The document summarizes the Computer Misuse Act of 1990 in the UK, which established three computer-related offenses in response to increasing computer hacking. The offenses covered by the Act are: 1) unauthorized access to computer material; 2) unauthorized access with intent to commit further crimes; and 3) impairing a computer's operation through unauthorized access. The Act was broadened from its original focus on hackers. Prosecution under the Act has been rare and punishments light due to challenges proving offenses and collecting evidence. Cybercrime costs an estimated £27 billion annually in the UK.

1. Anti-hacking legislation

3. To identify and show understanding of the offences covered by the Computer Misuse Act 1990. ALL: Will be able to state the three offenses specified in the Act MOST : Will be able to explain the consequences of breaking t Act SOME: Will show understanding of the offenses by categorising scenarios

4. A quality set of notes covering the Computer Misuse Act.

5. Introduced as a result of concerns about people misusing the data and programs held on a computer Other laws tried instead Examples. Cox v Riley 1986 (Criminal Damage Act 1971) R. v Gold and Another (Forgery and Counterfeiting Act 1981)

6. The case of R. v Gold and Schifreen was highly publicised Gained unauthorized access to British Telecom's Interactive viewdata service Lead to Law Commission produced report Report No.186, Computer Misuse This became the Computer Misuse Act 1990 http://bit.ly/kBSHIi

7. Original bill specifically aimed at hackers Many amendments during passage through parliament Eventual legislation very broad based, lost much of the original intent

8. The Act specifies 3 offences In summary these are:- Unauthorised Access Unauthorised access with intent to commit further offences Unauthorised acts with intent to impair operation of a computer etc. http://www.legislation.gov.uk/ukpga/1990/18/contents http://goo.gl/Nn7vz

9. Unauthorised Access Summary penalty maximum12 months imprisonment / fine of up to statutory maximum Indictment penalty up to 2 years / fine / both You are committing an offence if you try to access any program or data held in any computer without permission and you know at the time that this is the case. E.G. A student gaining access to a fellow students area, or breaking in to the college administrative system, is breaking this category of act. Summary conviction – tried by a judge alone Indictment conviction – held before a jury http://www.legislation.gov.uk/ukpga/1990/18/section/1

10. Unauthorised Access with intent to commit further offenses Summary penalty 12 months imprisonment / fine of up to statutory maximum Indictment penalty up to 5 years / fine / both You are committing an offence if you try to access any program or data held in any computer without permission and you know at the time that this is the case and you intend to commit a further offense E.G. A student breaking into the college administrative system so as to change his/her grades but does not succeed Summary conviction – tried by a judge alone Indictment conviction – held before a jury http://www.legislation.gov.uk/ukpga/1990/18/section/2

11. Unauthorised Acts with intent to impair operation of a computer etc. Summary penalty 12 months imprisonment / fine of up to statutory maximum Indictment penalty up to 10 years / fine / both You are committing an offence if you access any program or data held in any computer without permission and amend, delete, corrupt the data etc. held on the system E.G. A student breaks into the college administrative system and changes his grades Summary conviction – tried by a judge alone Indictment conviction – held before a jury http://www.legislation.gov.uk/ukpga/1990/18/section/3

12. Criminal Vs Judge /14

13. Scenario 1 A student hacks into a college database to impress his friends unauthorised access Later he decide to go in again, to alter his grades, but cannot find the correct file – unauthorised access with intent A week later he succeeds and alters his grades – unauthorised act

14. Scenario 2 An employee who is about to be made redundant finds the Managing Director’s password; logs into the computer system using this and looks at some confidential files- unauthorised access Having received his redundancy notice he goes back in to try and cause some damage but fails to do so – unauthorised access with intent After asking a friend, he finds out how to delete files and wipes the main customer database – unauthorised act

15. Prosecution are rare and punishments small Examples Defendant causes firm to lose £36,000 - Fined £1,650; conditional discharge Defendant destroys £30,000 worth of data - Fined £3000; 140 hours community service /14

16. Very complex Offences difficult to prove Evidence difficult to collect - firms do not co-operate with police Firms embarrassed by hacking - particularly banks Employees often simply sacked/demoted Police lack expertise; time; money Offence perceived as ‘soft crime’ no one injured/hurt

17. This case in 1991 caused great concern and it was suggested that further prosecutions under the act would be unlikely to succeed Defendant (and others) hacked into a variety of systems and caused damage Defence stated that defendant ‘addicted to computers’ so could not help hacking Not guilty verdict returned by jury

18. Hacking has increased both at hobby and professional levels A few high profile cases Offenders often in other countries with no equivalent legislation Some ‘international task forces’ set up but no real progress Current UK estimated costs of cyber crime - £27 billion per year http://goo.gl/wwffa - Telegraph 18 Feb 2011

19. ICO Questions PLT Team Worker Independent Enquirers Creative Thinkers Self Managers In selected groups of 3/4 you must collaborate and complete this activity Create 1 resource that combines the answers to the questions set for homework Think about an appropriate technology you could use to collaborate e.g. Google Docs Linoit