Security management Toolkit

Computer Misuse Act stands the test of time

Clive Gringras Olswang

Published: 01 Jul 2004 16:00 BST

Reforms rejected:
The report details a large number of other issues considered by the enquiry. Suggested changes to the CMA rejected by APIG included:

Definition of "computer" and other terms: the report concludes that the (intentional)
absence from the CMA of definitions of terms like "computer", "data" or "program" has not caused difficulty in bringing prosecutions, and on the contrary makes them more "futureproof". It recommends leaving the courts with freedom to interpret these broad terms in line with the times instead of attempting to tie them down to specific contemporary devices.

Changes to reflect the Cybercrime Convention and EU Framework Decision: concludes that most of the Convention's requirements are already reflected by UK Regulation. It opposes implementation of optional requirements to outlaw hacking tools because of the difficulties this would pose for legitimate users of such "dual-use" tools. The introduction of explicit provisions on DoS and the raising of sentences for hacking would address the other outstanding obligations. Regarding the EU's Framework Decision, the report notes a number of definitional "mismatches" between the Decision and the CMA but concludes that UK law meets the spirit if not the letter of the EU requirements. Parliamentary time should not be wasted on unnecessary "gold plating".

"Unauthorised access": some of the responses to the inquiry requested a tightening up of the current definition of "unauthorised access", which causes problems where some access is permitted and some is not. This was an issue in the 1997 case of Bignell, for example. It was suggested that changes to this definition could also assist prosecutions for sending spam email. APIG concluded that the issue does not create practical problems justifying such an amendment at present.

Introduction of security obligations: APIG rejected suggestions that the CMA be used as a mechanism to impose positive security obligations on those responsible for computers, pointing out that such obligations already exist (in respect of personal data) under the Data Protection Act 1998.

Extension to spyware and adware: the report distinguishes between spyware, the use of which may already constitute an offence under the CMA, and less malign adware. APIG rejects the idea of extending the CMA to criminalise adware but recommends further action by OFCOM (see below). The impact of existing data-protection legislation on these programs is not mentioned.

1 2 3

Did you find this article useful?
240 out of 406 people found this useful

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.