Computer crime can be dated back to the first case which arose in the late 1950’s involving a catering firm. The firm had standing orders on the computer and the computer programmer had replaced the names of the contractors with fictitious names and opened bank accounts in those names. Hence two batches of payments went out to the company and the programmer. The programmer was eventually caught once he had started spending a lot of money. This is a prime example of not only hacking but also fraud.
Computer fraud, a common computer related crime, is increasingly growing throughout the UK. As the Law Commission has noted;
‘Computer enabled fraud is not new; it just takes “real world” frauds and uses of the internet as a mean of reaching the victim.’
The existence of computer related crime began with the study of computer fraud and can be defined as the following according to the Audit Commission as: ‘Any fraudulent behaviour connected with computerisation by which someone intends to gain financial advantage.’ However computers are easy to change as to deceive someone, but the information is still relied on. This can be illustrated in a case which dates back to the 1980’s involving a bank whom had lost £9 million in computer fraud. The bank had negotiated by saying that the defendant had shut fraud loop and kept £4.5 million to themselves.
Computer enabled fraud does come in many different forms, from get rich-quick schemes, to emails that demand an additional fee to be paid by credit card via a web site to prevent losing internet access. Most of these frauds are able to take place because people do not understand how the technology works, and hence are fooled into taking an action, also because people have too much faith in the information they receive. This type of crime is very difficult to investigate especially if conducted via the internet. This is mainly because many fraud related sites are temporary operating for a few days before disappearing. Many frauds are enabled in one country but carried out in another, hence making it difficult for the police to investigate. This was the scenario for R v Thompson. Thompson was a computer programmer working in Kuwait bank, he had realised that five of the accounts weren’t been accessed in (no transactions had been made into or out of the accounts for a long time). Hence he opened five accounts in his name at various branches of the bank and had transferred money into these accounts from the dormant accounts. He programmed the computers to erase all details of the transfers in order to cover his tracks. However Thompson got caught once he arrived back into the UK as he wrote a letter to the Kuwait’s bank manager, asking him to transfer the money now into the five accounts in his own name. He was later charged and convicted of obtaining property by deception according to s15 of the Theft Act 1968, which characterises fraud within the UK as:
‘A person who by any deception dishonestly obtains property belonging to another, with the intension of permanently depriving the other of it, shall on conviction on indictment be liable to imprisonment for a term not exceeding ten years.’
In the Thompson case the courts had stated that Thompson obtained property (i.e. had ownership, procession and control of the money) with the intension to permanently deprive the others of it. The courts hence arrived at a decision by applying exactly the same principles as would be applied in a more conventional case, although the use of a computer clearly presented fraud. Relating to the CMA, Thompson was certainly in breach of s3, which states that it is an offence to cause unauthorised modification of computer materials.
A problem with the current law on fraud is that the courts have not recognised the information stored on computers as constituting “property”. In the R v Preddy case involving alteration to mortgage records, and also another case Oxford v Moss concerned with a student photocopying an exam paper and then replacing the original copy, the courts chose o view the information contained in the records as being incidental to the physical property involved. In the former case, following the decision of the court the government had to rush through emergency legislation to introduce a new offence of “obtaining a money transfer by deception”.
Computer hacking is also another form of computer crime which is also increasing in the number of cases dealt with by the courts. In the 1960s the dictionary definition of a hacker was “computer virtuoso”. Hackers comprised of young, computer literate and rebellious gangs thriving of crime. The numbers of hackers has exploded since then and are becoming more intelligent. Due to the increasing demand of security, this presents a bigger challenge and a bigger thrill. The government are realising this and are working on making harsher laws to hopefully scare potential hackers.
Major corporations and government security departments have acknowledged that hacker break-ins are out of control; hence some companies are too fearful to join the networks. Firms and security enforces are now dealing with elite hackers whose intent is now focused on sinister revenge, malicious damage and monetary greed. As a result hackers can be defined in general terms, as accessing information remotely from another location. This increasingly invades privacy so hence breaches rights of individuals due to the CMA, which covers certain offences including hacking. Section 1 of the Act states that it is an offence to gain unauthorised access to a computer system. Such examples can include unauthorised use of another person’s username and password.
The very first case under the CMA was R v Cropp, involving a former company employee who obtained discount on goods by entering a command on computer without authorisation when purchasing goods from the erstwhile employer’s store, created a serious challenge to the Act. This case established that Cropp had used one’s computer with ‘intent’ to secure unauthorised access, which represents the definition of ‘hacking’. The courts accepted the argument that the original drafting of the Act implied that two computers must be involved. For this reason the government appealed the decision and had it overturned in the Court of Appeal.
The R v Gold and Schifreen case had also produced problems prior to the passing of the Computer Misuse Act. The defendants hacked for a hobby and had managed to obtain password for the Prestel System that provided access to number of database services. Their activities became suspicious and were tracked down eventually. A prosecution was brought under s1 of the Forgery and Counterfeiting Act 1981, which states: ‘A person is guilty of forgery if he makes a false instrument with the intension that he or another shall use it to induce somebody to accept it as genuine and by reason of so accepting it do or not do some act to his own or any other persons prejudice.’ The case was held to the Court of Appeal o the basis that no false instrument has been made.
Computer crime raises an issue of data protection, as some actions involving computer crime such as authorised access to data for unauthorised use; hence the CMA is not applicable. The Data Protection Act 1998 (DPA) covers “unauthorised” access. The limitations of the CMA were seen in the case of DPP v Bignell, where two serving police officers accessed the police national computer (for which they had authorisation) to obtain information for their personal use. The courts decided that the Act protected computer system as a functioning unit, but not the value of the data stored on the system.
Hence computer crime is still a major problem within our society and not as much yet has been dealt with; as a result there is still the scare of these crimes.
Word Count: 1, 639
Bibliography
Rowland, D & Macdonald, E - Information Technology Law 3rd Ed
Table of Cases
R v Thompson [1984] WLR 962, p 967
R v Preddy [1996] 3 All ER 481
Oxford v Moss [1978] 68 Cr App R 183
R v Cropp [1991] 7 CLSR 168
R v Gold [1987] QB 1116, p 1124
DPP v Bignell [1998] Crim LR 53
Table of Statutes
The Computer Misuse Act 1990
The Data Protection Act 1998
The Forgery and Counterfeiting Act 1981
Council of European Recommendation R (89) 9 on CRC; 1990, p4
Para8.42 Law commission Consultation Paper No.155-Legislating the Criminal Code. March 1999
Audit commission, computer Fraud Survey, 1985, London: HMSO p9.
[1991] unreported, [1991] 7 CLSR 168