Post on 12-Dec-2014
description
Anti-hacking legislation
To identify and show understanding of the offences covered by the Computer Misuse Act 1990.
ALL: Will be able to state the three offenses specified in the Act MOST: Will be able to explain the consequences of breaking t Act SOME: Will show understanding of the offenses by categorising
scenarios
A quality set of notes covering the Computer Misuse Act.
Introduced as a result of concerns about people misusing the data and programs held on a computer
Other laws tried instead
Examples. Cox v Riley 1986 (Criminal Damage Act 1971) R. v Gold and Another (Forgery and Counterfeiting
Act 1981)
The case of R. v Gold and Schifreen was highly publicised
Gained unauthorized access to British Telecom's Interactive viewdata service
Lead to Law Commission produced report Report No.186, Computer Misuse
This became the Computer Misuse Act 1990
http://bit.ly/kBSHIi
Original bill specifically aimed at hackers
Many amendments during passage through parliament
Eventual legislation very broad based, lost much of the original intent
The Act specifies 3 offences
In summary these are:- ◦ Unauthorised Access◦ Unauthorised access with intent to commit further
offences◦ Unauthorised acts with intent to impair operation
of a computer etc.
◦ http://www.legislation.gov.uk/ukpga/1990/18/contents◦ http://goo.gl/Nn7vz
Unauthorised Access
◦ Summary penalty maximum12 months imprisonment / fine of up to statutory maximum
◦ Indictment penalty up to 2 years / fine / both
You are committing an offence if you try to access any program or data held in any computer without permission and you know at the time that this is the case.
E.G. A student gaining access to a fellow students area, or breaking in to the college administrative system, is breaking this category of act.
Summary conviction – tried by a judge alone Indictment conviction – held before a jury
http://www.legislation.gov.uk/ukpga/1990/18/section/1
Unauthorised Access with intent to commit further offenses
◦ Summary penalty 12 months imprisonment / fine of up to statutory maximum
◦ Indictment penalty up to 5 years / fine / both
You are committing an offence if you try to access any program or data held in any computer without permission and you know at the time that this is the case and you intend to commit a further offense
E.G. A student breaking into the college administrative system so as to change his/her grades but does not succeed
Summary conviction – tried by a judge alone Indictment conviction – held before a jury
http://www.legislation.gov.uk/ukpga/1990/18/section/2
Unauthorised Acts with intent to impair operation of a computer etc.
◦ Summary penalty 12 months imprisonment / fine of up to statutory maximum
◦ Indictment penalty up to 10 years / fine / both
You are committing an offence if you access any program or data held in any computer without permission and amend, delete, corrupt the data etc. held on the system
E.G. A student breaks into the college administrative system and changes his grades
Summary conviction – tried by a judge alone Indictment conviction – held before a jury
http://www.legislation.gov.uk/ukpga/1990/18/section/3
Criminal Vs Judge
12/14
Scenario 1
A student hacks into a college database to impress his friends unauthorised access
Later he decide to go in again, to alter his grades, but cannot find the correct file – unauthorised access with intent
A week later he succeeds and alters his grades – unauthorised act
Scenario 2
An employee who is about to be made redundant finds the Managing Director’s password; logs into the computer system using this and looks at some confidential files-
unauthorised access
Having received his redundancy notice he goes back in to try and cause some damage but fails to do so –
unauthorised access with intent
After asking a friend, he finds out how to delete files and wipes the main customer database –
unauthorised act
Prosecution are rare and punishments small
◦ Examples
Defendant causes firm to lose £36,000 - Fined £1,650; conditional discharge
Defendant destroys £30,000 worth of data - Fined £3000; 140 hours community service
15/14
Very complex Offences difficult to prove Evidence difficult to collect - firms do not co-operate
with police Firms embarrassed by hacking - particularly banks Employees often simply sacked/demoted Police lack expertise; time; money Offence perceived as ‘soft crime’ no one injured/hurt
This case in 1991 caused great concern and it was suggested that further prosecutions under the act would be unlikely to succeed◦ Defendant (and others) hacked into a variety of
systems and caused damage◦ Defence stated that defendant ‘addicted to
computers’ so could not help hacking◦ Not guilty verdict returned by jury
Hacking has increased both at hobby and professional levels
A few high profile cases Offenders often in other countries with no
equivalent legislation Some ‘international task forces’ set up but
no real progress Current UK estimated costs of cyber crime -
£27 billion per year http://goo.gl/wwffa - Telegraph 18 Feb 2011
ICO Questions
PLT Team Worker Independent Enquirers Creative Thinkers Self Managers
In selected groups of 3/4 you must collaborate and complete this activity
Create 1 resource that combines the answers to the questions set for homework
Think about an appropriate technology you could use to collaborate e.g. Google Docs Linoit