Computer Misuse
a person is guilty of an offence if
1. he does any act which causes an unauthorized modification of the contents
of any computer; and
2. at the time when he does the act he has the requisite intent and the requisite
knowledge.
The Act then goes on to explain that:
the requisite intent is an intent to cause a modification of the contents of any
computer and by so doing
1. to impair the operation of any computer;
2. to prevent or hinder access to any program or data held in any computer; or
3. to impair the operation of any such program or the reliability of any such
data.
Furthermore, the Act goes on to make clear that it is not necessary to have any
particular computer or any particular program or data in mind. Like the
offence under Section 2, this offence carries a maximum penalty of five years’
imprisonment or an unlimited fine.
It is the offence created by Section 3 that gives the Act its power. For ex-
ample, it makes each of the following a criminal offence:
intentionally spreading a virus, worm, or other pest;
encrypting a company’s data files and demanding a ransom for reveal-
ing the key required to decrypt it;
concealed redirection of browser home pages;
implanting premium rate diallers (that is, programs that replace the
normal dial-up code for the computer with the code for a premium rate
service).
THE 2004 REVIEW OF THE COMPUTER MISUSE ACT
In 2004, the All-Party Parliamentary Internet Group (APIG), a group of British
MPs and Members of the House of Lords, carried out a review of the workings
of the Computer Misuse Act. They took evidence from a large number of indi-
viduals and organizations, including the BCS and the IEE, many of whom
urged the need to extend the Act to include many more specific offences.
APIG concluded that the Act needed comparatively little modification. It
recommended an additional offence of ‘impairing access to data’, which
could be used to prosecute the perpetrators of denial of service attacks,
which cannot always be prosecuted under Section 3 of the Act. (A denial of
service attack is an attack on a website in which it is flooded with so many
211

Get Professional Issues in Information Technology now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.