The Theft Act of 1968 was when a person committed the crime of ‘obtaining property by deception’, which is an act of fraud. This crime can also be committed from other countries around the world which makes it even harder for the law. Here is a case of such a crime;
R v Thompson [1984]
This case is classified as a 'program fraud 'case and is a UK decision.
The Defendant is a computer programmer employed by a Kuwaiti bank. While in the employment, he identified certain bank accounts which has huge amounts of deposits but had remained dormant for a long period of time. He computer programmed to transfer funds to his bank account in Kuwait. Such transfer took place after he had left his employment with the Kuwaiti bank and on his way to UK. In UK, Defendant then instructed his bank in Kuwait to transfer funds to his bank account in England. The event was discovered and he was arrested and charged.
Held by the Court:
The Defendant had not obtained control of money credited to his Kuwaiti accounts until that money was received in England by his English bank. The above followed the deception practiced on Kuwaiti bank by the Defendant having falsely represented to it that the credit balances in his Kuwaiti accounts were genuine.
As to the question of jurisdiction, it was held that the English court has jurisdiction.
(Venturesolicitor)
He created ghost employees with account details of his own. The first thing that the courts would have to decide is who has jurisdiction (power)? Is it the Kuwait courts or the English courts? I would argue that Kuwait courts should have jurisdiction, because that is where the offence took place. As Thompson was a resident and had returned to the UK, the English courts had jurisdiction even though the defense argued that control was obtained in Kuwait. Thompson was prosecuted for the theft act of 1984, but these acts weren't suitable, as sometimes users may carry out fraud without the need to deceive any one, for example if they stole a trade secret.
There were cases were people that committed such crimes got away with a small penalty or sometimes even nothing. The one thing that should have been evolving at the same speed as computers and it users was computer law. It did evolve but slower, so many users who committed these crimes were not convicted of any offences. These cases were seen as forms of computer misuse.
Misuse from the Collins Dictionary
‘The misuse of something is the incorrect, careless, or dishonest use of it’.
If something wasn’t done, then a lot of people would want to get into the hacking business as it was an easy way, and there was no penalty, and companies might have come to a decision that if computers would cause them to lose money then, why adopt them.
2.3 Viruses
Viruses have become very complicated, and it is said that they can spread over world in a matter of hours (Blakemore 2002). In this newspaper article it was written that a Dr Ryan from the University of Birmingham, said that every IT user in the UK should start getting prepared for a cyber terrorist attack. The computer expert said that we shouldn't deploy Microsoft software, as they are the most popular used and virus designers know what to expect. This is why countries like Denmark and France do not install such software. (Blakemore 2002)
3.0 The Computer Misuse Act 1990
In the 1990’s the Computer Misuse act was passed. In a recent study (Ayres 1999) it was reported that this was due to the English Law Commissions proposal for new criminal offences relating to hacking, with the help of the Scottish Law Commission reports as well as there own reports. The Scottish and English Commissions were to look at the various forms of computer misuse, and to see whether they were approached by the law.
The Computer Misuse Act was designed to protect against types of viruses and hackers and three new offences were created.
3.1 Unauthorized Access Offence
Unauthorized access to computer programs or data, the user is guilty if:
- He or she is guilty of causing a computer to perform any operation to gain access to any computer
- The access is unauthorized
- They know that they are unauthorized to access the computer or data
You are guilty of this crime if you attempt guessing someone’s password and username to access a computer with or without a network, even if you don’t succeed, but if a person accidentally logs on with a spelling mistake then they have not committed the crime as they were unaware.
3.2 Ulterior Intent Offence
Unauthorized access with another criminal intent, the user is guilty if
- The aim of committing a more serious crime once unauthorized access was gained
This can done by hacking into a computer and releasing viruses or modify data, to gain advantage, but the Ulterior Intent Offence is only applicable if the more serious crime applies a maximum penalty of 5 years imprisonment or an unlimited fine or both and not less, therefore the viruses or the data modified has to cause a major impact on the business.
3.3 Unauthorized Modification Offence
Unauthorized Modification of computer material, a user is guilty of this offence if,
- He or she carries out an act to modify data whether paper-based before it is entered or electronically
- He or she plans before hand to damage its operation
Refer to the example above (R v Thompson)
4.0 Internet
The computer misuse act can also apply to the world’s biggest network, the Internet, as hackers use the internet as an access tool.
4.1 Defamation
There will always be a competitive market, and organizations are moving to the internet, and are from simply advertising to having 1there own interactive web pages.
If a company wrote an article in a newspaper that there competitor was buying in poor quality products and selling them for a high price, and the statement wasn’t true then the company that made that statement has committed an offence, the crime could have been even committed if the statement was written in an email, or even a web page. This is a conventional law that also applies to the internet, which is when a statement is made of an individual or company which is not true, so therefore is seen as is Libel. There is also another type of Defamation which is called slander.
4.2 Internet Services
Newsgroups, websites, emails, etc are still by law classed as conventional postal services and publishing practices.
4.3 Young Hackers
Internet users especially the ones of a younger generation may not know the consequences of their actions, although they know it is wrong, they may not know it's against the law, or not even care as users of all ages know that it is hard for the law to prevent and detect computer misuse.
More and more home users have started to connect to the internet and are now shopping on-line so therefore hackers can also hack into online shops and access other credit card details and order what they like directly to there doorstep.
Young hackers have also been committed of these crimes, and sometimes these crimes are as serious as fraud. A teenager committed credit card fraud in 1990, and got caught as AT&T, his telephone service provider had recently developed software to prevent and detects such forms of computer misuse.
State Police arrested a 17-year-old computer hacker at his terminal yesterday afternoon, and charged the Bethpage High School student with using his computer to run up more than $1 million worth of long-distance telephone calls on credit card numbers he deciphered.
(Phreak)
4.4 Plagiarism
Students are downloading other users research ad coursework and handing it in word for word as there own (plagiarism), and because the internet is world wide it is sometimes hard to catch student for plagiarism, this is also another type of computer misuse.
There are quite a few sites that have started to appear, web sites like , , , etc. These websites allow students to download there essays and some of these sites are free.
This is another professional issue of concern in computing, as students aren't learning the way they should be, and are interpreting computer misuse. This doesn't apply to the computer misuse act, but is still a form of computer misuse.
To keep the use of computers professional JISC (Joint Information Systems Committee) are trying to pilot anti-cheat software, which detects any material copied from the net, which will be very helpful to schools, colleges and universities. (BBC 2000)
4.5 Shareware
The internet has also adopted web sites where users of all ages can share their own data, (Shareware), this can be any type of data, users are sharing music files, personal data, software which usually have Copyrights & Patents. Most of the sharing which goes on between these web sites is illegal and we need some way of detecting and preventing these types of computer misuse, and to crack down on Intellectual Property Laws (Rowland D. & Macdonald E.). Copyright laws needs to be tightened on the net, Rose (1992) in her studies ‘is copyright dead?’ and states that theirs a belief that copyright laws will die out on computer networks.
4.6 Internet Service Providers
Users of the internet need some way of access to the World Wide Web which is done by the use of ISP’s (Internet Service Providers). ISP’s provide storage (FTP), newsgroups, web space for web pages, and address, etc for there users. By law it is there responsibility according to the Defamation act of 1996 that they are not held responsible for libel statements as long as they did not write or edit the statements, which they have to be able to prove in court, but they are supposed to prevent them from appearing, this also helps professionalism within the WWW as it is so big and ISP’s have to responsibilities of there services, to prevent and detect types of computer misuse.
5.0 Data Protection Act
This act holds regulations of the use and storage of personal data. Personal data can be information relating to individuals. If an individual hacks into a system which has personal information stored and makes a copy without even modifying or erasing it, he can be if caught committed of the data protection act of 1984, therefore it is a criminal offence to hold personal information without being registered to do so (Glamorgan).
The 1984 data protection act was made to strengthen the principles of racial organization, religious beliefs, health, etc. This was not the case, that’s why in 1998 the act bought in regulations to personnel data. (Lloyd 2000)
6.0 User awareness
User awareness is a key factor in almost every large organization, individuals who hack have always got their ears and eyes open for passwords, this is why you should never write down your password or even shout it out. Hackers can easily walk passed someone, login into their system and watch them type their password.
IT users should be warned about these laws and ISP’s should also tell their users too. They should include these laws in their user agreements, but still only a few will take time to read the long policies.
7.0 Security
Computer security is a must, and helps prevent and detect computer misuse.
7.1 Policies
Most companies do have polices for their employees which may include:
- No games or data bought into work
- Can help prevent viruses, and make it harder for employees to bring in hacking software
- Random searches before employees leave for the shift
- To check if employees bringing in software or taken company data
- Access to the internet is controlled and logged
- In case they download hacking software, or viruses
- So there is no personnel use of the internet
- No laptops allowed in
- As these can be tolls used for hacking, if they have hacking software installed
- No Printed work can be taken home
- In case it is personnel/confidential company data
- Change of passwords every month
- To prevent eavesdroppers from getting passwords
- No writing down or sharing passwords
- As this makes it easier for eavesdroppers
Policies such as this can help prevent computer misuse and if a user is in breach of the policy, they maybe even asked to leave the organization.
7.2 Prevention and Detection Software
There are two main types of software that help prevent and detect computer misuse, the first is anti-virus software, which basically detects viruses and quarantines them from the infected systems. Anti-virus software has to be regularly updated as new virus definitions are released all the time. There are over 5000 identifiable viruses now (Microsoft).
The second is a firewall, this application acts as a barrier from other hacking software and makes it harder for hackers to gain access through this barrier. Some firewalls can give you the hackers IP address and location. These applications also need regular updating as there are so many different types of hacking software coming out all the time, like for example the ‘T0rn rootkit’ software (Newsforge 2002)
The National Security agency in America, help bring out better codes and encryption to make it harder for hackers to gain access to such deployed systems (Robert 1999).
7.3 Network Operating systems
Network operating systems have there own ways in which they prevent computer misuse, here are some ways;
Users are organized into groups, each group allows different users to access inappropriate data applications for example the accounts department will only have access to the payroll details
These password are not stored as text in a file, they are encrypted so even if hackers find the file they will not be able to read the usernames and passwords
Sometimes the data is also encrypted, and sometimes have separate password protection.
8.0 Conclusion
The prevention and detection of computer misuse is very important, as we have to keep our computer society professional and ethical.
In the 1980's onwards it was very difficult to commit people for the crimes of fraud and computer misuse, which is why such acts were passed such as the computer misuse act.
Although many sophisticated software which helps prevent computer misuse, there are also software applications which help hackers and crack systems. There will and has always been a constant battle between the two.
There are other ways of detecting and preventing computer misuse, the most important being security.
More acts need to be passed like the Computer misuse act, everywhere society changes we need to re-look at law.
Web sites like Freeessays,schoolsuck.com, are sites that support computer misuse, I have learned that there should be laws against such websites, and that acts like the computer misuse act, are not appropriate to deter such individuals placing these websites on the WWW.
Computer misuse is still today being practiced and some laws still do not suffice. For example a hacker may commit such a crime from a country with less stringency to these laws. If we did not act upon professionalism in these countries our law will also be less stringent.
Security isn't something that you just deploy, it needs constant updating and evaluating.
If we lose professionalism we will also lose our IT industries, and our internet, users will stop buying of easy cracked software. This is why we need to win the battle against such computer misuse.
9.0 References
Ayres R. (1999), ‘The essence of: Professional issues in computing’, p131, P43
Blakemore S. (2002), Birmingham Post; Oct 23, 2002
Collins, ‘Dictionary’
Lloyd I. J. (2000), ‘Information Technology Law’, 3rd Edition, P77, 5.33
Rose L. (1992), ‘Netlaw: our right in the online world’, P87
Rowland D. & Macdonald E. (2000), ‘Information Technology Law’, 2nd Edition, P11
BBC (2000), ‘ ’
Glamorgan, ‘ ‘
Microsoft, ‘’
Newsforge (2002), ‘ ‘
Phreak, ‘ ‘
Venturesolicitor (1982), ‘ ’
10.0 Bibliography
Carr I. & Williams K. (1994), ‘Computers and law’
Karnow C. E. A. (1997), ‘Future codes: Essays in advanced computer technology and law’
Knott G. (2000), ‘BTEC nationals for computing’
Knott G. (1993), ‘Computer Studies for BTEC’, 3rd Edition
Lloyd I. (2000), ‘Legal aspects of the information society’
Reed C. (2000), ‘Computer Law’, 4th Edition
Tapper C. (1989), ‘Computer Law’
Blink (March 2001) ‘ ‘ on-line journal
Pain S. (2002), Birmingham Post; Birmingham (UK); Oct 1, 2002
Allen K. (2002), The Independent; London (UK); Sep 20, 2002
BCS,
Sgrm,
Jlis,
Warwick,
CCsr,
Southernct,
Fraw,
Wiu,
Loundy,
Netcoalition,
Phreak, http://www.phreak.org/archives/underground/phrack/phrack32/p32-10
Sans, (How T0rn rootkit works)
