How effective has the Computer Misuse Act 1990 been in the fight against hacking-related offences? Do you believe that there is a need for legislative reform in this area?

Authors Avatar

07188777        Cyber Coursework - Question 3        

How effective has the Computer Misuse Act 1990 been in the fight against hacking-related offences?  Do you believe that there is a need for legislative reform in this area?

The Computer Misuse Act (CMA) was introduced to address hacking-related crimes. However, as the internet has grown, there has been an increase in computer related crimes; this shows that the law relating to internet-related crimes need to be reformed. Natasha Jarvie states that the “defining characteristics of cybercrime is that its perpetration is only made successful through use of a global electronic network, which can transcend time and space.” In other words, cybercrime is distinguishable from other offences, which simply use computers to commit crimes. The Council of Europe’s Convention on Cybercrime is a treaty passed to deal with the crimes relating to computers, which have arisen since the growth of the internet; the UK has signed this treaty in 23 September 2001. There has been some reform in the form of the Police and Justice Act in relation to the area of ‘“Denial of Service” (DoS) attacks, and the creation and dissemination of “Hackers tools”’. However, there has been some development with these types of crimes and therefore, the question that has arisen is whether the CMA can cover the hacking-related crimes of the modern day.

Firstly, to determine whether a reform of the 1990 legislation is needed, it is essential to look at the reasons for why this legislation was brought in. Prior to the legislation, there was a debate of whether hacking-related crimes could be covered by existing legislation or would a new legislation relating to this crime would need to be enacted. The R v Gold (and Schifreen) case highlighted a number of problems, which indicated a necessity in the change in law thus the Computer Misuse Act 1990. In this case, by looking over the users shoulder, two individuals were able to obtain a password for a computer system. Using this password, the Gold and Schifreen were able to attain information on a number of individuals; they also gained access to the Duke of Edinburgh’s personal computer. The issue that was raised before the court at first instance was whether information, i.e. a password, could be stolen; the court held to be no applying the decision of Oxford v Moss. Moreover, another issue, which the court had to deal with, surrounded the deception of a machine, which they also held to be no using the application of Davies v Flackett. The Divisional Court upheld the Magistrate Courts reasoning that deception could only apply to a human mind, and therefore, inapplicable to the deception of a machine. The Crown Court decided that a prosecution under the Forgery and Counterfeiting Act would be grounds for a more suitable conviction. This argument failed at appeal, where they argued that there was no use of an instrument as needed for the purposes of the act. Moreover, it was stated that s.8 (1) defines an instrument as items that are tangible and physical; a password was not either and therefore could not be applied. Part d of this section also describes an instrument as an item “in which information is recorded or stored by mechanical, electronic or other means”. The control area needed to have some degree of permanence; this was not the case as the password was deleted straight after use.  Therefore, the final decision of the Court of Appeal was not guilty. This case caused a lot of pressure to pass legislation that dealt with the unauthorised access to information.

The first major legislation that dealt with computer crime was the CMA. While this act was passing through  the legislature, it was stated that the “House of Commons was informed that there was some inadequacy in the law as it stood,  and that, if nothing were done, there was a real risk that the UK could become ‘an international hackers’ haven’.” This act had brought into force three computer-related offences:

  1. Unauthorised access to computer materials;
  2. Unauthorised access to computer material with intent to commit or facilitate the commission of a further offence; and
  3. Unauthorised modification of computer material.
Join now!

Walden categorises crimes that involve computers describe them as “the instrument of the crime, such as in murder and fraud, the object of the crime, such as theft of processor chips; or the subject of the crime, such as ‘hacking’ or ‘cracking’”. The Council of Europe’s Convention on Cybercrime have set the foundation for an international harmonization on this area, suggesting a change in legislation. This treaty has identified three substantive categories for which legislation must address. Anne Flanagan recognises these three areas and explains each of these categories and the crimes they concern.

“The first is ‘offences against the confidentiality, ...

This is a preview of the whole essay