Unauthorised modification of computer programs or data

The old offence under s3 of the Computer Misuse Act 1990

Under s3(1) of the Computer Misuse Act 1990 a person is guilty of an offence if:

(a)he does any act which causes an unauthorised modification of the contents of any computer; and

(b)at the time when he does the act he has the requisite intent and the requisite knowledge.

‘Authorisation’ is applied in a similar manner as it is to the offence of unauthorised access to computer material under s1 of the Computer Misuse Act 1990.  Section 17 of the 1990 Act, which deals with interpretation, gives a thorough, but at the same time broad, definition of modification, chiefly aimed at computer viruses and other forms of software which can cause severe damage to computer systems.  In summary, modification is the alteration, erasure or addition of any program or data to the contents of a computer.  The addition of a program or data includes, as mentioned, the addition of computer viruses and other malicious software.  The requisite intent under s3(1)(b) of the Act is defined under s3(2) as an intent to cause a modification of the contents of any computer and by so doing:

(a)to impair the operation of any computer;

(b)to prevent or hinder access to any program or data held in any computer; or

(c)to impair the operation of any such program or the reliability of any such data.

The intent need not be directed at any particular computer, program or data, or at programs or data or modifications of a particular kind, or at a particular modification.  All that is required is knowledge that the intended modification is unauthorised.

Unsolicited emails

Since adding data to a computer falls within the definition of modification, one question arises as to whether a person who adds data to, for example, a computer disk, without authorisation, has the requisite intent.  In Director of Public Prosecutions v Lennon [2006] the defendant was dismissed from his employment.  He subsequently sent several hundred thousand emails to his former employer’s computer system which purportedly came from the company’s HR manager.  Charges were brought under s3 of the Computer Misuse Act 1990 for making an unauthorised modification to the contents of a computer.  The judge at first instance held that the emails were authorised as the employer’s computer system was set up to receive email.  It was also held that s3 was designed to prevent the sending of material such as computer viruses.  On appeal the High Court concurred that a person who sets up a computer to receive emails is giving consent to emails being sent to that computer.  But the consent does not extend to emails sent not for communication purposes but to disrupt the system. 

Unlock this article now!


For more information on:

  • Scope of the offence
  • The new s3 offence as introduced by the Police and Justice Act 2006
  • Sentencing