The Consideration of the Effectiveness of the Computer Misuse Act 1990 - Term Paper Example

Consider the Effectiveness of the Computer Misuse Act 1990 Introduction The internet has revolutionised social interaction and methods of exchanging information. This has increased media publicity regarding computer misuse and the focus of this analysis is to consider the definition of the term “computer misuse” within the context of UK law with specific reference to the effectiveness of the Computer Misuse Act 19901. It is submitted at the outset that closely linked to the consideration of computer misuse is the growth of online use. For example, the digital revolution radicalised communication modes, with the inception of chat rooms, email, instant messaging and blogs. In turn, these novel communication modes have reshaped social interaction in the contemporary social framework. Moreover, the use of internet for social communication in conjunction with the Web 2.0 application has facilitated the development of social networking platforms for online interaction; business networking and user generated content sites. In particular, the online social network model has resulted in the phenomenon of leading social networks such as MySpace, Bebo, Facebook and Twitter. Therefore, it is argued in this paper that the social network phenomenon exemplifies the interrelationship between new communication channels and modes of computer use; which legislation has to address in countering potential computer misuse in order to be effective. Additionally, linked to the Internet technology is the low cost, ease of use and anonymity, which has also made the Internet a breeding ground for criminal activity. This has lead to unforeseeable consequences with malicious activity such as hacking and viruses, which have been difficult to police due to jurisdictional difficulties and difficulties with identity tracking of offenders2. Reports have highlighted that cybercrime is now one of the fastest growing criminal activities in the world and covers a huge range of illegal activity such as hacking, downloading pornography, use of chat rooms to engage in illegal activity with underage victims, virus attacks; stalking by e-mail and creating websites that promote xenophobia.3 The use of computer networks with the Internet have made criminal’s jobs easier and policing harder as they provide predators with a new place to target someone for criminal acts and increase the likelihood of avoiding liability, which in turn has fuelled debate as to the efficacy of the Computer Misuse Act 19904. Moreover, the problem and perceived risk to youth online users in particular and the use by youth offenders to perpetuate criminal activities on the other side of the spectrum have become widespread. For example, major Internet Service Providers (“ISPs”) claim that reports of cyber stalking have become at least 15 a month and on the rise5. Additionally, the Council of Europe along with USA, Canada and Japan brought into force the International Treaty on Cybercrime 2001 (“the Convention”) to address computer misuse in light of inefficiencies with the current system6. Additionally, the work of Hinduja and Patchin highlights how the online social network model has facilitated youth perpetuated crime with a rising trend in cyberbullying within the “computer misuse” paradigm7. Therefore, in considering the effectiveness of the Computer Misuse Act 1990, this paper particularly focuses on three different aspects of potential computer misuse; namely identity theft and online harassment (otherwise referred to as “cyberstalking” or “cyberbullying”). 2. Identity Theft A significant initial problem for the Computer Misuse Act addressing computer misuse is the definition of cybercrime. This is further highlighted by Yar who refers to Thomas and Loader’s conceptualisation of cybercrime as “computer mediated activities which are either illegal or considered illicit by certain parties and which can be conducted through global electronic networks”8. With regard to identity theft, numerous press reports demonstrate how top financial institutions have fallen prey to cybercrime. The most common example is when an identity thief uses sensitive personal information to open a credit card account in a customer’s name through phising9. Phising is a high tech scam and uses spam to deceive customers into disclosing credit card numbers, bank account information, passwords and other sensitive information10. In phising cases, offenders rely on the consumer trust in the familiar brand often by using the corporate branding style and logo to manipulate the consumer into a false conception of a pre-existing commercial relationship, which clearly impacts the burgeoning online youth market. Conversely, the technology savvy nature of the youth demographic has further seen a rise in youth perpetuated online crime, which is facilitated by the anonymity offered by the Internet medium11. The main legislative provisions dealing with computer misuse is the Computer Misuse Act 1990 (“the Act”), which was drafted without foresight of the practical implications of Internet growth. In its previous form, the Act covered two types of computer related offences; firstly the unauthorised access to computer material and unauthorised modification of computer material. However, these offences were created before the Internet boom and did not foresee the full impact of online misuse such as hacking, viruses and spamming. This falls into a grey area legally, which have caused jurisdictional issues12. Moreover, the All Party Internet Group report highlighted the fact that the Act does not define data or computer and welcomed the fact that UK courts’ have adopted a wide approach necessary to reach a just result in hacking cases13. A further problem under UK law is that financial and lending institutions are seen as the only victims, because they are the ones defrauded. However, this fails to adequately address the damage inflicted on individual victims and victims often do not have the resources to trace the sender and or remedy the damage to their credit rating and reputation. In the UK, any such compensation must be done through the civil courts, which is difficult in light of the cost of litigation and the difficulty in tracing and identifying the offender. An attempt to address these problems in the Act was implemented in controversial amendments, which came into force in October 2008. Firstly, the penalties for the Section 1 unauthorised computer access offences are increased from 6 months to 2 years, with extradition eligibility from other jurisdictions. The incitement offences have been removed and inserted into the inchoate offences section of the Serious Crime Act 200714. There is also an attempt at defining denial of service attacks, with worldwide scope and penalties of up to 10 years in prison. Moreover, the term “misuse” has been extended to criminalize computer security research and defence software tools, making it illegal to download, write, amend or modify anything which could be used to commit a computer hacking or denial of service attack. However, this provision has been attacked on grounds that there is no requirement for proof of malicious intent and therefore it could result in criminal liability for exclusive private use on a home computer system15. It is further posited that these measures will be ineffective to deter criminal users and impose liability on law abiding computer researchers16. 3. Cyberstalking & Cyberbullying The shortcomings of the Act are further compounded by the fact that there is no actual universal definition of cyberstalking or cyberbullying, which has become a worryingly increasing phenomenon online however in general terms it involves the use of the Internet, e-mail or other electronic communications devices to stalk another person17. These inherent legislative limitations are further exemplified by the fact that online harassment can take many forms, however cyberstalking is common to offline harassment in that stalkers are motivated often by a desire to control their victims18. Moreover, Hinduja & Patchin’s work demonstrates an escalating trend in cyberstalking and cyberbullying among older adolescents19. Furthermore, despite the similar behavioural tendencies, the Internet provides new avenues for stalkers and cyberbullies. The technology is more sophisticated and enables perpetrators to hide their identity and use programs to send messages at regular or random intervals without even being present at the computer terminal. This again sits uneasily with the definition of “misuse” under the Act20. Moreover, the National Crime Prevention Council reports that cyber bullying is increasingly impacting American teens and Hinduja and Patchin’s report highlighted the wider ramifications of children suffering from online bullying such as truancy and increased propensity towards substance abuse21. Additionally, online stalkers can engage third parties by using Internet chat rooms and message boards under an anonymous name. This makes if difficult for law enforcement officers to identify, locate or arrest the offender. The anonymity of the Internet provides opportunities for would be cyber stalkers and they can conceal their identity by using different ISPs and/or adopting different screen names22. In the UK there are various legislative provisions dealing with cyberstalking. Firstly, Section 1 of the Malicious Communications Act 1998 (“MCA”) renders it an offence to send an indecent, offensive or threatening letter, electronic communication or other article to another person. However, the penalty makes it questionable whether this acts as any effective deterrent against cybercrime. Online harassment can take many forms, however cyberstalking is common to offline harassment in that stalkers are motivated often by a desire to control their victims and engage in similar behavioural traits to achieve their desire for power and control23. Additionally, the fact that the Internet is non-confrontational enables stalkers who cannot face their victims much braver to harass and send harassing or threatening electronic communication to a victim24. Furthermore, despite the similar behavioural tendencies, the Internet provides new avenues for stalkers. The technology is more sophisticated and enables stalkers to hide their identity and use programs to send messages at regular or random intervals without even being present at the computer terminal. This again sits uneasily with the definition of “misuse” under the Act. Additionally, online stalkers can engage third parties by using Internet chat rooms and message boards under an anonymous name. This makes if difficult for law enforcement officers to identify, locate or arrest the offender. Moreover, the anonymity of the Internet provides opportunities for would be cyber stalkers and they can conceal their identity by using different ISPs and/or adopting different screen names. In the UK there are various legislative provisions dealing with cyberstalking. Firstly, Section 1 of the Malicious Communications Act 1998 (“MCA”)25 renders it an offence to send an indecent, offensive or threatening letter, electronic communication or other article to another person. However, the penalty makes it questionable whether this acts as any effective deterrent against cybercrime. In most cases of cyberstalking, there will be more than one offensive or threatening letter or telephone call and the police will opt to charge under the Harassment Act 1997, where the court can make a restraining order preventing them from contacting the victim again and breach of this order is punishable with up to five years imprisonment. However, these provisions do not address the technological changes and Internet usage discussed above, which makes detection and tracing very difficult26. Furthermore, there is confusion as to the legal position where the sender is outside the jurisdiction. This raises the legal issue as to whether the Internet is outside the legal control of local authorities. In the UK, this is not always the case however the legal position is not means clear. Where the message is sent from outside England, police usually inform foreign counterparts and if the offender has broken law in own jurisdiction then they will be dealt with in the local jurisdiction. If in UK and harassing abroad then police in UK have to prosecute even if the victim is outside the jurisdiction. This is easier said than done and with cyberstalking cases, ISPs are required to provide copies of the original messages to trace the sender and the problems of ISP compliance and tracing have been highlighted above. 4. Conclusion The above analysis highlights the inherent complexity of computer misuse, which is compounded by the deficiencies of the 1990 Act. Moreover, the above analysis highlights that the legislative weakness is further compounded by the range of issues covered by the title “online social networks”; which is intrinsically wide and complex. In line with McLuhan’s early extrapolations27, the digital era is clearly converging towards the global village paradigm. This in turn perpetuates the classic generation gap as the social trends and nature of communications change dynamic through global access mediums such as Facebook, Bebo and MySpace. Directly linked to this is the changing nature of online use and scope for misuse Furthermore, the development and rapid uptake of new white label social networking mediums such as Ning and KickApps suggest a shift for future innovation in social networking with a increased move towards the create your own network model. On the one hand, the potential opportunities for internet entrepreneurs are clearly multifarious as the sheer number of networks within the Ning model highlights the continued diversification of niche subject areas ripe for exploitation by future social network models. This further demonstrates the increasing power of individuals in shaping innovation in online social networks. For example, whilst the literature suggests that traditional circle of friends’ social network models such as Facebook and MySpace remain the big players in social networking, their growth is slightly waning; with both networks continuously developing and adding applications to address niche interests of users as targeted by the alternative create your own white label social network models. However, on the other side of the spectrum, appurtenant to the social networking phenomenon is the change on social behaviour and the potential risk factors posed to users through computer misuse. For example, the borderless nature of the internet and the shield of anonymity come at a price. In addition to the risk of the crumbling family nucleus by virtue of increased attachment to modern technology and decreasing face to face communication, the rise of online crime by the medium on youth creates concern both with youth as victims and perpetrators. The above analysis highlights the rapid growth of online crime and how the Internet facilitates criminal activity and panders to the behavioural traits which motivate this particular type of crime. Moreover, the worrying trend in online bullying in particular clearly requires a further consideration of the impact of modern technology on societal behavioural trends on the youth going forward. This is further evidenced by the fact that existing UK legislative provisions are currently inadequate to deal with the practicalities of the Internet and one of the main complications for law enforcement is the presence of services providing anonymity and security on the Internet. Often information required by ISPs is not authenticated and the lack of an identity database or ID cards makes the UK a prime target for these attacks. Moreover, it is difficult to see how far the latest provisions to the Computer Misuse Act 1990 have gone to address the widening categories of behaviour covered within misuse as the efficacy of any legal measure is inherently dependent on enforceability; which remains problematic in the internet era and presses the need to consider an co-operative agenda for reform to address the realities of computer misuse going forward. BIBLIOGRAPHY Emily Finch, (2001) The Criminalisation of Stalking. Cavendish Publishing Hinduja, S., & Patchin, J. W. (2009). Bullying Beyond the Schoolyard: Preventing and Responding to Cyberbullies. Sage Publications: Corwin Press Lloyd, I. (2004). Information Technology Law. Oxford University Press. Thomas, D., & Loader, B. (2000). Cybercrime: Law Enforcement, Security and Surveillance in the Information Age. Routledge. Yar, M. (2006). Cybercrime and Society. Sage Reports/Convention CSI/FBI Computer Crime and Security Survey 2008 at www.gocsi.com International Treaty on Cybercrime 2001 available at www.conventions.coe.int/Treaty/EN/Treaties Legislation Computer Misuse Act 1990 Protection from Harassment Act 1997 Malicious Communications Act 1998 Regulation of Investigatory Powers Act 2000 Serious Crime Act 2007 All Legislation Available at www.opsi.gov.uk Read More