When it comes to computer misuse and hacking, this is an issue which occurs all over the world which we constantly see on the news ranging from small amateur hacks to large scale attacks. We can learn from HISCOX^[1]that small businesses in the United Kingdom suffer from 65,000 attempted cyber-attacks per day with one small business successfully hacked every 19 seconds which is truly mind blowing which makes you wonder if these cyber securities which we pay for are too easily hackable and is enough being done to protect our private data stored online.

When speaking about computer misuse, this a term for a number of criminal offences which can be committed with the use of a laptop or computer, often via the internet. This issue is regulated by the Computer Misuse Act 1990^[2]which would include computer hacking, the design and distribution of computer viruses and distributed denial of service known as (DDoS). The need for this specific legislation which was the UK’s first computer crime law was due to Prince Philip’s Prestel mail account being hacked by Stephen Gold and Robert Schifreen who gained access to the BT Prestel computer network and whom also accessed several secure areas of the service.^[3]Before this piece of legislation came into effect the authorities faced an uphill struggle as what would these cyber criminals be charged with as sometimes it wasn’t always clear they had committed an criminal offence. There was no theft or any physical damage to any property. Due to there being a number of different offences which can be made, the act was introduced with sections with the offences falling under each depending on the seriousness of the crime committed. The offences under the Computer Misuse Act 1990 would include;^[4]

• Section 1– Dealing with unauthorised access to computer material
• Section 2– Dealing with unauthorised access with intent to commit or facilitate commission of further offences
• Section 3– Dealing with unauthorised acts with intent to impair, or with recklessness as to impairing the operation of a computer 
• Section 3ZA– Dealing with making, supplying or obtaining articles for use under sections 1,3 or 3ZA.

We aren’t able to find a specific definition of the word ‘computer’ under the Computer Misuse Act 1990 but Lord Hoffman in the case of DPP v Jones (1997)^[5]describes it as “A Computer is a device for storing, processing and retrieving information. It receives information from, for example, signals down a telephone line, strokes on a keyboard… and it stores and processes that information”. it can be especially difficult for authorities to deal with these issues due to the fact that hackers could be anywhere in the world when they hack a certain file or company and leaving no clues or trail to as where it came from or how it even happened. As well as the Computer Misuse Act 1990 in place, we have The Serious Crime Act 2015^[6]which discusses jurisdiction therefore if someone who is a UK national commits a crime under sections 1 to 3A while they are abroad can be charged under this act. Mens rea which is the mental element or intention must be established in terms of the accused having the knowledge that the access he/she was trying to access was unauthorised and furthermore has to have been an intention to secure the access to a programme or data which was held in any computer or laptop. 

A case under section 1 which deals with unauthorised access to computer material will be the case of R vSundar Banerjee (2015)^[7]where a former detective had been sent to prison for nine months after accessing Scotland Yard’s criminal database to see information about his family and friends. It was said that Mr Banerjee had used three Metropolitan Police Service known as MPS systems to carry out more than 230 searches for his personal gain during 2009 and 2013. As well as this the courts held that he had even searched his own name and his private registration of his car to see what would come up. This case highlights such a serious breach of trust as Mr Banerjee showed complete disregard for the rules that had been put in place to protect any type of sensitive information that had been stored about members of the public by a member of the police whose job it is to protect that and as a result had been dismissed from his role. 

A case which would fall under section 2 would be that of R v Seth Nolan-Mcdonagh (2015)^[8]. In this case an 18-year old teenager who was known as a “hacker-for-hire” avoided jail after he launched denial-of-service attacks against anti-spam outfit Spamhaus. Seth residing from south-west London had pleaded guilty for attacking Spamhaus off the internet but as well as this had admitted to charges of money laundering and it was found that he had possession of 924 indecent images of children ranging from different ages. As well as this he was caught with over a thousand credit card numbers so it is clear that he was no amateur and was capable of causing a significant amount of damage if he wasn’t caught. Seth was ordered to undertake 240 hours of unpaid work as a result of his offences but escaped a jail sentence due to him suffering from a mental illness. This case just goes to show how someone as young as 18 can cause a massive impact and this attack even resulted in a worldwide effect. It was reported that he was just 13 when he joined a gang of hackers who were determined to take down a number of websites. If someone at the age of 13 has the ability to hack, imagine the level of damage they would be able to inflict if under the scope of a much more advanced hacker. 

Finally, we can discuss a case under section 3 which is the authorised acts with intent to impair, or with recklessness as to impairing the operation of a computer. The case being R v Nazariy Markuta (2016). Nazariy Markuta from London was involved within the D33Ds Company network who accessed over 450,000 of Yahoo’s customer email addresses and passwords from the American giants and had even offered to sale them. He was finally arrested in March of 2015 by the National Cyber Crime Unit at his home in London in which thousands of debit and credit card data were also found in his possession. As well as the attack on Yahoo, Markuta had also stolen data from a number of companies resulting in thousands and thousands of pounds being lost.

We can now go onto speak about Lawrence Lessig’s modalities of regulations. Lawrence Lessig believed that the internet can be regulated by four constraints which would be the law, the social norms, the architecture and lastly the market.

When we are speaking about this issue globally, the legislations in place face a substantial task of regulating the internet. This will be due to cross-border enforcements therefore a hacker can find cover from international laws as different countries will have different laws in place and have different opinions on certain values. A case which can be related to this is the case of Love v National Crime Agency 2019.^[9]In this case Lauri Love was a British student who had been accused of hacking into such systems as the US missile defence agency, Nasa and the Federal Reserve. The American authorities wanted Love to be extradited to the US to face charges where It was held he would be facing up 99 years in a federal prison but a high court in the UK had blocked this as it was held that Love would be at risk of suicide if he had been sent to the US due to his mental illness. In terms of architecture some countries spend a lot more on cyber security than others so it can mean that there is easier invasion in certain countries as there can be a surveillance procedure but a lot of countries don’t have the capability to detect hackers. When speaking about markers, majority of people can find things free in cyberspace e.g. music or movies. Finally, social norms are the behaviour that someone is expected to do in a certain group or community if everyone else is doing it. If you would like to gain a further understanding of Lawrence Lessig’s modalities of regulations, you can click the link below;

In conclusion, it is clear to see that computer misuse and hacking is an ongoing issue today and there is a high need for this type of legislation as without it there wouldn’t be a way to prosecute those who hack computer systems illegally but more has to be done as too many are getting away with it. 

Bibliography

Primary Sources

Cases

DPP v Jones (1997) 2 CR APP R 155

Love v National Crime Agency 2019 2 WLUK 464 

R v Seth Nolan-Mcdonagh 2015

Legislation

The Serious Crime Act 2015

The Computer Misuse Act 1990

Secondary Sources

Books

Andrew Murray, Information Technology Law, 3^rdEdition 

Websites

N/A. (2015). Former Met Police detective from Old Windsor jailed for trawling police’s criminal database. Available: https://www.windsorobserver.co.uk/news/13953731.Former_detective_jailed_for_trawling_police_s_criminal_database/. Last accessed N/A.

John Leyden. (2015). How a hack on Prince Philip’s Prestel account led to UK computer law. Available: https://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/. Last accessed N/A.

John Leyden. (2015). Brit teen who unleashed ‘biggest ever distributed denial-of-service blast’ walks free from court. Available: https://www.theregister.co.uk/2015/07/10/spamhaus_ddos_teen_sentenced/. Last accessed N/A.

N/A. (2018). UK small businesses targeted with 65,000 attempted cyber-attacks per day. Available: https://www.hiscoxgroup.com/news/press-releases/2018/18-10-18. Last accessed N/A.

Alexander J Martin. (2016). London-based Yahoo! hacker gets 11 years for SQLi mischief. Available: https://www.theregister.co.uk/2016/09/23/yahoo_hacker_gets_11_years/. Last accessed N/A.

Owen Bowcott. (2016). Computer activist Lauri Love loses appeal against US extradition. Available: https://www.theguardian.com/law/2016/sep/16/computer-activist-lauri-love-loses-appeal-against-us-extradition. Last accessed N/A.

Owen Bowcott. (2018). Lauri Love ruling ‘sets precedent’ for trying hacking suspects in UK. Available: https://www.theguardian.com/law/2018/feb/05/hacking-suspect-lauri-love-wins-appeal-against-extradition-to-us. Last accessed N/A.

Hee Jhee Jiow. (2013). Cyber Crime in Singapore: An Analysis of Regulation based on Lessig’s four Modalities of Constraint. Cyber Crime Journal. 7 (1), P18-27.

---

^[1]Hiscox, 2018

^[2]Computer Misuse Act 1990

^[3]The Register, 2015

^[4]Computer Misuse Act 1990

^[5]DPP v Jones (1997) 2 CR APP R 155

^[6]The Serious Crime Act 2015

^[7]The Windsor Observer, 2015

^[8]R v Seth Nolan-Mcdonagh 2015

^[9]Love v National Crime Agency 2019 2 WLUK 464

By starting off this topic of revenge pornography, we must firstly discuss what it actually means. Revenge pornography is the distribution of private sexual materials such as pictures or videos of another person without their permission.^[1]This is often done by that person’s partner or someone they were having a sexual relationship with in order to cause embarrassment or hurt. This offence will apply both online and offline. 

Due to technology constantly being improved over the years in terms of phones and what we can do with them, conversations nowadays involve in sending pictures to one other as a way of communication which has caused a great rise in the amount of sexual images online. This has created the issue of “sexting” which is sending an explicit image of yourself to the person you are currently texting which can be that person’s partner or just someone they are sexually attracted to. This had led to a number of problems in terms of socially as this method has become undoubtedly popular among children and the youth of today as it is seen as a normal thing to do.^[2]The issue of children sharing such images isn’t a legal problem but more so a social problem as the UK already has legislation in place to deal with this which is the Protection of Children Act 1978 which applies for England and Wales and the Civic Government (Scotland) Act 1982 for Scotland which deals with indecent images of children. It is a difficult issue as sometimes the sender and receiver of these images will be underage therefore it is not entirely fitting to use the full force of the law.

The growth of sexting has also become popular among those over the age of 18 with partners often using this method to keep their relationship exciting and to supplement their relationship as a majority of young adults will now be in possession of sexual images taken by their partners. It is often the case that when relationships break down for whatever reason that often one of the partners will in anger take to the internet to share these pictures or videos against the will of their partner. When it comes to revenge porn there are a number of ways you can do this e.g. putting it on a certain website which weren’t actually in the UK and then it would be shared around. An example of one of these websites was IsAnyOneUp.com.^[3]This website was being used as a revenge porn site during 2010 and 2012 in which it was held thousands and thousands of explicit pictures of women had been posted with links to their social media accounts. The more direct approach which would spend less time online but would be by far the most hurtful would be posting that content directly to a social media platform such as Facebook, Twitter, Snapchat and Instagram which have millions of users across the world. This could have an astounding effect on someone’s life which could result in bullying and even worse depression. An example of this would be 22-year-old Shaunna Lane who in 2014 had her private images shared on Facebook by her ex-boyfriend which left her “scared to leave her flat”.^[4]Her interview can be found in the link below:

https://www.express.co.uk/videos/3750741426001/Revenge-Porn-Ruined-My-Life-Naked-Private-Photos-Shared-Online

Clearly this shows how much of an impact it can have on its victims. Until 2015 there had been no direct legislation which deals with the issue of revenge pornography which meant there wasn’t a lot the victims could do about it which can be highlighted in the case of AMP v Persons Unknown 2011.^[5]In this case the victim had her intimate pictures removed from her phone which had been either lost or stolen in 2008, but due to there being no legislation in place for this specific issue she had to resort to a mixture of copyright law. In today’s society this would not be the case as revenge pornography has become such a large issue that legislation had finally been put through in 2015 which came in the form of the Criminal Justice and Courts Act 2015^[6]for England and Wales which now makes it an offence. Under this legislation it is an offence to ‘disclose a private sexual photograph or film if the disclose is made (a) without the consent of an individual who appears in the photograph or film, and (b) with the intention of causing that individual distress.’^[7]According a BBC News article in 2016, more than 200 people have been prosecuted since the act came into force. Alison Sauneders who is the director of public prosecutions said “technology has created a new landscape for controlling, sexually-motivated or other forms of inter-personal offending and that we’re working very hard with prosecutors and with social media companies such as Twitter and Facebook to make sure that we understand exactly how social media might be used but we also understand how we might extract evidence from social media.”^[8]The introduction of this legislation is definitely a step in the right direction to tackle the issue. 

Following the decision to create the Criminal Justice and Courts Act 2015, Scotland had also decided to follow its footsteps to introduce legislation to help prevent the issue of revenge porn by introducing the Abusive Behaviour and Sexual Harm Act 2016 which now makes it easier to prosecute in Scotland. Michael Matheson who is the Justice secretary said, “It would give police and prosecutors robust powers to tackle the issue, social media is great for people keeping in contact but it is also being used in an abusive way by some individuals, particularly around the disclosure of intimate images or even threatening to do so”.^[9]As mentioned earlier both these acts had come in response to a growing issue which has been going on for years as technology has made it easy to take pictures and videos without the other person knowing. The new offence will cover ‘photographs or films showing people engaged in a sexual activity which would not usually be done in public, or with their genitals, buttocks or breasts exposed or covered only with underwear’.^[10]The whole point of introducing these legislations is to highlight the consequences of sharing these intimate pictures or videos which were taken in good faith that it would not be shared. Under this act if someone is convicted they could potentially be facing up to five years in prison. 

Another case we can discuss is that of Chrissy Chambers who won damages against her ex-boyfriend in a landmark revenge porn case. Chrissy who is a YouTube celebrity managed to win damages against the man who uploaded videos of her online. The man who cannot be named had filmed several videos of them having sex without her knowledge and 2 years after breaking up decided he would upload them to a free porn sit which has since been shared on 35 other porn sides and has been seen thousands of time. This just goes to show that after a video has been uploaded how fast it can travel to other sites.^[11]

We can now move onto speak about Lawrence Lessig’s modalities of regulations. Lawrence believed that the internet could be regulated by four constraints which would be the following

• The law
• The social norms
• The market
• The architecture

When speaking about the law, this is the legal framework and punishments therefore now that legislation has been put in place to deal with the issue of revenge porn. This will reduce the number of cases that will be reported due to people now being aware that it is illegal and can result in a jail sentence If convicted so they will think twice whereas before it was a lot easier to get away with. Social norms which is the social expectations, I think this needs to be improved as a number of people aren’t aware of the impact this can have on someone’s life therefore I feel parents need to educate their children on this issue at a young age so they know the consequences of sending someone a sexual image of themselves. When speaking about the market, it can be in close ties with social norms in terms of how people behave. Finally, when speaking the architecture, it can be said that this issue of revenge pornography wouldn’t have been foreseen when the internet was first introduced and there have been things in place to combat the problem but more needs to be done by the social media giants like Facebook and Twitter to monitor this. 

In conclusion, it can be said that the regulation of pornographic and explicit content is one of the hardest challenges the internet will ever face and it will continue to be a problem for years to come but I feel with the legislation that is now in place we are heading in the right direction but more must be done.

Bibliography 

Primary Sources

Cases

AMP v Persons Unknown 2011 EWHC 3454

Legislation

Abusive Behaviour and Sexual Harm Act 2016

Civic Government (Scotland) Act 1982

Criminal Courts and Justice Act 2015

Protection of Children Act 1978

Secondary Sources

Books

Andrew Murray, Information Technology Law, 3^rdEdition

Websites

N/A. (2015). Revenge Porn. Available: https://www.gov.uk/government/publications/revenge-porn. Last accessed N/A.

N/A. (2016). Revenge porn: More than 200 prosecuted under new law.Available: https://www.bbc.co.uk/news/uk-37278264. Last accessed N/A.

N/A. (2017). New ‘revenge porn’ law comes into force in Scotland.Available: https://www.bbc.co.uk/news/uk-scotland-40473912. Last accessed N/A.

N/A. (2018). New guidelines for ‘revenge porn’ crimes. Available: https://www.bbc.co.uk/news/uk-44713953. Last accessed N/A.

Jenny Kleeman. (2018). YouTube star wins damages in landmark UK ‘revenge porn’ case. Available: https://www.theguardian.com/technology/2018/jan/17/youtube-star-chrissy-chambers-wins-damages-in-landmark-uk-revenge-porn-case. Last accessed N/A.

---

^[1]Gov.uk website

^[2]Andrew Murray, Information Technology Law, 3^rdedition, Chapter 14

^[3]Andew Murray, Information Technology Law, 3^rdChapter 14

^[4]Sunday Express article, 2014

^[5]AMP v Persons Unknown 2011 EWHC 3454

^[6]Criminal Courts and Justice Act 2015

^[7]Andrew Murray, Information Technology Law, 3^rdedition, Chapter 14

^[8]BBC News Article, 2016

^[9]BBC News Article, 2017

^[10]Abusive Behaviour and Sexual Harm Act 2016

^[11]The Guardian article, 2018