This act criminalises any unauthorised access to data or the practice of making modifications to stored information without the permission of the owner.
A hacker called Robert and his friend Stephen hacked into the email account of Prince Philip which as hosted by BT on their Prestel service (email). At the time, no law existed to specifically ban hacking so they were charged for forgery (since they had pretended to be someone else to access the account). They were found guilty but successfully appealed. The appeal judge found them not guilty as the law for forgery was not appropriate.
Because of this, the Computer Misue act was passed into law in 1990. This made the following a criminal offence:
- Unauthorised access to files and data (max 12 months in jail and/or unlimited fine)
- Unauthorised access to files and data with the intention to commit further crimes (max 5 years in jail and/or unlimited fine.)
- Unauthorised modification of files and data (max 5 years in jail and or unlimited fine.)
- Making, supplying or obtaining anything that can be used to assist hacking a computer system (max 10 years in jail and/or unlimited fine.)
The legislation does not provide a definition of a computer as any definition would rapidly become out of date. Definition is left to the courts who are expected to adopt the contemporary meaning of the word.
The issues with this act are:
- Considered out of date
- Preventing cyber security professionals from doing their jobs many worried about losing their job.