Computer Crime and Legal Regulation within England and Wales and Future Reforms - Essay Example

Student Name: Subject: Topic: Computer Misuse Tutor: Department: Institution: Date Due: RUNNING HEAD: Computer Crime and Legal Regulation within England and Wales and Future Reforms Introduction According to a Council of Europe Committee of Ministers report on Computer Related Crime1, computer-related crime is a genuine and, at least in respect of certain crimes, an expanding phenomenon. The impact of computer misuse has been well documented in the latest report carried out by the London Business School2. This report puts British annual losses from computer fraud at over $ 407 million. The survey supports the findings of other UK surveys like the Audit Commission3, which demonstrated an increase in both the number of incidents and losses and illustrated that opportunities for misuse continue to increase in line with technological advancements (Williams, 1994). With the drastic developments in computer technology in the past few years, there has been increasing concern and focus in many countries, on the need to develop and modernize the legal systems in order to take full benefits of technological developments sustainably and ensure that states can respond to computer crimes and related criminal law issues associated to these developments. Amongst the fundamental issues of concern is the development of evidentiary and commercial laws suitable for e-commerce, the creation of new substantive computer crime offences, as well as procedural provisions which permit effective investigations and prosecutions in respect of computer data. Commonwealth Law Ministers also considered the issue of computer and computer related crime and the need for states to have sufficient laws to combat computer related abuse and to enable effective investigation and prosecution of computer and computer related crime or other crimes where computer evidence is required. Many government and private institutions are affected by computer crime in different ways as other businesses, organizations, and individuals. The institutions are mainly concerned with scything or hacking, scam and stealing, misuse of copyright, obscene materials (including child pornography) and nuisance coming from computer related activities. Most of these offenses are prosecuted using the existing criminal justice systems just as they could in situations when the offence is committed where computer is not used in the process. Moreover, some are specifically selected crimes under the Computer Misuse Act 1990. Computer crimes are usually of the following categories: Content related crime, for example, child pornography Conventional crimes committed by means of a computer, for example, harassment, fraud and theft Attacks on computers and computer systems, for example, hacking. Illegal material is usually any content that may lead to civil disputes such as libel and copyright rules violation, while unauthorized content is usually material that is unlawful to acquire, such as child pornography. Computer Crimes and Legal Regulation in England and Wales The Computer Misuse Act 1990 (CMA)4 which has been amended and incorporated in the Police and Justice Act (2006)5 was set mainly to deal with computer hacking. It covers three (3) main categories of crimes which involve unauthorized acts relating to computers: Section 1 contains the basic ‘hacking’ crime of gaining illegal access to any computer program or data held in a computer. Section 2 makes it a crime to commit a section 1 crimes with a view to obligate, or aid the commission of a more crime, and section 3 contains the crime of carrying out any unlawful act related to a computer with an aim: to damage the operation of any computer; or to thwart or block access to any program or information stored in any computer; or to mess up with the functioning of any such program or the consistency of such information; to enable any of the things to be done knowing that any modification intended to be caused is unlawful. These types of crimes have a maximum verdict which varies from six months imprisonment and/or a $ 500 fine to ten years imprisonment and/or an unlimited fine (John X. Kelly, 2007). England and Wales have legislations that cover in entirety the CoE Convention Articles 2 to 11, except Article 6. These nations have requirements on criminalizing offences recognized under Articles 2 to 11, while not all of these crimes are criminalized under the one legislation, rather under different legislations (Pokar, 2004). With regard to criminal sanctions, all the countries provide provisions for punishment of committing the CoE Convention related offences but there are some variations in the penalties for committing computer-related offences. For instance in Wales, offences are more likely to be punished with only an imprisonment term. In contrast the USA legislation has provision for longer and tougher penalties (Pokar, 2004). The convention on cybercrime entered into force on 1st July, 2003, and its status as of January 22, 2009, was that it had been signed by 46 states and ratified by 23, including the United States of America (as a nonmember state of the CoE), where it entered into force on March 1, 2007 (UK Law Commission, 2009)6. It has been signed but not yet ratified by Ireland and the United Kingdom (UK Law Commission, 2009)7. Thus, it does not have legal effect in those jurisdictions. It is concerned by the risk of misuse or abuse of computer systems to disseminate racist and xenophobic propaganda. The Cybercrime Convention distinguishes between three categories of crime, which are roughly similar to those of the classic typology of Parker (1973): computer-integrity crimes (where the computer is the object of the offence), computer-assisted crimes (where the computer is an instrument), and content related crimes (where the computer network constitutes the environment of the crime). The computer-integrity crimes concerns “hard-core” cybercrime, criminalizing offenses against the confidentiality, integrity, or availability of computer data or computer systems. The Council of Europe Convention on Cybercrime introduces the following five offenses against the confidentiality, integrity, and availability of computer data and computer systems (Clough, 2010); 1. Illegal access, that is, intentional access to the whole or any part of a computer system without right (Article 2) 2. Illegal interception, being the deliberate interception without right made by technological means of nonpublic transmissions of computer data to, from, or within a computer system (Article 3) 3. Data obstruction, that is, the intentional destruction, erasure, deterioration, modification or suppression of computer data without right (article 4) 4. System interference, being intentionally seriously hindering without right the performance of a computer system by putting, sending, damaging, erasing, deteriorating, altering or suppressing computer data (Article 5) and 5. Misuse of devices, that is; the production, trade, procurement for use, import, circulation or otherwise making available of a device or password or access code with the aim that it be used for the purpose of committing any of the offenses established in articles 2-5 (Article 6). The European Framework Decision directs that such offenses are liable to be punished by successful, comparative, and dissuasive criminal penalties (Article 6 (1)), and that offenses referred to in articles 3 and 4 have a maximum penalty of at least between 1 and 3 years’ imprisonment, to be increased to a maximum of at least between 2 and 5 years’ imprisonment when committed with the framework of a criminal organization (Casey, 2011). The computer-assisted crimes (Sieber, 2000) are latest forms of offence that cannot be committed in the absence of computers or computer networks, and where the computer usually is the target of the offence, are formulated in a way that precludes their application to digital world. The content-related crimes are comparable to the computer-aided crimes in that they relate to traditional offenses and that computers are tools rather than targets, but they differ from them in that it is the content of data rather than the result of an action that is the core of the offence (Casey, 2011). The concept of whether the offence of unauthorized access might be extended to a situation of improper or illegal use by an authorized user was considered by the House of Lords in R.V. Bow Street Magistrate (exparte U.S. Government, Allison)8/1999) 3 W. L. R. 620, where they refined interpretation of the notion of authorized or unauthorized access. The House of Lords noted that the court at first instance had felt constrained by the strict definition of unauthorized access in the Act and the interpretation put upon them by the court in the case between D.P.P. v. Bignell. The House of Lords doubted the reasoning in Bignell but felt that the outcome was probably right. Jurisdiction in cybercrimes is a complicated process. Activities carried out on the internet that are lawful in the nation where they are started may be unlawful in other nations although the work is not particularly targeted at that particular nation. The cybercrime laws that have been enforced over the past decades in many countries show diverse and diverging jurisdiction clauses (Casey, 2011). Jurisdiction has several forms: authority to prescribe, authority to adjudicate, and authority to enforce (Casey, 2011). Jurisdiction to prescribe refers to the control of a sovereign “to ensure that its jurisdiction cuts-across activities, relations, or status of persons or order, by administrative rule or by determination of court (US, 1987, 401 (a))9. A person found guilty of unauthorized access with intent to commit or facilitate commission of further offences shall be answerable for a summary conviction in England and Wales, to custody for a period not exceeding 12 months or to a fine not more than the national set limit or both. Also, a person is culpable of a crime of unlawful alteration of computer material if a) he or she commits any act which causes an unlawful alteration of the contents of any computer; and b) at the time when he or she commits the act he has the obligatory intention and the mandatory knowledge. For the purposes of subsection (1) (b) above the necessary intent, is an intent to cause a modification of the contents of any computer and by so doing; a) to damage the operation of any computer; b) to prevent or hinder access to any program or data held in any computer; or c) to impair the operation of any such program or the reliability of any such data. According to the purposes of the [1971 c.48] Criminal Damage Act 1971, a change of the contents of a computer shall not be regarded as damaging any computer or computer storage system unless its effect on that computer or computer storage system impairs its physical condition. In England and Wales under s.1 of the Malicious Communications Act 198810, it is illegal to send any offensive or intimidating letter, electronic message or other piece of writing to another person. Correspondingly, under s.43 of the Telecommunications Act 1984, it is a related offence to send a telephone message that is indecent offensive or threatening. Both offenses are punishable with up to six months imprisonment and/or a fine. Other crimes involve dissemination of malicious software (‘malware’) such as viruses, worms and Trojans. While traditionally used to cause unauthorized modification and impairment of computer data, malware is gradually becoming more applied to access confidential information in the computer to facilitate fraud and other offences, so-called ‘blended threats,’ for example gaining access to confidential data and communications, creating false accounts or obtaining false identification documents. Malware may be circulated directly, for instance by inserting an infected diskette or more generally, via the internet or other computer network via executable files. An example is the infamous ‘Melissa’ virus that was first posted on an internet newsgroup ‘Alt.Sex.’ in 1999. Visitors to the newsgroup were enticed to download the document which promised passwords to adult websites. Once the file was executed, the victim’s computer was infected. The virus attacked mainly, the computer windows operating systems and distorted Microsoft word processing programs so that any document produced using Microsoft word would also be infected. The virus was then able to reproduce and make many copies via Microsoft Outlook by causing computers to send emails to the first fifty addresses in the victim’s address book. Each email contained the message ‘here is that document you asked for… don’t show anyone else’. Opening the document of course infected the computer which in turn caused more emails to be sent. Because each infected computer could infect fifty additional computers, which in turn could infect another fifty computers, the virus proliferated rapidly and exponentially, resulting in substantial impairment of computer networks (US v. Smith (D NJ, 2002)11. Another case, in US V. Perez12, the defendants allegedly created and marketed a spyware program called ‘Loverspy’ via a website. Prospective purchasers could access the program for a fee and then select from a menu an electronic greeting card to send to up to five different email addresses. Once the recipient opened the Card, ‘Loverspy,’ secretly installed itself on their computer. It would then monitor all activities on the computer including emails sent and received, websites visited and passwords entered. These details were then sent to the purchaser. The purchaser was also able to remotely control the victim’s computer including accessing files and turning on web-enabled cameras. It was alleged that there were over 1,000 purchasers in the United States and internationally with more than 2, 000 victims. The difficulty in obtaining meaningful statistics on cybercrime generally has already been noted. The problem is particularly acute in the context of true cybercrimes, which are often not recorded in any official crime statistics13. In other cases, computer crimes may be punished under other provisions. For example, British Telecom has in the past indicated a preference for pursuing hackers for ‘fraudulent use of telecommunication system rather than the provisions of the Computer Misuse Act14. Although limited, prosecution statistics also indicate that computer crimes offences are significant. For example, in Canada in 2000-1, the most common computer-related offence was theft of telecommunication service with 270 charges disposed of, followed by unauthorized use of computer and mischief in relation to date15. In the same year, there were 83 computer-related prosecutions in England and Wales, although 70 per cent of those cases the computer offence was not the principle offence16. Prior to the enactment of specific cybercrime offences, prosecutors looked to existing offences to deal with computer related offences. For example, unauthorized access could be seen as analogous to trespass. Other parallels to impairment of data could be found in criminal damage17. Criminal attempts Act of 1981, explains that if with intent to commit an offence to which this section applies, a person does an act which is more merely preparatory to the commission of the offence, he is guilty of attempting to commit the offence. Subject to section 8 of the Computer Misuse Act 1990 (relevance of external law), if this subsection applies to an act, what the person doing it had in view shall be treated as an offence to which this section applies. Subsection 1A above applies to an act if: a. It is done in England and Wales; and b. It would fall within subsection (1) above as more than merely preparatory to the commission of an offence under section 3 of the Computer Misuse Act 1990 but for the fact that the offence, if completed would not be an offence triable in England and Wales. This section involves crimes which if they were completed would be traible in England and Wales as an indictable offence other than; conspiracy (at common law or under section 1 of the Criminal Law Act 1977 or other enactment); supporting, abetting, counseling, procuring or suborning the commission of an offence; offences under section 4 (1) (assisting offenders) or 5 (1) (accepting or agreeing to accept consideration for not disclosing information about an arrestable offence) of the Criminal Law Act 1967 (Glazebrook, 2006). Extended authority in relation to certain attempts applies to an act, where the person doing the act had in view shall be treated as an offence to which section 1(1) above is considered. This section involves an act if it is done in England and Wales and it would fall within section 1(1) above as more than simply preparatory to the commission of a Group A offence but for the fact that crime if completed would not be a crime triable in England and Wales (Glazebrook, 2006). Any act made by means of a communication (however communicated) is to be considered for the purposes of the fourth provision as done in England and Wales if the communication is sent or received in England and Wales. If any proceedings concerning a crime are triable based on this section, it is immaterial to judge whether or not the accused was a British citizen at the time of any act or other event with evidence which is necessary for conviction of the crime (Glazebrook, 2006). References in any performance, instrument or document related to computers (except those in this part of this Act) to an crime of scheming to commit an offence include an offence triable in England and Wales as such a plot by virtue of the provisions of this act (without prejudice to subsection (6)) (Glazebrook, 2006). In England and Wales an individual who believes that he or she has been wronged using computers can after exhausting all the English court processes, take his or her case to the Court of Human Rights (Arthur Brown, 1998). Most of the above rights refer to the methods and procedures used by the police in arresting, detaining, searching and otherwise dealing with alleged offenders. The form of these methods and procedures is legislated for in the Police and Criminal Evidence Act of 1984. Following the introduction of computers to process police records, concerns have been raised about security of sensitive materials (Arthur Brown, 1998). Most of the early allegations by journalists centered on inappropriate and defective security measures rather than corrupt practices by police officers and as a result access to both the Police National Computer (PNC) and other local computers became more stringently controlled. For example, in 1986 a Metropolitan Police detective constable was charged under the Official Secrets Act in a case between Lewis v. Cattle (1938)18 re use of this Act, for the allegations of obtaining details of men with homosexual convictions for indecent application (Daily Mail, 13 December 1986)19. In 1987 a special constable’s personal computer was found to have data taken from the PNC together with details about fellow police officers. He was charged under the Data Protection Act (The independent, 24 October 1997)20 (Arthur Brown, 1998). England and Wales have put great effort to revise existing legislations on computer inspection and telecommunications. The outcome of this evaluation was the Regulation of Investigatory Powers Act (RIP) 2000, which came up with new powers for police and the state to capture communications via the Internet, and enhanced existing powers to intercept telecommunications. The RIP Act also brought about a number of new powers and offences with serious implications for civil rights on the Internet (Paul Mobbsfor, Computer Crime)21. For instance, the Government, supported by the courts has maintained the interception capabilities and can compel an Internet service provider (ISP) to reproduce some or all their interchanged information and redirect them to a new computing centre set up by the security department. The Act gives specifications whereby citizens who have encryption Keys may be forced to reveal them or else be prosecuted. It contains a clause with provisions that such a person may be prohibited from informing anybody else that they have been issued with notice to divulge a key (Paragraph 8.42, Law Commission Consultation Paper No. 155). Also international cooperation to enhance legislations on computer crimes has been approached. These have mainly been applied in extradition, and dealt with questions of authority concerning these issues. This however, does not provide and answer to a problem of disparity and inappropriateness between states’ lawful practices, and there is still no globally agreed explanation of computer crime (Paragraph 8.42, Law Commission Consultation Paper No. 155)22. References APIG, Computer Misuse Act, [106]. Arthur Brown, A. B 1998. Police governance in England and Wales . London. Casey, E 2011. Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet . London: Academic Press. Clough, J 2010. Principles of cybercrime. New York: Cambridge University Press. Daily Mail, 13 December 1986: page 13-16 E.g., Computer misuse offences are not recorded in the Home Office Crime Statistics for England and Wales; retrieved on 10th December, 2012 from www. Crimestatistics.org.uk/output/page70.asp Glazebrook, P. R 2006. Blackstone's Statutes on Criminal Law 2006-2007; 16th Edition. New York: Oxford University Press. Internet Crime Forum Legal Subgroup, Reform of the Computer Misuse Act 1990 (Internet Crime Forum, 2003) Appendix B John X. Kelly 2007. JISC Legal: Computer Misuse Overview - www.jisclegal.ac.uk Kowalski, Cyber-Crime, P. 16 Lewis v. Cattle (1938) Malicious Communications Act 1988; retrieved on 10th December, 2011 from http://www.opsi.gov.uk/acts/acts1988/Ukpga_19880027_en_1.htm Paragraph 8.42, Law Commission Consultation Paper No.155 - Legislating the Criminal Code: Fraud and Deception Paul Mobsfor, Computer Crime. The Law on the misuse of computers and networks, GreenNet Civil Society Internet Project, 2002; retrieved on 10th December, 2011 from http://www.internetrights.org.uk/index.shtml?AA_SL_Session Pokar, F. (2004). New Challenges for International Rules Against Cyber-crime. European Journal on Criminal Policy and Research , 10(1), 27-37. Police and Justice Act 2006; retrieved on 10th December 2011 from http://www.opsi.gov.uk/acts/acts2006/20060048.htm R. V. Bow Street Magistrate (Allison, 1997) Recommendation No R (89) 9 of the Committee of Ministers to Member States on Computer Related Crime, council of Europe Reported in Management Accounting, March 1990, 63(3): 24-26 S.W. Brenner, ‘Is there such a thing as “Virtual crime”? (2001) 4 California Criminal Law Review 1, 71-3, 82-4 Sieber. (2000). Legal Aspects of Computer-Related Crime. pp. 25-32, 39. Survey of Computer Related Fraud and Abuse, 1990, London: HMSO The Computer Misuse Act 1990 (CMA) –Retrieved on 10th December, 2012 from:  http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm The independent, 24 October 1997: pages 59-64 UK Law commission (2009). The admissibility of expert evidence in criminal proceedings in England and Wales a new approach to the determination of evidentiary reliability. Consultation Paper No. 190 United States (1987), Restatement (third) of foreign Relations Law, ζ 401 (a)) US V. Perez (SD Cal 2005) US Department of Justice, Press Release, 26th August 2005, retrieved on 10th December, 2012 from: www.cybercrime.gov/perezIndict.htm US v. Smith (D NJ, 2002). US Department of Justice, Press Release, 2nd May 2002, retrieved on 10th December 2011 from; www. Cybercrime.gov/melissaSent.htm. Williams, I. C. (1994). Computers and Law . London: Intellect Books. Read More