The Computer Misuse Act 1990 is a law in the UK that makes certain activities illegal, such as hacking into other people’s systems, misuse of software, or helping a person gain access to protected files on someone else’s computer. The law was created after the case R v. Gold from 1984-1985, which was appealed in 1988. The appeal was successful, inspiring parliament to create a law that would make the behavior committed by Robert Schifreen and Stephen Gold punishable. Obviously it couldn’t be applied retroactively, but its purpose was to discourage behavior like theirs in the future.
The three sections of the Computer Misuse Act 1990 include making it illegal to access computer material without authorization.
What happened to open the case and ultimately lead to the law was this: Gold watched a Prestel employee at a trade show enter his username and password into a computer. Gold and Schifreen then used this information from a home computer to access British Telecom Prestel’s system, and specifically to get into Prince Philip’s private message box. Prestel became aware of this access, arrested the two men and accused them of fraud and forgery. The men were convicted and fined, but appealed the case.
Violation of the Computer Misuse Act 1990 can result in imprisonment.
One of the key aspects of the appeal was that the two men were not using the data in any way for personal or illegal gain. Since no material gain was involved in spying on someone else’s system, they argued that the charges under the specific laws could not apply to them. The House of Lords acquitted the men, but decided to ban such behavior in the future. This led to the development of the Computer Misuse Act and made into law in 1990, two years after the successful appeal.
The Computer Misuse Act of 1990 prohibits attempts to obtain someone else’s password.
The act is divided into three sections and makes the following acts illegal:
Under the Computer Misuse Act, accessing a computer to commit a crime is illegal.
Unauthorized access to computer material Unauthorized access to computer systems with the intent to commit another crime Unauthorized modification of computer material
The first section of the act prohibits a person from using another person’s identification to access a computer, run a program or obtain any data, even if no personal gain is involved in such access. Individuals also cannot change, copy, delete or move a program. The Computer Misuse Act also prohibits any attempt to obtain someone else’s password. Of course, if someone gives your identification to someone else and that person is able to use the computer legally, these unauthorized access laws do not apply.
The second provision in the law is gaining access to a computer system in order to commit or facilitate a crime. An individual can’t use someone else’s system to send material that might be offensive or to start worms or viruses. He also can’t give someone his identification of him so that he can use a system for this purpose. This second part means that the individual would be someone else’s intent or crime.
Unauthorized modification in the Computer Misuse Act means that a person can’t delete, change, or corrupt data. Again, if someone puts a virus into someone else’s system, he would be violating the act. Usually, committing unauthorized access only is thought to be a crime punishable by fine. Access with intent and unauthorized modification are considered more severe and may be punished by heavy fines and/or jail time.
Sending a virus to an individual’s computer would be considered a violation of the Computer Misuse Act of 1990.