The Computer Misuse Act 1990 is a UK law that makes certain activities illegal, such as hacking into other people’s systems, misusing software, or helping a person gain access to protected files on the computer of another person. The law was created after the case R v. Gold from 1984-1985, which was appealed in 1988. The appeal was successful, inspiring parliament to create a law that would punish the behavior committed by Robert Schifreen and Stephen Gold. It obviously couldn’t be applied retroactively, but its purpose was to discourage behavior like theirs in the future.
All three sections of the Computer Misuse Act of 1990 make it illegal to access computer material without authorization.
What happened to open the case and ultimately lead to law was this: Gold saw a Prestel employee at a trade show enter his username and password into a computer. Gold and Schifreen then used this information from a home computer to access British Telecom Prestel’s system, and specifically to break into Prince Philip’s private message box. Prestel became aware of this access, arrested the two men and charged them with fraud and forgery. The men were convicted and fined, but appealed the case.
Violation of the Computer Misuse Act of 1990 may result in imprisonment.
One of the key aspects of the appeal was that the two men were not using the data in any way for personal or illegal gain. Since there was no material benefit to spying on someone else’s system, they argued that the charges provided for in the specific laws could not be applied to them. The House of Lords acquitted the men, but decided to ban such behavior in future. This led to the development of the Computer Misuse Act and it was signed into law in 1990, two years after successful appeal.
The Computer Misuse Act of 1990 prohibits attempts to obtain another person’s password.
The law is divided into three sections and makes the following acts illegal:
Under the Computer Misuse Act, accessing a computer to commit a crime is illegal.
Unauthorized access to computer material Unauthorized access to computer systems with the intent to commit another crime Unauthorized modification of computer material
The first section of the law prohibits a person from using another person’s identification to access a computer, run a program, or obtain data, even if such access does not involve personal gain. People also cannot change, copy, delete or move a program. The Computer Misuse Act also prohibits any attempt to obtain another person’s password. Of course, if someone gives your ID to another person and that person can legally use the computer, these unauthorized access laws do not apply.
The second provision of the law is to access a computer system to commit or facilitate a crime. A person may not use another person’s system to post material that may be offensive or to start worms or viruses. You also may not give someone your ID so that they can use a system for this purpose. This second part means that the individual would be fraud or someone else’s crime.
Unauthorized modification in the Computer Misuse Act means that a person cannot delete, change or corrupt data. Again, if someone puts a virus on someone else’s system, he would be breaking the law. Committing unauthorized access is generally only considered an offense punishable by a fine. Intentional access and unauthorized modification are considered more serious and can be punished with heavy fines and/or jail time.
Sending a virus to a person’s computer would be considered a violation of the Computer Misuse Act of 1990.
