Banque National de Paris Plc v Montman Ltd and Others
Jurisdiction | England & Wales |
Judgment Date | 07 September 1999 |
Date | 07 September 1999 |
Court | Chancery Division |
House of Lords
Before Lord Steyn, Lord Hutton, Lord Saville of Newdigate, Lord Hobhouse of Woodborough and Lord Millett
Computer misuse - exceeding authorisation can be offence
An employee could commit an offence of securing unauthorised access to a computer contrary to section 1(1) of the Computer Misuse Act 1990, or of so doing with intent to commit a further offence, contrary to section 2(1) of the Act, where the employee, although authorised to use the computer for certain purposes, used it in a way that exceeded his authorisation. The offences were not confined to "hacking" by outsiders.
The House of Lords so held in giving reasons for having allowed, on July 15, an appeal by the Government of the United States from the judgment of the Queen's Bench Divisional Court (Lord Justice Kennedy and Mr Justice Blofeld) ((1999) QB 847) refusing its application for an order of certiorari to quash, in extradition proceedings, the refusal of a metropolitan magistrate to commit the accused, Adeniyi Allison, on two charges of conspiring with an employee of American Express to secure unauthorised access to its computer system with intent to commit theft and forgery.
Section 17 of the 1990 Act provides:
"(5) Access of any kind by any person to any program or data held in a computer is unauthorised if - (a) he is not himself entitled to control access of the kind in question to the program or data; and (b) he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled."
The employee, a credit analyst, had the ability to access the computer records of all customers' accounts, albeit she was only authorised to access those accounts assigned to her.
She was alleged to have accessed accounts not assigned to her so as to give information to the accused enabling him to encode forged credit cards, obtain fresh personal identification numbers and thereafter withdraw large sums of money from automatic teller machines.
At the extradition committal proceedings the magistrate, applying section 17(5) in accordance with dicta in Director of Public Prosecutions v BignellTLR (The Times June 6, 1997; (1998) 1 Cr App R 1, 8, 12-13), held that an employee who accessed a computer at his permitted level of access but then used the information gained at that level for an unauthorised...
To continue reading
Request your trial