Access Denied: Computer Misuse in an Era of Technological Change

DOI10.1350/jcla.2006.70.5.424
Published date01 October 2006
Date01 October 2006
Subject MatterArticle
JCL 70(5).doc..Fafinski .. Page424 Access Denied: Computer Misuse
in an Era of Technological
Change
Stefan Fafinski*
Abstract
The massive growth in the power and extent of computer tech-
nology over the past 20 years has provided both tremendous benefits to
society and an ever-increasing potential for misuse. This article examines
the evolution of the criminal law as one means of regulating computer
misuse. It provides a brief outline of the challenges that technological
advances posed to the criminal law leading to the enactment of the
Computer Misuse Act 1990 before moving to consider whether sub-
sequent developments have rendered the existing legislative framework
unable properly to deal with new manifestations of computer misuse.
Finally, the article examines the amendments proposed by the Police and
Justice Bill and considers whether they will be an adequate step towards
resolving any potential inadequacies within the criminal law.
‘Computer misuse’ has been defined as ‘unethical or unauthorised
behaviour in relation to the use of computers, programs, or data’.1 This
is not, however, the same as computer crime, since not all computer
misuse attracts the attention of the criminal law. The two represent
overlapping but not identical categories. The primary piece of legislation
controlling criminal computer misuse is the Computer Misuse Act 1990,
an Act which does not itself define either ‘computer’ or ‘misuse’: moreo-
ver, the technology landscape at the time of its enactment was entirely
different from that of today. In 1990, Tim Berners-Lee, working with
Robert Cailliau at CERN, proposed a ‘hypertext’ system which provided
one of the building blocks of the Internet as we understand it today;
Microsoft released Windows 3.0 and the first commercial Internet dial-
up access provider, ‘The World’, came online. By comparison, as of
September 2002, it is estimated that in excess of 600 million people were
online throughout the world.2 This burgeoning ubiquity of computers
and the Internet has generated an expanded realm of potential com-
puter misuse far beyond that contemplated at the time of the enactment
of the Computer Misuse Act. In particular, in the late 1980s, many
computers were standalone, not networked, and the real threat to their
security came from ‘insiders’, those with physical access.
This article will consider the genesis of the Computer Misuse Act
before examining the offences it creates in more detail. This will facili-
tate an analysis of its application in a variety of different situations,
* School of Law, University of Leeds; e-mail lawsff@leeds.ac.uk.
Grateful thanks are due to Professor Clive Walker of the Centre for Criminal Justice
Studies at Leeds and Dr Emily Finch for their insightful and robust comments on
earlier drafts. Any remaining errors and inaccuracies are my own.
1 M. Wasik, Crime and the Computer (Clarendon Press: Oxford, 1991) 3.
2 See www.nua.com/surveys/how_many_online/, accessed 24 July 2006.
424

Access Denied
leading to a discussion of its limitations and an overview of the current
proposals for reform.
The genesis of the Computer Misuse Act 1990
It is true to say that the criminal law was able to deal with some of the
problems resulting from computer misuse before the Computer Misuse
Act.3 For instance, case law tended to suggest that erasing computer data
held on a magnetic disk would fall within the ambit of s. 1(1) of the
Criminal Damage Act 1971, which provides:
A person who without lawful excuse destroys or damages any physical
property belonging to another intending to destroy or damage such prop-
erty or being reckless as to whether any such property would be destroyed
or damaged shall be guilty of an offence
despite the fact that this could be done without causing physical damage
to property ‘of a tangible nature’ as required by the Act.4 This required
a certain degree of creativity in the interpretation of tangible property in
relation to the facts of the case.
In R v Talboys,5 the defendant was convicted of charges brought under
the Criminal Damage Act 1971 after a programming prank went wrong.
Talboys reprogrammed his employer’s computer to display a farewell
message every time his colleagues entered his leaving date. Unfortunately,
no message was displayed: instead, the screens were entirely blanked. As a
result of Talboys’ guilty plea no legal argument was heard; he was given
a conditional discharge and ordered to reimburse his employer £1,000 to
cover the costs of investigating and rectifying the problem.
The similar case of Cox v Riley6 did lead to a judicial view. The
defendant deliberately erased all computer programs from the plastic
circuit card of a computerised saw which relied upon it for its operation,
each program corresponding to a window frame profile of a different
design.7 This rendered the saw inoperable, apart from limited manual
operation, which would cause production to be slowed dramatically. At
first instance, the defendant was convicted under s. 1(1) of the Criminal
Damage Act 1971, the magistrates reasoning that since the printed
circuit card was tangible it was ‘property’ within the meaning of s. 10(1)
and that damage was caused to the card since it would no longer operate
the computerised saw until it had been reprogrammed.8 The defendant
appealed on the basis that the programs erased were not tangible property
within the Criminal Damage Act 1971; unfortunately the defendant had
been charged with damage to the card (which the court viewed as
‘undoubtedly . . . property of a tangible nature’) rather than damage to
the program. The Divisional Court concluded with the opinion:
3 C. F. H. Tapper, ‘Computer Crime: Scotch Mist?’ [1987] Crim LR 4–22.
4 Criminal Damage Act 1971, s. 10(1).
5 The Times (29 May 1986).
6 (1986) 83 Cr App R 54, DC.
7 M. Wasik, ‘Criminal Damage and the Computerised Saw’ (1986) 136 NLJ 763.
8 R v Fisher (1865) LR 1 CCR 7 established that temporarily rendering a machine
useless can be damage; this case involved ramming a stick up the water feed of a
steam engine.
425

The Journal of Criminal Law
[We] would answer the question posed by the justices ‘Can the erasing of
a program from a printed circuit card [emphasis added] which is used to
operate a computerised saw constitute damage within the meaning of the
Criminal Damage Act 1971?’ with the emphatic answer yes.9
Moreover, in R v Whiteley10 an 18-year-old hacker who had gained
unauthorised access to the JANET11 computer network, deleting and
replacing files with messages of ‘schoolboy humour’ which taunted and
insulted the computer centre staff,12 was held to have been properly
convicted of criminal damage since the deletion of various files and their
replacements caused an alteration of the state of the magnetic particles
on the computer disks; the disks and particles being a single entity
capable of being damaged since their usefulness had been impaired. The
defendant argued that only the intangible information had been dam-
aged and that there should be a distinction drawn between the physical
disk itself and the information thereon. This argument was rejected, and
Whiteley was sentenced to 12 months’ imprisonment, eight of which
were suspended.
Despite the issues surrounding tangibility, criminal damage seemed to
be a potential route to the imposition of criminal liability. A further,
although somewhat more creative, possibility lies in the offence of
abstraction of electricity, contrary to s. 13 of the Theft Act 1968 which
provides:
A person who dishonestly uses without due authority, or dishonestly
causes to be wasted or diverted, any electricity shall on conviction be liable
to imprisonment for a term not exceeding five years.
Therefore, even though the offence is primarily aimed at the dishonest
bypassing of an electricity meter,13 a person who dishonestly uses an-
other’s computer without due authority may also commit the offence on
the basis of the unauthorised use of electricity that is an inevitable result
of its use.14 Perhaps unsurprisingly, there is little authority on this point
in England and Wales, although in Sui Tak-Chee,15 a Hong Kong case, the
defendant was charged with, and found guilty of, abstracting electricity
under s. 15 of the Theft Ordinance16 (which is worded identically to s. 13
of the Theft Act 1968) after accidentally discovering passwords, and
thereafter accessing (allegedly out of curiosity rather than motivation
for gain), a Cable and Wireless plc e-mail system. The defendant re-
ceived an absolute discharge from the magistrate, who ordered that no
conviction should be imposed and that, in his opinion, the prosecution
should never have been brought; the value of the electricity abstracted
having been proved at around one-eighth of a Hong Kong cent, or
approximately one-thousandth of a British penny. As Wasik suggests,
9 (1986) 83 Cr App R 54 at 58, per Stephen Brown LJ.
10 (1991) 93 Cr App R 25, CA.
11 Joint Academic Network.
12 The Times (25 May 1990).
13 Boggeln v Williams [1978] 2 All ER 1061, DC.
14 This could prove to be even more complex in the case of a battery-powered
computer.
15 Sui-Tak Chee (unreported, August 1984).
16 Cap 210.
426

Access Denied
the mischief that the offence seeks to counter is quite different from the
substance of the offence when applied to computer misuse.17 It is
perhaps interesting to note that the argument of mismatch of mischief to
circumstances was not employed when considering the prosecutions for
computer misuse under the criminal damage legislation in Cox v Riley
and Whiteley; this probably lies in the fact that...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT