the account holders in order to obtain a new card and PIN.

The trial judge sentenced him to a total of three years' imprisonment. The Court of Appeal set aside the sentence, noting that while potential loss is an aggravating feature it is not the determining means by which the fraud should be valued and imposed a total of two years' imprisonment.

Lewys Martin, aged under 21 at the time of the offences, pleaded guilty to offences contrary to section 1, 2, 3 and 3A CMA relating to DOS attacks against the Oxford and Cambridge University websites, the Kent Police website and offences targeting two private individuals including unauthorised use of a person's Paypal account.

His sentence of two years was upheld on appeal, the court noting the prevalence of computer crime, the fact that organisations were compelled to spend substantial sums combating it and the potential impact on individuals meant that sentences for such offences should involve a real element of deterrence. Gareth Crosskey, aged 19, pleaded guilty to offences under ss. He persuaded Facebook staff to provide the password to the account. He contacted magazines offering to reveal information about her and contacted her stepfather to say he had access to her private emails and invited discussion as to what would prevent him from doing further damage.

Southwark Crown Court sentenced him to 6 and 12 months' custody, concurrent, for the sections1 and 3 offences, respectively. On appeal, the court referred to the "seriously aggravating features" of the offence, namely the element of harm to the actress and her step father. The court rejected the argument that the sentence should have been suspended. However, having regard to the mitigating factors, namely the appellant being a young man of previous good character, the offending taking place over a short period of time and the appellants' expression of remorse, the sentence was reduced to four and eight months, concurrent, in a young offender institution.

Glen Mangham, aged 26, pleaded guilty to three offences under sections 1 and 3, having accessed Facebook's computers and modified the functionality of various programs. Southwark Crown Court sentenced him to eight months' custody, concurrent, on each count and a Serious Crime Prevention Order was imposed.

On appeal, the court identified a number of aggravating factors which would "bear on sentences in this type of case":.

Motive and benefit were also relevant, as was revenge. Other factors to be considered were any financial benefit from the sale of the accessed information, whether the information was passed on to others, and the value of the intellectual property involved.

Among the mitigating factors the psychological profile of the offender deserved "close attention". The Court upheld the appeal, substituting a sentence of four months imprisonment. A useful list of Computer Misuse Act cases is available online here. The Code for Crown Prosecutors is a public document, issued by the Director of Public Prosecutions that sets out the general principles Crown Prosecutors should follow when they make decisions on cases.

This guidance assists our prosecutors when they are making decisions about cases. It is regularly updated to reflect changes in law and practice. Help us to improve our website; let us know what you think by taking our short survey.

Contrast Switch to colour theme Switch to blue theme Switch to high visibility theme Switch to soft theme. Search for Search for. Top menu Careers Contact. Definitions The CMA does not provide a definition of a computer because rapid changes in technology would mean any definition would soon become out of date. As defined in section 6, the extended extra-territorial jurisdiction arrangements also apply to conspiracy or attempts to commit offences under the CMA and therefore will supersede the usual rule for conspiracy charges The Offences Section 1 : Unauthorised access to computer material The maximum penalty on indictment is 2 years imprisonment.

Actus Reus The offence is made out once a defendant has caused a computer, which would include his own computer, to perform a function with intent to secure access.

Mens rea There are two elements: There must be knowledge that the intended access was unauthorised; and There must have been an intention to secure access to any program or data held in a computer. The House of Lord's went on to say that: " it was a possible view of the facts that the role of the officers in Bignell had merely been to request another to obtain information by using the computer.

Section 2 : Unauthorised access with intent to commit or facilitate commission of further offences The maximum penalty on indictment is 5 years imprisonment. Section 3 : Unauthorised Acts with intent to impair, or with recklessness as to impairing the operation of a computer The maximum sentence on indictment is 10 years' imprisonment.

Section 3A : Making, supplying or obtaining articles for use in offence under Section 1, 3 or 3ZA The maximum sentence on indictment is two years' imprisonment. In determining the likelihood of an article being used or misused to commit a criminal offence, prosecutors should consider the following: Has the article been developed primarily, deliberately and for the sole purpose of committing a CMA offence i. Is the article available on a wide scale commercial basis and sold through legitimate channels?

Is the article widely used for legitimate purposes? Does it have a substantial installation base? What was the context in which the article was used to commit the offence compared with its original intended purpose? Public Interest Where there is sufficient evidence to meet the evidential test under the Code for Crown Prosecutors, the following Public Interest factors should be carefully considered: The financial, reputational, or commercial damage caused to the victim s ; The offence was committed with the main purpose of financial gain; The level of sophistication used, particularly sophistication used to conceal or disguise identity including masquerading as another identity to divert suspicion ; The victim of the offence was vulnerable and has been put in considerable fear or suffered personal attack, damage or disturbance; The mental health, maturity and chronological age of the defendant at the time of the offence.

Investigatory Powers Act Unlawful interception of a public telecommunication system, a private telecommunication system, or a public postal service, Misconduct in Public Office The common-law offence of misconduct in public office, for example, where a police officer misuses the PNC.

Data Protection Act DPA creates a number of offences in relation to the control and access to data: Section Creates offences relating to the obstruction of inspections of personal data by the Information Commissioner Section Creates an offence for persons who are currently or have previously been the Information Commissioner, a member of the Information Commissioner's staff or an agent of the Information Commissioner from disclosing information obtained in the course of, or for the purposes of, the discharging of the Information Commissioners functions unless made with lawful authority.

The Computer Misuse Act still governs the wider digital environment, with the internet, smart phones, and social media emerging in the decades after the Act first gained Royal Assent. The Computer Misuse Act applies to any digital operation with a significant link to the United Kingdom. This covers situations where a computer being targeted is in the UK; if the person responsible carried out the operation from the UK; if they used a server located in the UK; or if the resulting cyberattack caused damage within the country.

A person is guilty of an unauthorised act if they attempt to access information that they are aware they are unauthorised to access. This is when the hacker, already guilty under Section 1, has carried out the hacking because they intend to commit more crimes, such as extortion or fraud, using the data they have accessed.

Section 3 of the Act then refers to unauthorized acts with the intent to impair the operation of a computer, either recklessly or intentionally. Again, this section relies on a crime under Section 1 having been established and adds further penalties if the hacking meant to damage such as through a virus or alter the computer or computer system and its contents such as through modifying, deleting data or introducing malware and spyware , or simply had this effect as a result of the unauthorised access.

A addition to the original Computer Misuse Act, specifically outlawed the making, supplying or obtaining articles for use in an offense under Section. This now addressed the issue of people using malware, viruses and other such tools developed by others, for the purposes of hacking. Where the original Act had for the first time explicitly criminalised activities which damaged computers, in , a further provision was added in relation to serious damage. The remit of the Act now expanded to cover the possibility of cyber-terrorism and a state backed cyber attack.

In a case involving a minor, the Crown R v Mudd, the accused confessed of crimes under Sections 1 and 3, as well as concealing criminal property, which is a crime outside of the Computer Misuse Act.