The Legal Framework

Computer Misuse Act 1990

If someone breaks into an office and takes away documents then they have clearly broken several laws. Moreover there is physical evidence of their crime. They will have items from the office and they may have left physical traces at the site of the crime. They may even have been seen committing the crime.

If a hacker remotely accesses the same company's computer to obtain identical data then the situation is more complex. There has been no physical entry, the original data may still be on the computer, unaltered by the unauthorised access. The hacker may have gained access from a terminal in another town, country or even continent.

It is obvious that, where hacking is concerned, it will be difficult to detect that the crime has taken place and possibly more difficult to prove the guilt of the culprit. Indeed until the Computer Misuse Act of 1990 it was not certain that any offence had actually taken place since it was unclear whether or not hacking a computer system was illegal.

The Computer Misuse Act defines three offences.

Unauthorised Access

Accessing or attempting to access a computer system knowing that the access is unauthorised. This offence is aimed at hackers who try to break into a system just to browse or simply to show that they can.

Access with Ulterior Intent

This is when the hacker has some definite and criminal objective in mind when attempting to access the system. If he or she were trying to alter data to their advantage or to obtain trade secrets to sell to a rival firm. This is a more serious crime than the previous one because of the criminal intent behind the attempted access.

Unauthorised Modification

This makes it an offence to intentionally make or cause unauthorised changes to the data or software stored on a computer system. This offence includes the deliberate distribution or spreading of viruses and similar programs since there is an intention to cause unauthorised changes to data.

© LEV