Computer Misuse Act 1990

46 Computer Science Topics

We’ve created 46 modules covering every Computer Science topic needed for GCSE level. These are transferable across AQA, CIE, Edexcel, CIE & Internationally. Suitable for teachers or home educators alike.

Whether you’re a brand new Computer Science teacher, or you’ve been teaching ICT for years, our resources will save you hours and hours of lesson preparation every single week.

View the resources →

The Computer Misuse Act (CMA) is a law that was passed in the UK in 1990.  The CMA was intended to craft regulations and exercise authority over computer misconduct and internet deception. The law was enacted in order to:

The CMA is comprehensive and all-encompassing, which has raised concerns among privacy supporters who believe in minimising governmental impact on daily life and behavior.  Even so, the CMA has become a model for computer crime regulation in other countries.

Hacking has been existing since the internet has started.  There will always be some people who simply want to try and penetrate a computer system.

Before 1990, there was no law in place to address the problems caused by hacking.  Everyone knew it was wrong, but there was nothing to be done about it.

As the problem expanded, it has become necessary to craft a law to prosecute the hackers.  Thus, the Computer Misuse Act was passed in 1990. There are four main offences which make up this act.

The first offence is unauthorized access to computer material.  We’ve probably all committed this offence at some time.  It may be considered the least serious offence, but it is still a crime.  Accessing someone’s files, social media account, etc. without permission is illegal, even if it’s by using a password.  If found guilty of this offence, there is a potential sentence of up to 6 months in prison and a large fine.

The second offence is unauthorized access with intent to commit or facilitate a crime.  This is considered a very serious offence, and can generally be described as  attempting to log on as someone else with the intention of breaking the law.  For example, logging on to someone’s eBay account in order to defraud a customer.  If found guilty of this offence, there is potential sentence of up to 5 years in prison and a very large fine.

The third offence is the unauthorized modification of computer material.  This offence involves the deletion of files you are not authorized to access; changing of files that you are not authorized to access; and the introduction of viruses to a computer system.  If found guilty of this offence, there is potential sentence of up to 5 years in prison and a very large fine.

The fourth offence is making, supplying or obtaining material that could be used in computer misuse offences.  This can involve the creation of viruses, supplying viruses to others, and acquiring viruses from others for use.  If found guilty of this offence, there is a potential sentence of up to 5 years in prison and an unlimited fine.

Making – includes the creation of computer viruses, worms, trojans, malware, malicious scripts, etc.

Supplying – covers the spreading of computer viruses, worms, trojans, malware, malicious scripts, etc.

Obtaining – relates to intentionally acquiring computer viruses, worms, trojans, malware, malicious scripts, etc.

Hacking is a very serious offence, even if it’s done without any intent to cause damage.  Hackers who have been caught will find themselves in a lot of trouble with the law.

There are problems with the act.  Proving guilt can be quite hard, and prosecutions can often become a drawn-out process.  It is common for individuals to plead ignorance.  Sentences for the crimes are often lenient, in comparison with the maximum sentences involved.

Challenges

  • Proving the intent to cause damage when the crime was committed.
    • Most people claim to be not aware that what they are doing is illegal, or that they were not aware that they were in possession of a virus that infected other systems.
  • Tracing responsibility for the crime.
    • Most people put the blame on to other people, claiming that somebody else used their account and password to commit the crime.
  • The damage has already been done.
    • By the time the offender is caught, data has been already lost, damaged, or distributed.

It would be advisable to take a look at these challenges, revisit the CMA, and look for possible ways to improve the law.  Since cybercrime has been so quick to develop, the law must also be quick to regulate the crimes and protect the innocent.