Adverts from Google:
Computer Misuse Act
A knotty problem faced by those seeking to enforce the Computer Misuse Act 1990 has always been the question of what constitutes ‘authorisation’ under the Act. The question is raised both for offences under section 1, of unauthorised access to data, and under section 3 with the offence of unauthorised modification. It must be noted that the statutory definitions are not the same for both offences.
Difficulties had arisen particularly for allegations against employees. First, it was not clear whether the unauthorised access offence was directed outwards only. If it was aimed at outside hackers, would it be applicable against in-house employees? Secondly, ff an employee is authorised generally to access data at a particular level, could he be prosecuted if he accessed particular elements of data within that level, but to which he knew he should not have had access.
There had been decisions whch had made prosecutions more and more difficult, but the case eventually came to the House of Lords in R v Bow Street Stipendiary Magistrates, ex p Government of the United States of America Times 7 Sep 1999. Much of the case relates to extradition, but their Lordships took time to investigate and make clear their views on the issues on Computer Misuse.
The result can be put simply as follows:-
Lord Hobhouse described a two stage procedure for examining the authority. Was the accused the person who was entitled to control access of this type, and by control he meant the ability to allow access or forbid it to others. If that was not the case, was he, in addition, in receipt of the authority from that person. If the answer to both questions is no, then the access is unauthorised. It is sad that once again, computer law seems caught up within unanticipated complexity.
As always, an employer, must, if he is to seek to rely upon the Act to restrain his employees, have clear policies in place. It seems now that such policies should perhaps be re-written to make allowance for the new case. There is no simple over-riding way of doing this.
A company might consider the following:
Employers will also have to recognise the additional complexity that for the more serious offence of unauthorised modification, the meaning of authorisation need not be the same. The definition of what constitutes authoity under the Act apples only to the lesser offence.
Ho hum ...
|Important: Please note that our law-bytes are retained for archival purposes only. The law changes, and these notes are often, now, out of date. You must take direct advice on your own personal situation and the law as it currently stands.|
|All information on this site is in general and summary form only. The content of any page on this site may be out of date and or incomplete, and you should not not rely directly upon it. Take direct professional legal advice which reflects your own particular situation.|
|Home | lawindexpro | Forum ||
|| Two Doves Counselling | Faulty Flipper|
|Copyright and Database Rights: David Swarbrick 2012|