When it comes to computer misuse and hacking, this is an issue which occurs all over the world which we constantly see on the news ranging from small amateur hacks to large scale attacks. We can learn from HISCOX[1]that small businesses in the United Kingdom suffer from 65,000 attempted cyber-attacks per day with one small business successfully hacked every 19 seconds which is truly mind blowing which makes you wonder if these cyber securities which we pay for are too easily hackable and is enough being done to protect our private data stored online.
When speaking about computer misuse, this a term for a number of criminal offences which can be committed with the use of a laptop or computer, often via the internet. This issue is regulated by the Computer Misuse Act 1990[2]which would include computer hacking, the design and distribution of computer viruses and distributed denial of service known as (DDoS). The need for this specific legislation which was the UK’s first computer crime law was due to Prince Philip’s Prestel mail account being hacked by Stephen Gold and Robert Schifreen who gained access to the BT Prestel computer network and whom also accessed several secure areas of the service.[3]Before this piece of legislation came into effect the authorities faced an uphill struggle as what would these cyber criminals be charged with as sometimes it wasn’t always clear they had committed an criminal offence. There was no theft or any physical damage to any property. Due to there being a number of different offences which can be made, the act was introduced with sections with the offences falling under each depending on the seriousness of the crime committed. The offences under the Computer Misuse Act 1990 would include;[4]
- Section 1– Dealing with unauthorised access to computer material
- Section 2– Dealing with unauthorised access with intent to commit or facilitate commission of further offences
- Section 3– Dealing with unauthorised acts with intent to impair, or with recklessness as to impairing the operation of a computer
- Section 3ZA– Dealing with making, supplying or obtaining articles for use under sections 1,3 or 3ZA.
We aren’t able to find a specific definition of the word ‘computer’ under the Computer Misuse Act 1990 but Lord Hoffman in the case of DPP v Jones (1997)[5]describes it as “A Computer is a device for storing, processing and retrieving information. It receives information from, for example, signals down a telephone line, strokes on a keyboard… and it stores and processes that information”. it can be especially difficult for authorities to deal with these issues due to the fact that hackers could be anywhere in the world when they hack a certain file or company and leaving no clues or trail to as where it came from or how it even happened. As well as the Computer Misuse Act 1990 in place, we have The Serious Crime Act 2015[6]which discusses jurisdiction therefore if someone who is a UK national commits a crime under sections 1 to 3A while they are abroad can be charged under this act. Mens rea which is the mental element or intention must be established in terms of the accused having the knowledge that the access he/she was trying to access was unauthorised and furthermore has to have been an intention to secure the access to a programme or data which was held in any computer or laptop.
A case under section 1 which deals with unauthorised access to computer material will be the case of R vSundar Banerjee (2015)[7]where a former detective had been sent to prison for nine months after accessing Scotland Yard’s criminal database to see information about his family and friends. It was said that Mr Banerjee had used three Metropolitan Police Service known as MPS systems to carry out more than 230 searches for his personal gain during 2009 and 2013. As well as this the courts held that he had even searched his own name and his private registration of his car to see what would come up. This case highlights such a serious breach of trust as Mr Banerjee showed complete disregard for the rules that had been put in place to protect any type of sensitive information that had been stored about members of the public by a member of the police whose job it is to protect that and as a result had been dismissed from his role.
A case which would fall under section 2 would be that of R v Seth Nolan-Mcdonagh (2015)[8]. In this case an 18-year old teenager who was known as a “hacker-for-hire” avoided jail after he launched denial-of-service attacks against anti-spam outfit Spamhaus. Seth residing from south-west London had pleaded guilty for attacking Spamhaus off the internet but as well as this had admitted to charges of money laundering and it was found that he had possession of 924 indecent images of children ranging from different ages. As well as this he was caught with over a thousand credit card numbers so it is clear that he was no amateur and was capable of causing a significant amount of damage if he wasn’t caught. Seth was ordered to undertake 240 hours of unpaid work as a result of his offences but escaped a jail sentence due to him suffering from a mental illness. This case just goes to show how someone as young as 18 can cause a massive impact and this attack even resulted in a worldwide effect. It was reported that he was just 13 when he joined a gang of hackers who were determined to take down a number of websites. If someone at the age of 13 has the ability to hack, imagine the level of damage they would be able to inflict if under the scope of a much more advanced hacker.
Finally, we can discuss a case under section 3 which is the authorised acts with intent to impair, or with recklessness as to impairing the operation of a computer. The case being R v Nazariy Markuta (2016). Nazariy Markuta from London was involved within the D33Ds Company network who accessed over 450,000 of Yahoo’s customer email addresses and passwords from the American giants and had even offered to sale them. He was finally arrested in March of 2015 by the National Cyber Crime Unit at his home in London in which thousands of debit and credit card data were also found in his possession. As well as the attack on Yahoo, Markuta had also stolen data from a number of companies resulting in thousands and thousands of pounds being lost.
We can now go onto speak about Lawrence Lessig’s modalities of regulations. Lawrence Lessig believed that the internet can be regulated by four constraints which would be the law, the social norms, the architecture and lastly the market.
When we are speaking about this issue globally, the legislations in place face a substantial task of regulating the internet. This will be due to cross-border enforcements therefore a hacker can find cover from international laws as different countries will have different laws in place and have different opinions on certain values. A case which can be related to this is the case of Love v National Crime Agency 2019.[9]In this case Lauri Love was a British student who had been accused of hacking into such systems as the US missile defence agency, Nasa and the Federal Reserve. The American authorities wanted Love to be extradited to the US to face charges where It was held he would be facing up 99 years in a federal prison but a high court in the UK had blocked this as it was held that Love would be at risk of suicide if he had been sent to the US due to his mental illness. In terms of architecture some countries spend a lot more on cyber security than others so it can mean that there is easier invasion in certain countries as there can be a surveillance procedure but a lot of countries don’t have the capability to detect hackers. When speaking about markers, majority of people can find things free in cyberspace e.g. music or movies. Finally, social norms are the behaviour that someone is expected to do in a certain group or community if everyone else is doing it. If you would like to gain a further understanding of Lawrence Lessig’s modalities of regulations, you can click the link below;
In conclusion, it is clear to see that computer misuse and hacking is an ongoing issue today and there is a high need for this type of legislation as without it there wouldn’t be a way to prosecute those who hack computer systems illegally but more has to be done as too many are getting away with it.
Bibliography
Primary Sources
Cases
DPP v Jones (1997) 2 CR APP R 155
Love v National Crime Agency 2019 2 WLUK 464
R v Seth Nolan-Mcdonagh 2015
Legislation
The Serious Crime Act 2015
The Computer Misuse Act 1990
Secondary Sources
Books
Andrew Murray, Information Technology Law, 3rdEdition
Websites
N/A. (2015). Former Met Police detective from Old Windsor jailed for trawling police’s criminal database. Available: https://www.windsorobserver.co.uk/news/13953731.Former_detective_jailed_for_trawling_police_s_criminal_database/. Last accessed N/A.
John Leyden. (2015). How a hack on Prince Philip’s Prestel account led to UK computer law. Available: https://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/. Last accessed N/A.
John Leyden. (2015). Brit teen who unleashed ‘biggest ever distributed denial-of-service blast’ walks free from court. Available: https://www.theregister.co.uk/2015/07/10/spamhaus_ddos_teen_sentenced/. Last accessed N/A.
N/A. (2018). UK small businesses targeted with 65,000 attempted cyber-attacks per day. Available: https://www.hiscoxgroup.com/news/press-releases/2018/18-10-18. Last accessed N/A.
Alexander J Martin. (2016). London-based Yahoo! hacker gets 11 years for SQLi mischief. Available: https://www.theregister.co.uk/2016/09/23/yahoo_hacker_gets_11_years/. Last accessed N/A.
Owen Bowcott. (2016). Computer activist Lauri Love loses appeal against US extradition. Available: https://www.theguardian.com/law/2016/sep/16/computer-activist-lauri-love-loses-appeal-against-us-extradition. Last accessed N/A.
Owen Bowcott. (2018). Lauri Love ruling ‘sets precedent’ for trying hacking suspects in UK. Available: https://www.theguardian.com/law/2018/feb/05/hacking-suspect-lauri-love-wins-appeal-against-extradition-to-us. Last accessed N/A.
Hee Jhee Jiow. (2013). Cyber Crime in Singapore: An Analysis of Regulation based on Lessig’s four Modalities of Constraint. Cyber Crime Journal. 7 (1), P18-27.
[1]Hiscox, 2018
[2]Computer Misuse Act 1990
[3]The Register, 2015
[4]Computer Misuse Act 1990
[5]DPP v Jones (1997) 2 CR APP R 155
[6]The Serious Crime Act 2015
[7]The Windsor Observer, 2015
[8]R v Seth Nolan-Mcdonagh 2015
[9]Love v National Crime Agency 2019 2 WLUK 464
Atif's Blog 