The existing Computer Misuse Act in the UK was based on issues pursuing the hacking cases of the eighties.
Its primary principle is the concept of the "unauthorised access" and "unauthorised modification" to computers. It was updated by sections of the Police and Justice Act 2006.
- 1 Current Law
- 2 Recommendations to amend or reform the CMA
- 3 Issues
- 4 Applicability of CMA for Pro-Rights Cases
- 5 References
From a digital rights perspective, the current CMA suffers from some flaws. In an online world where many machines now provide open access to data - public web servers, for instance - it can be difficult to discriminate between what is authorised, and what is unauthorised access.
The Computer Misuse Act has generally protected the rights of those who wander into "unauthorised" areas by requiring not just unauthorised access, but also knowledge by the accused that such access was unauthorised. This has made it a hard law to prosecute under, which has led for some calls for reform.
Recommendations to amend or reform the CMA
ICF paper, 2003
Internet Crime Forum (1997-2005?) produced a paper in April 2003 recommending reform.
All Party Internet Group report, 2004
- Revision of the Computer Misuse Act, APIG, June 2004
Computer Misuse Act 1990 (Amendment) Bill 2005
Police and Justice Act 2006
Serious and organised crime strategy 2013
The Serious and organised crime strategy published in 2013 states that the government will bring forward proposals to "amend the Computer Misuse Act 1990 to update existing offences to cover importing tools for cyber crime (such as data or programmes designed for unlawfully accessing a computer system)" The government "will legislate as soon as the parliamentary timetable allows".
Attacks Against Information Systems Directive
Serious Crime Bill
The Serious Crime Bill announced in 2014 will amend the CMA likely to comply with the European directive.
Microsoft have also suggested that DRM be protected under a reformed Computer Misuse Act: so it would be possible for computer users to be prosecuted for "unauthorised access" to their own computer. (See para 18, Revision of the Computer Misuse Act: Report of an Inquiry by the All Party Internet Group).
Public interest defence
Incidents where such a defence would have been applicable might have been the hacking of the emails of a man suspected of faking his own death, and where a BBC production bought access to a botnet as part of a story.
- Greg Callus, 2012-04-05
In October 2014 the Liberal Democrats accepted a policy proposal from Dr Evan Harris that several laws such as Regulation of Investigatory Powers Act 2000 and the CMA be amended to protect journalists.
Legitimate tool use
There's also a danger that any reform will include the prohibition of "hacking tools", which would have profound effects on code as speech, as well as handcuffing legitimate security professionals. Making supplying or obtaining articles for use in offence is prohibited in section 37 of the Police and Justice Act 2006.
Authorisation through Terms of Service
Computer users also have the right to defend their own systems against attack, and to research and investigate the networks in which they operate. This was part of problem with the Daniel Cuthbert case, where a user checking to see the validity of a website he was using was latter prosecuted for "unauthorised access".
The solution here is not reform, but establishing more clearly into case law the expectations of an experienced online user. The danger lies in blanket "terms of service" establishing minimal rights for Net users, against common practice.
- Two Recent Computer Misuse Cases, Peter Sommer, 2006-01-16
Applicability of CMA for Pro-Rights Cases
- Could the Act be interpreted to disallow invasive DRM such as the Sony Rootkit, as similar laws in the US have been? (Possibly for acts that took place before the EULA was clicked. Arguably for subsequent behaviour if insufficiently described by the EULA, or if the EULA is not seen as authorisation --dob 01:44, 22 January 2006 (GMT) )
- Hansard, 2005-04-05
- Serious and organised crime strategy, GOV.UK, 2013-10-07
- Hansard, 2014-03-27
- Keynote Speech for the Internet Service Providers’ Association (ISPA) Annual Conference, GOV.UK, 2013-11-27
- Hacked Off: Journalism and the public interest
- Hacked Off: Public Interest Defences
- Sky News admits hacking emails of 'canoe man', Guardian, 2012-04-05
- BBC botnet 'public interest' defence rubbished by top IT lawyer, Register, 2009-03-18
- Text of Evan Harris's speech at the Lib Dem Conference backing Public Interest Defences and RIPA safeguards for journalist sources, Oct 2014
- Law change to stop police spying on phone records of journalists becomes Liberal Democrat policy, 2014-10-06, PressGazzette