Adverts from Google:
Authority to Access
Computer Misuse Act
The Computer Misuse Act 1990 has been plagued with failed prosecutions. One particular bone of contention, and which has been the source of great debate, is the nature and extent of the authority required to access a computer. Section 1 of the Act creates an offence of causing a computer to perform a function with intention to secure access to any programme or data held in any computer where that intended access is unauthorised. Other sections also depend upon this concept of authority.
The nature of the authority is defined in Section 17 of the Act. This section was considered in authoritative detail in the case of Re Allison R v Bow Street Magistrates Court ex parte Allison HL 1999 ALL ER 1 see lawindexpro casemap.
In this case the defendant was to be extradited to the USA for fraud. His normal work was to access parts of a database to provide information about credit card accounts. He was approached by a co-defendant to obtain similar details from other parts of the database to enable her to commit the fraud. The question was whether, if he had authority to access part of the database as part of his normal work, he could, in any sense, be unauthorised to access other parts of the database. Earlier decisions, in this case and elsewhere. had found difficulty in exploring the limits of this question.
The House of Lords declined to follow the earlier case of DPP v Bignall  1 CR APP R 1, (lawindexpro casemap) which it decided was no longer good law. Their Lordships pointed out that there was no concept, within Section 17 (5) of the Act (which defines the meaning of authority to access for the Act), which could extend an actual authority to allow access parts of a database, to all similar kinds of data within a database. That concept was simply not present in the Act, and it was, therefore, entirely possible that authority to access parts of a database for one purpose, may very well not extend to other parts for other purposes.
They re-enforced this by saying that the issue was not whether access in general was authorised, but whether this particular access to this particular computer, or part of it, or this particular data was authorised. If it was not authorised then the offence is committed.
The court went on to point out that since the offence included an offence of intending to obtain access to data, that offence necessarily allowed the possibility of the offence being committed without any particular data having been accessed. They felt that this supported their position, since it implied that the offence could be committed without reference to the access being to any particular data.
|Important: Please note that our law-bytes are retained for archival purposes only. The law changes, and these notes are often, now, out of date. You must take direct advice on your own personal situation and the law as it currently stands.|
|All information on this site is in general and summary form only. The content of any page on this site may be out of date and or incomplete, and you should not not rely directly upon it. Take direct professional legal advice which reflects your own particular situation.|
|Home | lawindexpro | Forum ||
|| Two Doves Counselling | Faulty Flipper|
|Copyright and Database Rights: David Swarbrick 2012|