Computer Misuse Act


Published on

INFO 2 Unit 2.5 Safety and Security of Data in ICT Systems. Computer Misuse Act

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Computer Misuse Act

  1. 1. Anti-hacking legislation
  2. 2. <ul><li>To identify and understand the offences covered by the computer misuse act. </li></ul>
  3. 3. <ul><li>A quality set of notes covering the computer misuse act. </li></ul><ul><li>A poster for this classroom, aimed at an audience of students in your school. </li></ul>
  4. 4. <ul><li>Introduced as a result of concerns about people misusing the data and programs held on a computer. </li></ul><ul><li>Other laws tried instead </li></ul><ul><li>Examples. </li></ul><ul><ul><ul><li>Cox v Riley 1986 (Criminal Damage Act 1971) </li></ul></ul></ul><ul><ul><ul><li>R. v Gold and Another (Forgery and Counterfeiting Act 1981) </li></ul></ul></ul>
  5. 5. <ul><li>The case of R. v Gold and Schifreen was highly publicised </li></ul><ul><li>Gained unauthorized access to British Telecom's Interactive viewdata service </li></ul><ul><li>Lead to Law Commission produced report </li></ul><ul><ul><ul><li>Report No.186, Computer Misuse </li></ul></ul></ul><ul><li>This became the Computer Misuse Act 1990 </li></ul>
  6. 6. <ul><li>Original bill specifically aimed at hackers </li></ul><ul><li>Many amendments during passage through parliament </li></ul><ul><li>Eventual legislation very broad based, lost much of the original intent </li></ul>
  7. 7. <ul><li>The Act specifies 3 offences </li></ul><ul><li>In summary these are:- </li></ul><ul><ul><li>Unauthorised Access </li></ul></ul><ul><ul><li>Unauthorised access with intent to commit another offence </li></ul></ul><ul><ul><li>Unauthorised modification of data </li></ul></ul>
  8. 8. <ul><li>Unauthorised Access is called a summary offence and penalties are limited to: </li></ul><ul><ul><li>6 months imprisonment </li></ul></ul><ul><ul><li>and/or </li></ul></ul><ul><ul><li>a maximum fine of £5000 </li></ul></ul><ul><li>You are committing an offence if you try to access any program or data held in any computer without permission and you know at the time that this is the case. </li></ul><ul><li>E.G. A student gaining access to a fellow students area, or breaking in to the college administrative system, is breaking this category of act. </li></ul>
  9. 9. <ul><li>The other two offences </li></ul><ul><ul><li>Unauthorised access with intent … </li></ul></ul><ul><ul><ul><li>Covers offenders who carry out unauthorised access with a more serious criminal intent </li></ul></ul></ul><ul><ul><li>Unauthorised modification … </li></ul></ul><ul><ul><ul><li>Concerns the alteration of data or programs within a computer system </li></ul></ul></ul><ul><li>Are more serious and carry jail terms of up to 5 years and unlimited fines </li></ul>
  10. 10. <ul><li>Scenario 1 </li></ul><ul><ul><ul><li>A student hacks into a college database to impress his friends </li></ul></ul></ul><ul><ul><ul><ul><li>unauthorised access </li></ul></ul></ul></ul><ul><ul><ul><li>Later he decide to go in again, to alter his grades, but cannot find the correct file – </li></ul></ul></ul><ul><ul><ul><ul><li>unauthorised access with intent </li></ul></ul></ul></ul><ul><ul><ul><li>A week later he succeeds and alters his grades – </li></ul></ul></ul><ul><ul><ul><ul><li>unauthorised modification of data </li></ul></ul></ul></ul>
  11. 11. <ul><li>Scenario 2 </li></ul><ul><ul><ul><li>An employee who is about to made redundant finds the Managing Director’s password; logs into the computer system using this and looks at some confidential files- </li></ul></ul></ul><ul><ul><ul><ul><li>unauthorised access </li></ul></ul></ul></ul><ul><ul><ul><li>Having received his redundancy notice he goes back in to try and cause some damage but fails to do so – </li></ul></ul></ul><ul><ul><ul><ul><li>unauthorised access with intent </li></ul></ul></ul></ul><ul><ul><ul><li>After asking a friend, he finds out how to delete files and wipes the main customer database – </li></ul></ul></ul><ul><ul><ul><ul><li>unauthorised modification of data </li></ul></ul></ul></ul>
  12. 12. <ul><li>Prosecution are rare and punishments small </li></ul><ul><ul><li>Examples </li></ul></ul><ul><ul><ul><li>Defendant causes firm to lose £36,000 - Fined £1,650; conditional discharge </li></ul></ul></ul><ul><ul><ul><li>Defendant destroys £30,000 worth of data - Fined £3000; 140 hours community service </li></ul></ul></ul>/14
  13. 13. <ul><li>Very complex </li></ul><ul><ul><ul><li>Offences difficult to prove </li></ul></ul></ul><ul><ul><ul><li>Evidence difficult to collect - firms do not co-operate with police </li></ul></ul></ul><ul><ul><ul><li>Firms embarrassed by hacking - particularly banks </li></ul></ul></ul><ul><ul><ul><li>Employees often simply sacked/demoted </li></ul></ul></ul><ul><ul><ul><li>Police lack expertise; time; money </li></ul></ul></ul><ul><ul><ul><li>Offence perceived as ‘soft crime’ no one injured/hurt </li></ul></ul></ul>
  14. 14. <ul><li>This case in 1991 caused great concern and it was suggested that further prosecutions under the act would be unlikely to succeed </li></ul><ul><ul><li>Defendant (and others) hacked into a variety of systems and caused damage </li></ul></ul><ul><ul><li>Defence stated that defendant ‘addicted to computers’ so could not help hacking </li></ul></ul><ul><ul><li>Not guilty verdict returned by jury </li></ul></ul>
  15. 15. <ul><li>Hacking has increased both at hobby and professional levels </li></ul><ul><li>A few high profile cases </li></ul><ul><li>Offenders often in other countries with no equivalent legislation </li></ul><ul><li>Some ‘international task forces’ set up but no real progress </li></ul><ul><li>Current estimated costs of hacking - £5 billion per year world-wide </li></ul>
  16. 16. <ul><li>Page 247 Mott and Leeming </li></ul><ul><li>Look at the cases described 1a – 1e, explain which category of the Computer Misuse Act has been broken. </li></ul>/14
  17. 17. <ul><li>Create a poster for this classroom, aimed at an audience of students in your school. </li></ul><ul><li>Purpose – inform, educate </li></ul><ul><li>Your poster should make clear to them which of the activities a student might carry out are illegal under the Computer Misuse Act . </li></ul>