COMPUTER MISUSE ACT
The emerging of internet and innovation technologies have thrown a big challenge and questions that need to be answered to the Government, individual and business entity. The enormous impacts of technology innovation cannot be underestimated in term positive and negative impacts on our day –to-day activities. According some business Executives over billions of dollars worth of revenues, and right to confidentiality are lost yearly due to cyber crimes, hacking and other computer related offences.
One of the big challenges imposed was hacking and this led to the genesis of computer misuse act. The hacking to BT's Prestel system by Robert Schifreen and Steve Gold in 1984 and gained full access to BT's customers personal information and email mailbox of Duke of Edinburgh. It introduced a new discussion/perspective to our legal system Although the hackers were charged and convicted under forgery and counterfeiting heading because at that time there was no computer misuse act and their conviction was overturned. This called for discussion and the need for framework of law that will deal with hacking and other offences through computer.
Flow from the above, computer misuse act was conceived and given birth to in 1990 through UK act of Parliament. The legislation was put in place to deal with the handling of information through the use of computer. Although the act doesn't define what is computer but for the purpose of this report, I will define computer to be any device that serves the purpose or that can be used for processing and programming of data. Misuse of it is to use computer or device of any kind to access and process data or information without authorization (accessing unauthorized information.) with intent to commit crimes or offence.
The main reasons for this legislation are to prevent unauthorized access to computer or any of its kind, prevention of internet fraud, hacking, damage to human welfare, denial of service (DOS/DDOS) and other related offences associated with computer or any device.
Amendments to CMA
Many changes and amendments have taken place since the introduction of this (Computer Misuse Act) Act in 1990, crimes and offence through uses of computer have gone down to a significant level that we can appreciate the immediate impact of the legislation. However, the legislation did not elaborate (loophole) very well on some of the offences under the section 3 that stipulates the unauthorized access to a computer with the intent to modify or impair the content of the computer. Some of these offences are hacking and denial of service (DOS), which were, like aliens to the act due to technology innovation. Not until amendment of CMA through Serious Crime Act 2008 in England and Wale and 2007 in Scotland that hacking and Denial of Service (DOS/DDOS) are now seen as serious crime under this CMA.
These offences (DOS/DDOS, HACK) would not have been captured in the initial CMA if not for the sake of amendments. This why is imperative that update to CMA needs to be consistent along with the new technologies innovation because cyber crimes and offences increase as technology advances over time. This can be expressed mathematically below:
Cy = fn (Ti, Legl, La, Ov)
Cy Cyber Crime
Ti Technology Innovations
Legl Lack of Effective Government Legislation
Ov Other Variable
There are other crimes that are being committed in new ways due to the low level of awareness of this legislation and also as a result of inability of the legislation (CMA) to keep pace with the level of innovation that have taken place in (Technology Innovation) technology over the years. Perpetrators have taken advantage of it to commit this horrendous crime (like Phishing, proofing) against innocent people and companies either through sales/marketing strategies such as free downloading of antivirus, or repairing/configuration of Computer by using the process to installed malicious software like RAT on people's computer with intent to obtain credit/debit cards and valuable information.
As result of amendments to CMA over the years, CMA has been able to change along with technology innovation, used the opportunity to deal with the offence/crime activities that are associated with this innovation and it has managed to increase the sentencing power of the competent court as related to each section of the offence.
Many group, organization or individual have continuously asking for increase in sentence from six moths to 2 years for basic hacking offence believing that this will serve as a strong warning and deterrent. The introduction of Serious Crime Act 2015, strengthening CMA by extending the jurisdiction of CMA act through provision of legal basis for prosecuting a UK national who is accused of committing offence/crime under the CMA act outside United Kingdom even if the offence has no other link to the UK, other than the offender's Nationality.
These offences and crimes are put into various categories and the perpetrators or culprits of any of the offence/crime are punishable under the CMA act to a six months imprisonment and /or a fine not exceeding the statutory maximum indictment: imprisonment for a term not exceeding five years and /or fine by competent court.
Computer misuse act offences are categorized into 3 parts/sections namely:
• The section 1: offence of gaining unauthorized access to a computer
• This section 2: this is to collaborate the first offence of gaining unauthorized access computer materials with the intent to commit offence or to facilitate the commission of further offence.
• Third section 3: this type of offence is associated with an unauthorized access to a computer with the intent to modify or to impairing the content of a computer.
Example of offence in section 1, one can be adjudged to have committed an offence in this category if he secretly obtained or used someone password to gain access to his computer or device and views his document or file of any kind on the device (break of confidentiality) without his consent.
Example: R. v Martin (Lewes Stephen)  EWCA Crim 1420.
Lewes Martin,21, was convicted and sentenced to 2 years after pleading guilty for committing under sections 1,23, and 3A relating to DOS attack against Oxford and Cambridge Universities, the Kent Police websites and other two individuals including unauthorized use of another person's PayPal Account.
Section 2 offence can be said to have been committed if one secretly or gain an unauthorized access to somebody computer or device with the intent to obtain his credit cards, bank detail, or information of any kind to commit or facilitate a crime.
Example R V Charles Brown (2014) EWCA Crim 695
Charles Brown, 39, was convicted of one count of possession of article for use In fraud contrary to section 2 of the CMA. This count related to an unauthorized access to computer with intent to gain access to bank accounts by changing the bank holder's detail online to and impersonate in order to obtain new card and PIN.
Offence relating to section 3 can be said to have been committed if an unauthorized access to computer or device of its kind is achieved with the primary aimed to modify the content, to distort the original information or setting. All these can lead to malfunction of the affected computer or device.
Example: R v Cleary, Davis, Al-Bassam and Ackroyd (Southwark Crown Court, 16 and 24 May 2013)
R v Cleary, aged 21, Jake Davis, 20, Mustafa Al-Bassam 18, and Ryan Ackroyd,26, they belonged to the internet hacking group called Lulzec. They pleaded guilty to an offence under section 3 (committed an unauthorized act with intent to impair the operation of a computer), relating to DDos and also committed an unauthorized access and modification to websites including the sites belonging to Sony and NHS during the period of February –September 2013.
Amendments to computer misuse act were carried under Serious Crime Act 2015 in order to hence and improve CMA. This Act (Serious crime Act) introduces two other sections:
• Section 3ZA: unauthorized access to computer creating or causing the risk of serious damage and this damage can be in term of;
(a) Damage to environment of any place
(b) Damage to economy well being of an individual or a country
(c) Damage to national security of a country/nation.
(d) Damage that can result to lose of human life
• Section 3A: this section covers unauthorized supply or obtain tools or articles of any kind to commit or to be used to assist in the commission of the offences stated above in section 1,2,3 and 3ZA.
In addition to the above 2 sections (section 3ZA and 3A), the Serious Crime Act also elaborates and gives extra territorial jurisdiction to CMA act. What does this mean? It means that under the new amendment to CMA through Serious crime Act 2015, legal basis has been provided on which a UK national who is accused of committing an offence/crime under the CMA act outsoide United Kingdom can be prosecuted inside UK even if the offence has no other link to the UK, other than the offender's Nationality.
SCA, also emphasis the need to toughen off on the penalties for some offences that are viewed to be serious cyber crime attacks such as an unauthorized access to computer in case of section 3A offence that can cause serious damage to economy of a nation, damage to national security of a nation, damage that result in lost of human life and damage to environment.
Sentence for committing offence under the following sections in England, wale and Scotland are:
Offence Possible sentence in England and Wale Possible sentence in Scotland
Section 1: offence of gaining unauthorized access to a computer
Maximum six months imprisonment and/ or a fine not exceeding level five on the standard scale
This section 2: this is to collaborate the first offence of gaining unauthorized access computer materials with the intent to commit offence or to facilitate the commission of further offence.
Six months imprisonment and/ or a fine not exceeding th
e statutory maximum indictment: Imprisonment for a term not exceeding five years and / or a fine.
Section 3: this type of offence is associated with an unauthorized access to a computer with the intent to modify or to impairing the content of a computer.
12 months imprisonment and /or a fine Indictment: 10 years imprisonment and /or a fine.
Section 3ZA: unauthorized access to computer creating or causing the risk of serious damage Indictment only: 14years and /or a fine unless the offence resulted in loss of human life and national security in s case a person is guilty of the offence is liable to life imprisonment and /or a fine
Section 3A: this section covers unauthorized supply or obtain tools or articles of any kind to commit any of the offences stated above in section 1,2,3 and 3ZA.
12 months imprisonment and /or a fine. Indictment: Two years imprisonment and/or fine
Attacks, what they are associated with and class of the attacks offence under CMA sections.
1) Phishing, Pharming and Malware are attacks that targeted at online banking. Online banking has been a major concern to Bank and Executives and customers when it comes to security on how to safeguard customer's money, information and accounts.
The perpetrators of any of these attacks can be said to have violated the sections 1,2,3 and 3A of the CMA act.
...(download the rest of the essay above)