Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
DADA/Articles/st25_the_law.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
78 lines (64 sloc)
3.46 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
title: The Law | |
--- | |
The law surrounding cyber security is made up of a number of different | |
overlapping components. It includes data protection through the Data | |
Protection Act and GDPR; intellectual property, through copyright, | |
patents and so on; and others. In this article, we look at the law | |
specifically around computer misuse or "hacking". | |
* Computer Misuse | |
In the middle of the 1980s Robert Schifreen and Stephen Gold | |
discovered the log-in details of an account on British Telecom's | |
Prestel by watching what an engineer typed in to their terminal. They | |
logged in and explored the system, managing to find details of | |
accounts belonging to other people, including members of the royal | |
family. | |
British Telecom discovered the unauthorised use and the pair were | |
charged. At the time, there was no UK law that covered their | |
activities exactly, so they were charged with manufacturing a "false | |
instrument" under the Forgery and Counterfeiting act 1981. The | |
argument was that by entering their unauthorised commands into the | |
Pentel system, they had changed its internal state and somehow created | |
something that infringed on the intellectual property of British | |
Telecom. | |
They were fined less than £1500, but the case highlighted two things: | |
one, that British Telecom had not taken security seriously (the | |
username and password were 2222222222 and 1234 respectively) and the | |
second that the law being applied did not quite fit the situation. | |
Schifreen and Gold appealed the finding on that second point and it | |
was upheld. Lord Justice Brandon said that "we have accordingly come | |
to the conclusion that the language of the Act was not intended to | |
apply to the situation which was shown to exist in this case. The | |
submissions at the close of the prosecution case should have | |
succeeded. It is a conclusion which we reach without regret. The | |
Procrustean attempt to force these facts into the language of an Act | |
not designed to fit them produced grave difficulties for both judge | |
and jury which we would not wish to see repeated. The appellants' | |
conduct amounted in essence, as already stated, to dishonestly gaining | |
access to the relevant Prestel data bank by a trick. That is not a | |
criminal offence. If it is thought desirable to make it so, that is a | |
matter for the legislature rather than the courts." | |
This led to the creation of the Computer Misuse Act 1990, which set | |
out three offences: | |
1. unauthorised access to computer material | |
2. unauthorised access with intent to commit or facilitate commission | |
of further offences | |
3. unauthorised modification of computer material | |
The punishment, in terms of fines and prison sentences, was also laid | |
out. Since then, these three offences remain in subsequent revisions | |
of the act, although the fines and prison terms have changed. Two | |
additional offences have also been added. At the time this article was | |
written (May 2019), the list of offences is: | |
1. Unauthorised access to computer material. | |
2. Unauthorised access with intent to commit or facilitate commission | |
of further offences. | |
3. Unauthorised acts with intent to impair, or with recklessness as to | |
impairing, operation of computer, etc. | |
4. Unauthorised acts causing, or creating risk of, serious damage | |
5. Making, supplying or obtaining articles for use in offence under | |
# Links | |
- https://www.itpro.co.uk/it-legislation/28174/what-is-the-computer-misuse-act | |
- https://www.cps.gov.uk/legal-guidance/computer-misuse | |
- https://www.legislation.gov.uk/ukpga/1990/18/contents | |
<!-- LocalWords: Telecom Prestel | |
--> |