Week 7 - Lecture 3: Computer Misuse Act 1990 (De Montfort University)

Week 7 - Lecture 3 The Computer Misuse Act 1990 (With Some Basics of Criminal Law) 1 Learning Objectives Understand some basics about crime Realise the ‘hacking’ is a criminal offence The Act has evolved over a (relatively) short period of time It includes some VERY serious offences and penalties Some Basics for a Crime To establish a crime normally requires: Actus Reus and Mens Rea. Actus Reus =Physical Action/Action The actus reus must always exist Mens Rea Mens Rea - a guilty intention or some level of thought involved. From a subjective or objective perspective. Often somewhere in between. Sufficient presence of MR ultimately decided by a judge or jury. Quite a qualitative exercise. Certainly not mathematical. Instigation of the CMA 1990 R v. Gold and Schifreen The culprits ‘shoulder-surfed’ a BT engineer at a conference Obtained his BT Prestel log in details. Could enable access to Prince Phillip’s Prestel account. Direct access thereby to nuclear bomb activation system. But… Was it theft? No Was it fraud? No Was it blackmail? No No such ‘offence’ ever envisaged until then/didn’t exist! So the solution - create the Computer Misuse Act 1990 Recklessness or Intent? The Computer Misuse Act 1990, S.3 uses the term recklessness to describe the level of thought required for existence of necessary mens rea. All other sections of the Act create offences requiring intent. What is recklessness? Rv. Caldwell AC 341-older view that if a reasonable man would have realised what would happen then the accused should have and would therefore be guilty. Talks about: Obvious risk Not giving any thought to possibility of risk Recognising it and going on nonetheless to do it Considered Unfair… R v. G UKHL 50, current view that whether the accused has the necessary mens rea for recklessness should be viewed subjectively. Places emphasis upon whether in the circumstances known to the [that particular] defendant it was unreasonable to take the risk/do the thing complained of. Criminal Standard of Proof… BEYOND REASONABLE DOUBT CMA 1990 Creates 5 Offences 1. Unauthorised access to computer material (aka ‘Hacking’) 2. Unauthorised access with intent to commit or facilitate commission of further offences. 3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. 3A. Making, supplying or obtaining articles for use in offence under section 1 or 3 3ZA. Unauthorised acts causing, or creating risk of, serious damage 1 What is a Computer? The CMA cleverly does not define a 'computer‘ purposely to allow for technological development. In DPP v McKeown and, DPP v Jones 2 Cr App R 155 HL, Lord Hoffman defined a computer as 'a device for storing, processing and retrieving information‘. Includes ad infinitum… TV Baby monitor Key fob Smart loo Fridge Cash register Vehicle Watch… S.1 Unauthorised access to computer material (1)A person is guilty if: (a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer or to enable any such access to be secured ; (b)the access he intends to secure or to enable to be secured is unauthorised; and (c)he knows at the time when he causes the computer to perform the function that that is the case. (2)The intent need not be directed at (a)any particular program or data; (b)a program or data of any particular kind; or (c)a program or data held in any particular computer. 5 S. 2 Unauthorised access with intent to commit or facilitate commission of further offences (1)A person is guilty if he commits an offence under section 1 with intent: (a)to commit an offence or (b)to facilitate the commission of such an offence (by himself or by any other) (2)This section applies to offences (a)for which the sentence is fixed by law (b)It is immaterial whether the further offence is to be committed on the same occasion as the unauthorised access offence or on any future occasion. (c) A person may be guilty under this section even though the facts are such that the commission of the further offence is impossible. 6 S.3 Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. (1)A person is guilty if (a)he does any unauthorised act in relation to a computer; (b)at the time when he does it he knows that it is unauthorised; and (c)either subsection (2) or subsection (3) below applies. (2)This subsection applies if the person intends by doing the act (a)to impair the operation of any computer; (b)to prevent or hinder access to any program or data held in any computer; (c)to impair the operation of any such program or the reliability of any such data; or (d)to enable any of the things mentioned above to be done. (3)This applies if the person is reckless as to whether the act will do any of the things above. (4)The intention or the recklessness need not relate to (a)any particular computer; (b)any particular program or data; (b)“act” includes a series of acts; (c) impairing, preventing or hindering something includes doing so temporarily 7 S.3A Making, supplying or obtaining articles for use in offence under section 1 or 3 1)A person is guilty if he makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of an offence under section 1 or 3. (2)A person is guilty if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of an offence under section 1 or 3. (3)A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of an offence under section 1 or 3. (4) “article” includes any program or data held in electronic form. 8 Crown Prosecution Guidance 2018 Consider whether the article was circulated to a closed and vetted list of IT security professionals. Has the article been developed primarily, deliberately and for the sole purpose of committing a CMA offence? Is the article available on a wide scale commercial basis and sold through legitimate channels? Is the article widely used for legitimate purposes? What was the context in which the article was used compared with its original intended purpose? S. 3ZA Unauthorised acts causing, or creating risk of, serious damage (1)A person is guilty if (a) does any unauthorised act in relation to a computer (b)at the time of doing the act knows that it is unauthorised; (c)the act causes, or creates a significant risk of, serious damage of a material kind; and (d) intends by doing the act to cause serious damage of a material kind or is reckless as to whether such is caused. (2)Damage is of a “material kind” if it: (a)damages human welfare in any place; (b)damages the environment of any place; (c)damages the economy of any country; or (d)damages the national security of any country. For the purpose of subsection (2) (a) An act causes damage to human welfare if it causes: (a)loss to human life; (b)human illness or injury; (c)disruption of a supply of money, food, water, energy or fuel; (d)disruption of a system of communication; (e)disruption of facilities for transport; or (f)disruption of services relating to health. Possible Targets of S.3ZA Attacks… Chemicals Government Civil Nuclear Health Communications Space Defence Transport Emergency Services Water Energy Food Penalties under 3ZA! A person guilty of an offence under this section is liable, on conviction on indictment, to imprisonment for a term not exceeding 14 years, or to a fine, or to both. (7)Where an offence under this section is committed as a result of an act causing or creating a significant risk of: (a)serious damage to human welfare of the kind mentioned in subsection (3)(a) or (3)(b), or (b)serious damage to national security, a person guilty of the offence is liable, on conviction on indictment, to imprisonment for life, or to a fine, or to both S. 4 Territorial Scope of the CMA 1990 It is immaterial for the purposes of any offence under section 1 or 3 (a)whether any act or other event proof of which is required for conviction of the offence occurred in the home country concerned; or (b)whether the accused was in the home country concerned at the time of any such act or event. at least one significant link with domestic jurisdiction must exist in the circumstances of the case for the offence to be committed. (3)There is no need for any such link to be established for an offence under section 2 9 Significant Link Defined In relation to an offence under section 1, either of the following is a significant link with domestic jurisdiction: (a)that the accused was in the home country concerned at the time when he did the act or any effected computer was in the home country concerned at that time In relation to an offence under section 3, either of the following is a significant link with domestic jurisdiction: (a)that the accused was in the home country concerned at the time he did the unauthorised act (or caused it to be done) or the unauthorised act was done in relation to a computer in the home country concerned 10 Warrants If a circuit judge, District Judge/Magistrate is satisfied by information given by a constable there are reasonable grounds for believing— (a) an offence under section 1 above has been or is about to be committed; and (b)that evidence is in those premises; he may issue a warrant authorising a constable to enter and search using such reasonable force as necessary. (2)The power conferred by subsection (1) above does not extend to authorising a search for material of the kinds mentioned in section 9(2) of the Police and Criminal Evidence Act 1984 (e.g. privileged material). (3)A warrant remains in force for three months. 11 Circuit Judge If... Reasonable grounds for believing : (i) that a serious arrestable offence has been committed (ii) that there is material which consists of special procedure material on premises or (iii) the material is likely to be of substantial value 12 Remember... “premises” includes land, buildings, movable structures, vehicles, vessels, aircraft and hovercraft… 13 Cyber Kiosks: No Warrant Required Cyber kiosks access private data such as text messages, encrypted conversations, photos, web browsing history, contacts and call records in a matter of seconds without a warrant. Devices handed over to police are plugged in to the kiosks to allow officers to search for evidence held on the phone, and in cloud storage systems. Thank You 14

Week 7 - Lecture 3: Computer Misuse Act 1990 (De Montfort University)

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue