The growth of the internet has changed the way in which many people socialise and find out about things. Along with this has come a drive to keep the internet safe and secure from people who may use the internet for criminal activities, for whatever reason they may have these criminal activities fail under current UK law to be classed as a crime. This paper will argue out that the UK’s Computer Misuse Act is not fit for purpose and needs to be reformed to keep up with the demands given by the internet and the way people communicate online.
Current UK Computer Misuse Act
The Computer Misuse Act 1990 is currently the law that deals with computer crime and computer hacking. The basic rule of the Computer Misuse Act is that you cannot access or interfere with someone elses data without their permission or do so in a way that impairs their ability to use the data. As well as that the Computer Misuse Act would punish with up to 10 years in prison anyone who is found with software that can be used to avoid, by trickery and deception, protection measures built into computer systems. This law was enacted before the internet was as widely available as it is today.
The growth of the internet has brought about the need for the Computer Misuse Act to be updated so that there is a clear distinction amongst people who use the internet for legitimate purposes and people who use the internet for unlawful purposes. The Computer Misuse Act is incapable of dealing with unlawful web based activities due to its broad definition.
The Computer Misuse Act defines computer(s) as “a device for storing and processing data, and associated equipment” that is possessed by a person, or is under their control. The law places responsibility on the internet users for any illegal actions their computer takes unless they can prove otherwise. The only evidence that a person can use of their innocence is to prove that their computer was in control of someone else, and if they are found to be guilty say their computer was used by another person without their knowledge or consent, they can find themselves charged and facing imprisonment, when in fact they were not responsible for the actions of their computer.
The main problem with the Computer Misuse Act is with the legal measures that are currently used to stop or catch hackers, or anybody that is using the internet to commit an unlawful act. The UK Police do not have a department designed to handle computer crime, they have only a few officers who are responsible for dealing with it. The police do not have access to the tools that they need to be able to catch computer criminals, they do not have the time or money to produce the necessary evidence to prosecute these criminals. The police have to take their evidence from computer crime specialists, they have to ask private companies for the information they need. Hackers and online criminals are becoming aware of the fact that the police do not have the time or resources to catch them, so they return to the same website and commit crimes again and again.
The Computer Misuse Act is very broad, it does not acknowledge the difference between a criminal computer hacker and a large business. Which may have legal ways of accessing information and data that they have paid for and are using for a lawful purpose. These business firms are seen by the law as having the same rights to penetrate computer systems as computer criminals, i.e. having the ability to access data and data storers with or without the permission of the owners of this data. The Computer Misuse Act is a common law offence, which also contributes to the problem as common law is always changing, throughout the duration of a trial the law could change.
Nobody is able to say with any kind of certainty what the definition of illegal access is, illegal access can be done in many ways, or simply be carried out by the inability to comprehend the law. Which was set out when the Computer Misuse Act was created in 1986. The Computer Misuse Act could be interpreted to include any person who uses information in any way that is illegal under that persons own legislation, which ever it is, but they could also be seen by others as not doing anything illegal at all. If it is not possible to make a clear definition of illegal activities then the law is not fit for purpose.
There is also the problem of whether you can technically be found to have access to data, if your computer is constantly connected to the internet it is very hard to prove that you did not have access to a website, especially if you had previously used the website. Going back to the example given of a business firm using legally purchased software to access their own database, this would be viewed as illegal under most laws.
But the idea of malicious software such as viruses and other harmful software falls outside the law. As the Computer Misuse Act does not in any way, shape or form include anything to do with security and anti-virus software, or any other forms of protection software.
If you cannot access data on a computer without the permission of the owner of the computer and the data, there would be little point in asking whether the owner of the computer and the data would want you to access it. So we can assume that anyone who puts a computer online is doing so on purpose, in order for people to access it.