Subscribe to the wiseGEEK Feed

What is the Computer Misuse Act of 1990?

The Computer Misuse Act of 1990 is a law in the UK that makes illegal certain activities, such as hacking into other people’s systems, misusing software, or helping a person to gain access to protected files of someone else's computer. The Computer Misuse Act came into being after the 1984-1985 R v. Gold case, which was appealed in 1988. The appeal was successful, inspiring parliament to create a law that would make punishable the behavior committed by Robert Schifreen and Stephen Gold. It obviously could not be applied retroactively, but it's goal was to discourage behavior like theirs in the future.

What occurred to prompt the case R v. Gold, and ultimately lead to the Computer Misuse Act was the following: Gold watched an employee of Prestel at a tradeshow enter his username and password. Gold and Schifreen then used this information from a home computer to access the system of British Telecom Prestel, and specifically to enter the private message box of Prince Philip. Prestel became aware of this access, trapped the two men and charged them with fraud and forgery. The two men were convicted and fined, but they appealed their case.

One of the key aspects of the appeal in R v Gold was that the two men were not using the data in anyway for personal or illegal gain. Since no material gain was involved in spying on someone else’s system, they argued that the charges under the specific laws could not apply to them. The House of Lords acquitted the men, but became determined to forbid this type of behavior in future. This led to the Computer Misuse Act being developed and passed into law in 1990, two years after the successful appeal.

The Computer Misuse Act is split into three sections and makes the following acts illegal:

  • Unauthorized Access to Computer Material
  • Unauthorized Access to Computer systems with intent to commit another offense
  • Unauthorized Modification of Computer Material

The first section in the Computer Misuse Act forbids a person to use someone else’s identification to access a computer, run a program or obtain any data, even if no personal gain is involved in such access. You also cannot change, copy, delete or move a program. The Computer Misuse Act also outlaws any attempts to obtain someone else’s password. Obviously, if someone gives you their identification and you may legally use the computer, these laws under Unauthorized Access do not apply.

The second provision in the Computer Misuse Act is gaining access to a computer system in order to commit or facilitate a crime. You can’t use someone else’s system to send material that might be offensive or to start worms or viruses. You also can’t give someone your identification so they can use your system for this purpose. This second part means that you would be facilitating someone else’s intent or crime.

Unauthorized Modification in the Computer Misuse Act means you can’t delete, change or corrupt data. Again, if you put a virus into someone else’s system you would be violating the act. Usually committing Unauthorized Access only is thought a crime punishable by fine. Access with Intent, and Unauthorized Modification are considered more severe and may be punished by heavy fines and/or jail time.

Written by Tricia Ellis-Christensen

Related posts
Home Terms Privacy Policy About Contact FAQ rss
copyright © 2003 - 2012 conjecture