Offences

Crimes

Cyber bullying

Graffiti

Bribery Act 2010

Criminal Damage

TV Licence

White Collar Crime

UK Law in Sedition, Obscenity and  Blasphemy

Racial and Religious Hate

Public Nuisance

Dropping of Rubbish

 Human Trafficking UK Law

Outraging Public Decency

Perverting the Course of Justice

Wasting Police Time

Failure to Act Law

Trespass to Person

Blackmail

Crime of Defamatory

Violent Crimes

Assault in GBH ABH

Terrorism

Possessing Offensive Weapons

Involuntary Manslaughter

Murder: Unlawful Killing

Breach of the Peace

Prosecution For Assaulting a Police Officer

Theft

Burglary Under the Theft Act

Aggravated Burglary

Handling Stolen Goods

Security Guards for Shoplifting

Shoplifting

Removal of Art From Public Place

Obtaining Property By Deception

Required Intention for Theft

Points to Prove for Theft

Robbery

Alcohol and Drugs

Being Drunk as a Criminal Defence

Drink Banning Orders

Drug Paraphernalia

Drug Classification

Methadrone and Legal Highs

Smoking ban

Obscene Offences

Cottaging

Extreme Pornography

Grooming Children

Homosexuality

Child Porn and the Law

Living Off Immoral Earnings

Rape Victims

Stalking and Legal Protection

Street Prostitution

Sex Assault

Sexual Offences and Age of Consent

Sexual Offences and HIV

Sex Offenders Register

The Sex Offenders Register

Telecommunication Offence

Electronic Communications Offences

Hacking of Computers

Sending Threatening emails

Unauthorised Access to Computer Material

Unauthorised Modification of Computer Programs Data

Fraud

Bank Account Fraud

Identity Fraud

Fraud

Fraud In Information Communication Technology

Internet Lottery Scams

Forgery and Counterfeiting

Unauthorised Access to Computer Material

What is unauthorised access?

Unauthorised access to computer material can occur, for example, when a person gains access to a computer through a telecommunications network, or when an employee accesses information on their employer’s computer which they are not entitled to access.  The basic offence is contained in s1 of the Computer Misuse Act 1990, but it is worth noting that elements of employment law can apply to employees who access their employer’s information and data without permission (in addition to the criminal consequences of committing the offence).  Denco Ltd v Joinson [1991] held that an employee was guilty of gross misconduct after using an unauthorised password to gain access to information on a computer which he knew he was not entitled to see.  Having said that, there are provisions under the Employment Rights Act 1996 to protect, in certain circumstances, employees who act as whistle-blowers, but that is outside the scope of this article. 

The offence of unauthorised access

Under s1 of the Computer Misuse Act 1990 a person is guilty of an offence if:

• he causes a computer to perform any function with intent to secure access to any program or data held in any computer

• the access he intends to secure is unauthorised, and

• he knows at the time when he causes the computer to perform the function that this is the case.

The intent need not be directed at any particular program or data or computer.  Although s17 of the Act provides interpretation guidelines it does not define ‘computer’, ‘program’ or data’.  A broad definition of securing access is given under s17(2).  Any data or programs on any removable storage medium which is in the computer at the material time is considered to be held on the computer (s17(6)).

The offence occurs if a person intends to gain unauthorised access and knows that this is the case.  Whether this is actually achieved is irrelevant.  Reckless or careless access is also insufficient.  Additionally, the offence is made out even if only one computer is used, that is, it is not necessary for a person to be using one computer to gain access to programs or data held on another computer (see Attorney-General’s Reference (No. 1 of 1991) [1992]. 

Unauthorised access by employees

Employees can be guilty of the s1 offence if they are using their own computers at work to access any program or data which they are not authorised to access.  Under s17(5) of the Act access by a person is unauthorised if

• he is not himself entitled to control access of the kind in question to the program or data; and

• he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled.

The provisions also apply to school pupils and students.  A person must know that they are not entitled to access the data or program and that they do not have consent.  As a matter of prudence an employer should set out in unambiguous terms which programs and data employees have access to.

Authorised access, unauthorised purpose

A point of interest is when an employee who has authorised access to a computer uses that computer for an unauthorised purpose, such as doing private work or research not connected to their employment.  The question is whether this is unauthorised access.  A 1998 report by the Audit Commission (Ghost in the Machine: An Analysis of IT Fraud and Abuse) highlighted the case of a nurse who had authorised access to patient information and used this access to search for the medical records of family and friends.  The nurse was not prosecuted under the 1990 Act but she was given a written warning for breaching patient confidentiality.  In DPP v Bignell [1998] two police officers used the police computer to check details of motor cars they wanted for private purposes.  They were charged with unauthorised access under s1 of the Computer Misuse Act 1990.  The question to be decided was whether their access was authorised.  The Queen’s Bench Division of the Divisional Court held that the police officers were entitled to control access to the material under s17(5) and so their access was authorised.  Accessing the information was part of their normal duties.  The decision has been heavily criticised, not least because being entitled to access computer material is not the same as being entitled to control access to that material.  Indeed, the House of Lords in R v Bow Street Metropolitan Stipendiary Magistrate, ex parte Government of the USA [2000] also criticised DPP v Bignell as regards the interpretation of the concept of authorisation and stated that the judge had erred when considering authorisation to data of a particular kind as opposed to authorisation to a particular program or data (as required by the Computer Misuse Act).

Law Commission report

The Law Commission Working Paper on Computer Misuse also considered the s1 offence.  The Commission thought that the offence should not apply, for example, to an office secretary using their employer’s computer to write private correspondence.  The Commission did not see this as the type of conduct that the s1 offence was directed at, though employees can still be liable for the basic hacking offence if they consciously and deliberately misbehave.

Changes to the offence of unauthorised access

Section 35 of the Police and Justice Act 2006, which took effect on 1 October 2008, amended the offence under s1 of the Computer Misuse Act 1990.  The amendment extended the offence to include an intention to enable access to be secured (previously the intention was only to secure access).  However, this section has itself been repealed by s61 of the Serious Crime Act 2007.  Other amendments under the Police and Justice Act 2006 make the offence triable either way and deal with sentencing.

Copyright © In Brief.co.uk, All Rights Reserved

About In Brief     Contributors     Advertising     Terms of Use     Contact Us