What is the Computer Misuse Act?
The Computer Misuse Act was brought into law to attempt to provide a framework to effectively assess and prosecute hackers and other cyber criminals.
Originally drawn up in 1990 and with various appendices since to keep the Act relevant in response to the most current threats, the three Sections of the Act bring into law three criminal offenses:
Section 1: Unauthorised access to computer material
This Section essentially makes accessing or attempting to secure access to any computer or computer data to which the user is not authorised a criminal offense. Even unsuccessful attempts can be prosecuted, the only caveat is that the alleged offender must be aware that the intended access is unauthorised.
Section 2: Unauthorised access with intent to commit or facilitate commission of further offences
Building on the offenses of Section 1, this Section adds the intent to commit or facilitate further offenses once unauthorised access has been secured- such as stealing or deleting data. This more serious offense carries a stiffer penalty, with a maximum of 5 years imprisonment instead of the maximum 2 years for a Section 1 offense.
Section 3: Unauthorised Acts with intent to impair, or with recklessness as to impairing the operation of a computer
Section 3 could carry a sentence of up to 14 years, and includes not only the use of but the creation of malware. Ransomware, Trojans and even Denial of Service (DoS) attacks can be prosecuted under this section of the Act, for the perpetrator and the creator if they are not one and the same.
Prior to the Act coming into effect, hacking as a crime was difficult to categorise and difficult to prove with traditional criminal law not sufficiently able to cover the offenses.
Even with the Act, some ambiguity remains however. Despite intentionally ‘loose’ terminology around what constituents a ‘Computer’ and ‘Data’ for example, hacking and other cyber offenses are still tough to prosecute- particularly considering the quickly evolving landscape of cyber threats.