What Is Meant and Understood by the Term Computer Misuse - Article Example

The focus of this analysis is to consider the definition of the term “computer misuse” within the context of UK criminal law. It is submitted at the outset that closely linked to the consideration of computer misuse is the growth of online use. The proliferation of the Internet has led to increasing business opportunities with the growth of e-commerce (2004). However, linked to the Internet technology is the low cost, ease of use and anonymity, which has also made the Internet a breeding ground for criminal activity, leading to unforeseeable consequences with malicious activity such as hacking and viruses, which have been difficult to police due to jurisdictional difficulties and difficulties with identity tracking of offenders (Finch, 2001). This analysis particularly focuses three different aspects of potential computer misuse; namely identity theft, online harassment (otherwise referred to as “cyberstalking) and denial of service attacks (DDOS). Numerous press reports demonstrate how top financial institutions have fallen prey to cybercrime (Lloyd, 2004). The most common example is when an identity thief uses sensitive personal information to open a credit card account in a customer’s name through phishing (Thomas & Loader, 2000). Phishing is a high tech scam and uses spam to deceive customers into disclosing credit card numbers, bank account information, passwords and other sensitive information, with banks such as Abbey National and Natwest having fallen prey to phishing attack (Thomas & Loader, 2000). In phishing cases, offenders rely on the consumer trust in the familiar brand often by using the corporate branding style and logo to manipulate the consumer into a false conception of a pre-existing commercial relationship. This not only infringes the Electronic Commerce Regulations 2002 and The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“the Regulations”), which prohibit unsolicited marketing communications; the use of brand name, style and logo also infringes the business’ intellectual property rights, which devalues the goodwill in the business incurring significant financial losses. The main legislative provisions dealing with computer misuse is the Computer Misuse Act 1990 (“the Act”), which was drafted without foresight of the practical implications of Internet growth. In its previous form, the Act covered two types of computer related offences; firstly the unauthorised access to computer material and unauthorised modification of computer material. However, these offences were created before the Internet boom and did not foresee the full impact of online misuse such as hacking, viruses and spamming. This falls into a grey area legally which has caused jurisdictional issues (Wall, 1999; Lloyd, 2004). Moreover, the All Party Internet Group report highlighted the fact that the Act does not define data or computer and welcomed the fact that UK courts’ have adopted a wide approach necessary to reach a just result in hacking cases (www.apig.org.uk). A further problem under UK law is that financial and lending institutions are seen as the only victims, because they are the ones defrauded. However, this fails to adequately address the damage inflicted on individual victims and victims often do not have the resources to trace the sender and or remedy the damage to their credit rating and reputation (www.cifas.org.uk). In the UK, any such compensation must be done through the civil courts, which is difficult in light of the cost of litigation and the difficulty in tracing and identifying the offender. An attempt to address the problems in the Act has been implemented in controversial amendments to the UK Act, which came into force in October 2008. Firstly, the penalties for the Section 1 unauthorised computer access offences are increased from 6 months to 2 years, with extradition eligibility from other jurisdictions. The incitement offences have been removed and inserted into the inchoate offences section of the Serious Crime Act 2007. There is also an attempt at defining denial of service attacks, with worldwide scope and penalties of up to 10 years in prison. Moreover, the term “misuse” has been extended to criminalize computer security research and defence software tools, making it illegal to download, write, amend or modify anything which could be used to commit a computer hacking or denial of service attack. However, this provision has been attacked on grounds that there is no requirement for proof of malicious intent and therefore it could result in criminal liability for exclusive private use on a home computer system (open rights group forum at www.openrightsgroup.org). It is further posited that these measures will be ineffective to deter criminal users and impose liability on law abiding computer researchers (www.openrightsgroup.org). There is no actual universal definition of cyberstalking, however in general terms it involves the use of the Internet, e-mail or other electronic communications devices to stalk another person (Addison & Lawson, 1998). Online harassment can take many forms, however cyberstalking is common to offline harassment in that stalkers are motivated often by a desire to control their victims (Addison & Lawson, 1998). Furthermore, despite the similar behavioural tendencies, the Internet provides new avenues for stalkers. The technology is more sophisticated and enables stalkers to hide their identity and use programs to send messages at regular or random intervals without even being present at the computer terminal. This again sits uneasily with the definition of “misuse” under the Act (Addison & Lawson, 1998). Additionally, online stalkers can engage third parties by using Internet chat rooms and message boards under an anonymous name. This makes if difficult for law enforcement officers to identify, locate or arrest the offender. The anonymity of the Internet provides opportunities for would be cyber stalkers and they can conceal their identity by using different ISPs and/or adopting different screen names (Smith, 2001; Lloyd, 2004). In the UK there are various legislative provisions dealing with cyberstalking. Firstly, Section 1 of the Malicious Communications Act 1998 (“MCA”) renders it an offence to send an indecent, offensive or threatening letter, electronic communication or other article to another person. However, the penalty makes it questionable whether this acts as any effective deterrent against cybercrime. In most cases of cyberstalking, there will be more than one offensive or threatening letter or telephone call and the police will opt to charge under the Harassment Act 1997, where the court can make a restraining order preventing them from contacting the victim again and breach of this order is punishable with up to five years imprisonment. However, these provisions do not address the technological changes and Internet usage discussed above, which makes detection and tracing very difficult, further compounded by the gaps in the Computer Misuse Act. Furthermore, there is confusion as to the legal position where the sender is outside the jurisdiction. This raises the legal issue as to whether the Internet is outside the legal control of local authorities. Where the message is sent from outside England, police usually inform foreign counterparts and if the offender has broken law in own jurisdiction then they will be dealt with in the local jurisdiction. If in UK and harassing abroad then police in UK have to prosecute even if the victim is outside the jurisdiction (Lloyd, 2004). This is easier said than done and with cyberstalking cases, ISPs are required to provide copies of the original messages to trace the sender with problems of ISP compliance. The above analysis demonstrates the rapid growth of online crime and how the Internet facilitates criminal activity and panders to the behavioural traits which motivate this particular type of crime. The existing UK legislative provisions are currently inadequate to deal with the practicalities of the Internet and one of the main complications for law enforcement is the presence of services providing anonymity and security on the Internet. Moreover, it is difficult to see how far the provisions to the Computer Misuse Act will go to address the widening categories of behaviour covered within misuse as the efficacy of any legal measure is inherently dependent on enforceability, which remains problematic in the internet era. Part 2 Commentary In undertaking this piece of work I utilised a combination of statute, articles, books and online sources. A primary source for me was Ian Lloyd’s Information Technology Law. Not only is Lloyd’s book a legal sourcebook, Lloyd’s approach is multi-layered and he approaches legal issues in a practical context with numerous examples. This helped me consider the concept of misuse laterally and consider the wider issues covered by the term “computer misuse” in criminal law. Secondly, I found the International Treaty on Cybercrime 2001 and the Protocol of March 2006 vital in highlighting the international jurisdictional. Problems created by policing computer misuse. It further enabled me to plan and structure my assignment in considering the focus points of discussion. The Convention again highlights the various categories of information covered by computer misuse and linked in with the issues raised in the CSI/FBI Computer Crime and Security Survey 2008. The CSI/FBI report was important to my research in considering the practical perspective impacting law enforcement agencies. From reading the report, I got to consider the issue of computer misuse outside of the parameters of legal principles and learned that cybercrime is now one of the fastest growing criminal activities in the world and covers a huge range of illegal activity such as hacking, downloading pornography, use of chat rooms to engage in illegal activity with underage victims, virus and denial of service attacks; stalking by e-mail and creating websites that promote xenophobia (CSI/FBI Computer Crime and Security Survey, 2008 at www.gocsi.com). Finally, the All Party Internet Group report was extremely useful in adding another dynamic to the assignment content by considering the industry perspective on the Computer Misuse Act and legislative provisions. This aided me in preparing for the assignment by considering the Computer Misuse Act provisions from a practical perspective. BIBLIOGRAPHY Addison, N., & Lawson, T (1998). “Harassment Law & Practice”, Blackstone Press Limited Akdeniz, Y. (1997). Governance of Pornography and Child Pornography on the Global Internet: A Multilayered Approach,” in Law and the Internet: Regulating Cyberspace, edited by Lillian Edwards and Charlotte Waelde, Oxford: Hart Publishing. Chandler, A. (1996). The Changing definition and image of hackers in popular discourse. International Journal of the Sociology of Law, 24, (1996): 229-251. Ellison, L., & Akdeniz, Y (1998). Cyberstalking: the Regulation of Harassment on the Internet, Criminal Law Review special issue, Crime, Criminal Justice and the Internet. 29-47 . Grabosky, P. N., & Smith, R. G. (1998). Crime in the Digital Age: Controlling Telecommunication and Cyberspace illegalities, New South Wales: Federation Press. International Review of Law, Computers and Technology. Lloyd, I. (2004). Information Technology Law. Oxford University Press. Mann, D., & Sutton, M (1998). Netcrime, more change in the organisation of thieving,” British Journal of Criminology, 38: 210-229. Smith (2001). Internet Law and Regulation. 3rd Edition Sweet & Maxwell Sterling, B. (1994). The Hacker Crackdown: Law and disorder on the electronic frontier. London Penguin Books. Thomas, D., & Loader, B. (2000). Cybercrime: Law Enforcement, Security and Surveillance in the Information Age. Routledge. Wall, D. S. (1999). Cybercrimes: New wine, no bottles? in Invisible Crimes: Their Victims and their Regulations, edited by Pam Davis, Peter Francis and Victor Jupp, London: Macmillan. Wall, D. S. (1998). Catching Cybercriminals: Policing the Internet. International Review of law Computers and Technology, 12 (1998a): 201. Reports/Convention CSI/FBI Computer Crime and Security Survey 2008 at www.gocsi.com “ID Theft: When Bad Things Happen to Your Good Name,” Federal Trade Commission Facts for Consumers, November 2003 at www.ftc.os “ID Theft: What’s It All About?” FTC, October 2003 at www.ftc.os International Treaty on Cybercrime 2001 available at www.conventions.coe.int/Treaty/EN/Treaties Legislation Computer Misuse Act 1990 Protection from Harassment Act 1997 Malicious Communications Act 1998 Regulation of Investigatory Powers Act 2000 Electronic Commerce Regulations 2002 The Privacy and Electronic Communications (EC Directive) Regulations 2003 Serious Crime Act 2007 US Identity Theft and Assumption Deterrence Act 1998 at www.ftc.gov.os Websites www.harrassment-law.co.uk www.bbc.co.uk www.legalday.co.uk www.apig.org.uk www.cifas.org.uk www.ftc.os www.openrightsgroup.org Read More