StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

What is the Computer Misuse Act - Assignment Example

Cite this document
Summary
This paper "What is the Computer Misuse Act" discusses the main legislative provisions dealing with computer misuse is the Computer Misuse Act 1990, which was drafted without the foresight of the practical implications of Internet growth. The Act covered two types of computer-related offenses…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.8% of users find it useful
What is the Computer Misuse Act
Read Text Preview

Extract of sample "What is the Computer Misuse Act"

TASK ONE: In advising MacroBox regarding their legal position regarding the DNS attacks and attempted intrusions it is necessary to consider the provisions of the Computer Misuse Act 1990 and the Police and Justice Act 2006. The main legislative provisions dealing with computer misuse is the Computer Misuse Act 1990 (“the Act”), which was drafted without foresight of the practical implications of Internet growth. In its previous form, the Act covered two types of computer related offences; firstly the unauthorised access to computer material and unauthorised modification of computer material. However, the increasing difficulty of prosecuting under the Act and its failures to address the continuous developments in technology led to criticisms of its ability to address the increasing reality of cyber criminal activity (Lloyd, 2004). An attempt to address these problems in the Act was implemented in controversial amendments, which came into force in October 2008 through the Police and Criminal Justice Act 2006 . With regard to the unauthorised access and attempted intrusions this could constitute an offence under the Act of the conduct satisfies the requirements as follows: 1) Unauthorised access to computer material (Section 1 of the Act); 2) Access to computer material without authorisation with intent to commit or assist the commission of offences (Section 2 of the Act); and 3) Modification of computer data without authorisation (Section 3 of the Act). With regard to the current factual scenario, it is evident that there have been attempts to hack the Macrobox system without success so far. Accordingly, whilst there has clearly been an intention to commit the office, there does not appear to have been actual access to the computer system or computer material. However, the Police and Criminal Justice Act 2006 significantly widened the definition of misuse and Section 36(2) of the 2006 Act widens the ambit of Section 3 of the Act by providing that “unauthorised acts” within the Section 3 definition include intention to do the following: “a) Impair the operation of any computer; b) To prevent or hinder access to any program or data held in a computer; or c) To impair the operation of any such program or the reliability of any such data; or d) To enable any of the things mentioned in paragraphs (a) to (c) above to be done” (Section 36(2) Police and Criminal Justice Act 2006). Accordingly, if we apply this to the current scenario, whilst the access to Macrobox’s computer and servers were not successful, the attempt to hack will constitute a criminal offence under Section 3 of the Act. With regard to potential penalties, the Police and Criminal Justice Act 2006 provides for criminal liability on the following basis to be included in the Act for the Section 3 offence: 1. On summary conviction a prison sentence of up to 12 months and a fine not exceeding the statutory minimum; or 2. On conviction on indictment, imprisonment for a term not exceeding ten years or a fine or both (Section 36(6) of the Police and Criminal Justice Act 2006). Additionally, as the forum users have been trying to encourage others to hack Macrobox, this also potentially falls within incitement offences, which have now been removed from the Act and inserted into the inchoate offences section of the Serious Crime Act 2007. Furthermore, it is important to highlight that the encouragement on online forums to hack Macrobox’s computer systems could also constitute a potential offence under the Terrorism Act 2000. Section 2(e) of the Terrorism Act provides that an act of terrorism includes any act which is “designed seriously to interfere with or seriously disrupt an electronic system” if the act is undertaken with the objective of furthering a political, religious or ideological cause. In the current scenario, it is evident that the attempts to hack and interfere with Macrobox’s computer systems and servers were as a result of the disclosure on public forums that Macrobox is a major software supplier for Staffordshire Pets, who are involved with animal testing. With regard to the denial of server attacks, under the Act, the term “misuse” has been extended to criminalize computer security research and defence software tools, making it illegal to download, write, amend or modify anything which could be used to commit a computer hacking or denial of service attack. However, as highlighted above, Section 36 of the Police and Justice Act 2006 specifically extends the Act’s provisions regarding unauthorised modification of computer material and as a result provides that denial of server attacks constitute a criminal offence. Furthermore, the 2006 Act highlights that it is not necessary to demonstrate that the criminal intention was directed to a specific program or computer. Accordingly, the denial of server attack will constitute a criminal offence and be subject to the same penalties as provided for in Section 36(6) of the Police and Criminal Justice Act 2006. Accordingly, if we apply this to the current scenario it is evident that the denial of server attacks will constitute a criminal offence under the Act and the Police and Criminal Justice Act 2006. In summary, the attempts to hack into the Macrobox computer system and servers will constitute a criminal offence under Section 3 of the Act. Furthermore, as the criminal conduct has been incited on forums in support of being against animal testing, it is also possible that the hacking attempts will constitute an act of terrorism under the Terrorism Act 2000. Similarly, the denial of server attacks will also constitute a criminal offence under the Act and potentially fall within the Terrorism Act provisions. TASK 2: DATA PROTECTION ISSUES The factual scenario indicates that potential liability of Macrobox for being in breach of Data Protection legislation for failure to protect against disclosure of its staff’s personal information along with client information. Firstly, the disclosure of this information raises issues of breach of confidence (Bainbridge, 2007). However, Bainbridge comments that the law of breach of confidence has developed on an ad hoc basis and remains narrow in application (2007). For example, the traditional premise for the law of confidence has assumed a relationship of confidentiality, which fails to cover instances of disclosure of information outside of such a relationship where disclosure may nevertheless be detrimental (Bainbridge, 2007). In the current scenario, the contractual relationship with customers and clients would imply a duty of confidence regarding information in order to bring a claim for breach of confidence (Bainbridge, 2007). Similarly, the employee relationship implies a mutual duty of trust and confidence and therefore the disclosure of personal employee information would also appear to point to a breach of confidence. Furthermore, the duty of confidence arises in equity on grounds of the equitable maxim “he who has received information in confidence should not take unfair advantage of it” (Bainbridge, 2007). Alternatively, the strongest basis for legal recourse against Macrobox for disclosure and the passing on of the employee and client information is the Data Protection Act 1998, which imposes obligations on all businesses handling customer information (Marcella & Stuck, 2007). In particular, the Data Protection Act 1998 requires protection of personal information and provides that anybody processing personal information (which includes customer information) must ensure the following: 1) Fair and lawful processing of data; 2) That processing of personal information is undertaken for limited purposes; 3) The processing is not excessive; 4) The information is kept up to date 5) The information is not kept for longer than necessary 6) The information is processed in line with the data subject’s rights 7) The information is secure 8) The information is not transferred abroad without reciprocal protection (Data Protection Act 1998). Additionally, as information was taken from employees and customers, it was not only Macrobox’s duty to register under the Data Protection Act 1998; but all staff, customers and indeed any “data subjects” have the legal right under the Data Protection Act 1998 to know what information is being held and whether or not the information has been passed to third parties (Carey, 2009). Therefore, if the information has been passed on, not kept secure and therefore unlawfully passed on to third parties as a result; then this could be in breach of the Data Protection Act 1998 for unlawful processing of personal information. In the current scenario, Macrobox would appear to have been in breach of the express obligation to ensure the information is held securely and therefore they are exposed to potential liability to its staff and any other data subjects for unlawful processing of data due to it being passed on to third parties beyond the limited purpose exception (Carey, 2009). As a result, any data subject whom Macrobox held information on could initiate proceedings under the Data Protection Act 1998 for compensation if they could establish “damage or distress”. Whilst this is very extreme and the customer bears the burden of proof, the factual circumstances of the current scenario clearly indicate a risk of a claim under the Data Protection Act 1998 (Carey, 2009). In summary, it is evident that as a data processor Macrobox had an express duty to register the information held and to ensure it was securely stored to prevent against unlawful processing. The fact that the information was not securely held and has now been passed on to third parties clearly constitutes a breach of the Data Protection Act 1998 in addition to potential claims for breach of confidence. As such, Macrobox is exposed to liability to data subjects for compensation for breaches of the Data Protection Act 1998. Additionally, the circumstances suggest that the failure to protect the data could constitute negligence and as such, the Information Commissioner could also impose a fine on Macrobox of up to a maximum of £500,000 for the personal data security breaches (ICO, 2010). In order for the data breaches by Macrobox to attract a fine, the Information Commissioner would have to establish that the breach was serious, likely to cause distress and that Macrobox was negligent or failed to take reasonable steps to protect the information. As highlighted above, the nature of the data disclosed to the public is clearly sensitive and has potential to cause distress and damage. As such, the data breach by Macrobox will most likely satisfy the serious requirement. Additionally, the failures to ensure adequate protections were in place would also point to negligence and failure to take reasonable steps. On this basis, in addition to potential compensation claims by data subjects, Macrobox will most likely be subject to a fine by the Information Commissioner, the amount of which will be subject to the Commissioner’s discretion. Bibliography Bainbridge, D. (2007) Intellectual Property. London: Pearson Longman. Lloyd, I. (2004). Information Technology Law. Oxford: Oxford University Press. Marcella, A. Stuck C. (2007). Privacy Handbook: guidelines, exposures, policy implementation and international issues. London: Wiley Press Legislation Computer Misuse Act 1990 Data Protection Act 1998 Terrorism Act 2000 Serious Crime Act 2007 Police and Criminal Justice Act 2006 All Legislation Available at www.opsi.gov.uk accessed March 2011. Websites Information Commissioner at www.ico.gov.uk accessed March 2011. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(What is the Computer Misuse Act Assignment Example | Topics and Well Written Essays - 1750 words - 1, n.d.)
What is the Computer Misuse Act Assignment Example | Topics and Well Written Essays - 1750 words - 1. Retrieved from https://studentshare.org/law/1750336-computers-and-the-law
(What Is the Computer Misuse Act Assignment Example | Topics and Well Written Essays - 1750 Words - 1)
What Is the Computer Misuse Act Assignment Example | Topics and Well Written Essays - 1750 Words - 1. https://studentshare.org/law/1750336-computers-and-the-law.
“What Is the Computer Misuse Act Assignment Example | Topics and Well Written Essays - 1750 Words - 1”. https://studentshare.org/law/1750336-computers-and-the-law.
  • Cited: 0 times

CHECK THESE SAMPLES OF What is the Computer Misuse Act

The Employees Performance of Their Duties in Macrobox

Under the foregoing circumstances, the blogger by providing online guidance to direct the computer attack or server intrusion and all those persons who may have conspired and confederated with the blogger may be held liable under the computer misuse act 1990 (CMA) as amended by the Police and Justice Act 2006 (JPA) and Serious Crime Act 2007 (SCA) where the following acts were defined as unlawful or criminal acts—unauthorized access to computer material; unauthorized access with intent to commit a further offence; and unauthorized modification of computer material....
8 Pages (2000 words) Essay

Professional Ethics

the computer misuse act of 1990 makes it clear that a person would be charged with a criminal offence if he gains unauthorized access to data knowing that such access is unlawful.... If a person uses a tool to gain access, the person is committing a serious offence, which is covered by the modified computer misuse act of Britain.... Royal Canadian Police tracked down Ringland, 36, a resident of UK, when a young girl reported him for serious computer misuse....
5 Pages (1250 words) Essay

Identity Theft: Problems and Solutions

One of the biggest misuses is the fraudulent act of Identity Theft.... act as the only information that identify an individual.... hellip; With the increase of technological benefits, there has also been a lot of misuse of the technology.... The loss and misuse of personal identification information is called Identity theft.... The misuse of identity of an individual can lead the individual to suffer from bad credits, incorrect criminal acquisitions (Consumer Report, 2008)....
4 Pages (1000 words) Essay

E-Movements

One must look for devices that lock the computer cases to desks and lock the disk drives and the CPU as well.... Exceeding authorized access in the workplace: prosecuting disloyal conduct under the computer Fraud and Abuse Act.... One of the biggest ethical issues in… To counter such unauthorized access, many laws have been passed, like Computer Fraud and Abuse act (CFAA), which was designed in 1984, and deals with penalties for the intruders who E-Movements Question Information security is generally defined as the protection of information from a wide variety of threats, such as, gettingaccessed by unauthorized persons, disclosed, sold or destroyed, without the consent of the owner of the information....
1 Pages (250 words) Research Paper

Quantum Computer and the Qubit

Quantum computers act as a computation device that utilizes the phenomena of on quantum Mechanical such as superposition and entanglement to perform an operation on data.... Qubit represent atoms, ions and photons, Quantum Computer and the Qubit Quantum computers act as a computation device that utilizes the phenomena of on quantum Mechanical such as superposition and entanglement to perform an operation on data.... From a traditional computer information storage is in binary form of 1 and 0....
2 Pages (500 words) Essay

Companies Monitoring Employees Computer Usage

This can act as the basis for firing employees found to have a habit of misusing company time surfing the internet.... A good example includes legal liabilities that may arise due to misuse of technology (Anandarajan and Simmers 144).... To prevent Companies Monitoring Employees computer Usage According to Anandarajan and Simmers, "Most large organizations that are providing internet access to their employees are also providing some means to monitor and control that usage" (142)....
1 Pages (250 words) Essay

Government Police and Justice Act 2006

"Government Police and Justice Act 2006" paper outlines the offenses which it could be argued have been committed under the computer misuse act 1990 and the Police Justice Act 2006 and applies the law relating to the offenses you have already outlined to the incidents involving Michael.... nbsp; In order to determine the offenses that have been committed in the above scenario, it is necessary to examine the computer misuse act 1990 and the Police and Justice Act 2006....
9 Pages (2250 words) Assignment

Legal Advice for Macrobox Computing

nder the foregoing circumstances, the blogger by providing online guidance to direct the computer attack or server intrusion and all those persons who may have conspired and confederated with the blogger may be held liable under the computer misuse act 1990 (CMA) as amended by the Police and Justice Act 2006 (JPA) and Serious Crime Act 2007 (SCA) where the following acts were defined as unlawful or criminal acts—unauthorized access to computer material; unauthorized access with intent to commit a further offense; and unauthorized modification of computer material....
8 Pages (2000 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us