Computer Frauds - Unauthorised Access + Intent + Modification

Computer crime is a somewhat amorphous term referring both to cases in which a computer is the instrument of a crime and those in which it is the object. As the instrument, for example, a computer might be used to direct calls in a scheme to sell shares in a non existent gold mine or might be used to steal funds from a bank account. As the object of a crime, the information contained in a computer might be stolen or destroyed.

Most computer crimes are prosecuted under traditional fraud, theft, and embezzlement statutes. However, some statutes make certain computer-related activity specific offences.

The Computer Misuse Act 1990 s.1 and sec.2, sec.3

Computer and network attacks involving hacking, cracking, viruses, worms, denial of service and domain name frauds are all inherently computer crimes, covered by the Computer Misuse Act 1990.

The Act covers three areas of computer-related crime:

· Unauthorised access;

· Unauthorised access with intent to commit or facilitate commission of further offences;

· Unauthorised modification of computer material.

S.1. UNAUTHORISED ACCESS

Section 1 of the Act provides against unauthorised access to computer material as follows:

(1) A person is guilty of an offence if

(a) he causes a computer to perform any function with intent to secure access to any program

or data held in any computer;

(b) the access he intends to secure is unauthorised; and

(2) The intent a person has to have to commit an offence under this section need not be directed at

(a) any particular program or data;

(b) a program or data of any particular kind; or

(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.

It, therefore, makes hacking a criminal offence, irrespective of whether any harm is intended.

Hacking out of curiosity, or for the challenge of breaking through a security system, is covered, so long as the hacker is aware that his access is unauthorised. The intent need not be directed at any particular type of program or data.

While Section 1 is aimed at unauthorised access, it is not necessary actually to gain access.

Attempted access also falls within the section. It is necessary only to cause 'a computer to perform any function with intent to secure access'. For example, an attempt to log on, which is rejected by the computer, falls within the section. The hacker who programs his computer to search through every possible password is therefore caught, whether or not his or her attempts at accessing are successful. Mere surveillance of data displayed on a VDU is outside the scope of the section, however, even where sophisticated electronic equipment is used, which can monitor from a distance radiation signals emitted from computers ("electronic eavesdropping"). The penalty is 6 months imprisonment and/or a level 5 fine.

Section 2 of the Act concerns the offence of hacking "with intent to commit or facilitate commission of further offences". A hacker who gains (or attempts to gain) access to a banking computer system with intent to transfer funds from another account into his or her own account is caught by this section. If the funds are actually transferred, then he or she will of course also be guilty of theft. Another possibility would be committing the Section 1 offence with intent to obtain confidential and personal information in order to commit blackmail. In each case, the Section 2 offence is committed as soon as the hacker 'causes a computer to perform any function' with the requisite intent. This could be long before the offences respectively of attempted theft and attempted blackmail are committed. The section 2 penalty is 5 years imprisonment and an unlimited fine.

S.2. UNAUTHORISED ACCESS WITH INTENT TO COMMIT OR FACILITATE COMMISSION OF FURTHER OFFENCES

(1) A person is guilty of an offence under this section if he commits an offence under section 1 above ("the unauthorised access offence") with intent

(a) to commit an offence to which this section applies; or

(b) to facilitate the commission of such an offence (whether by himself or by any other person); and the offence he intends to commit or facilitate is referred to below in this section as the further offence.

(2) This section applies to offences

(a) for which the sentence is fixed by law; or

(b) for which a person of twenty-one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or, in England and Wales, might be so sentenced but for the restrictions imposed by section 33 of the Magistrates' Courts Act 1980).

(3) It is immaterial for the purposes of this section whether the further offence is to be committed on the same occasion as the unauthorised access offence or on any future occasion.

(4) A person may be guilty of an offence under this section even though the facts are such that the commission of the further offence is impossible.

(5) A person guilty of an offence under this section shall be liable

(a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both; and

(b) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.

Section 3 is aimed at those who introduce worms and viruses to computer systems. If the physical condition of the computer is impaired, whether intentionally or recklessly, an offence under the Criminal Damage Act 1971 may also be committed. Section 3 covers non tangible damage, which is now (by section 3(6)) expressly excluded from the Criminal Damage Act, but intention is required (as defined in sections 3(2)-(4)). Recklessness is not sufficient. Modifications include altering, erasing or adding to data. Tampering is an offence if someone who is unauthorised modifies computer material.

S.3. UNAUTHORISED MODIFICATION OF COMPUTER MATERIAL

(1) A person is guilty of an offence if

(a) he does any act which causes an unauthorised modification of the contents of any computer; and

(b) at the time when he does the act he has the requisite intent and the requisite knowledge.

(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing

(a) to impair the operation of any computer;

(b) to prevent or hinder access to any program or data held in any computer; or

I to impair the operation of any such program or the reliability of any such data.

(3) The intent need not be directed at

(a) any particular computer;

(b) any particular program or data or a program or data of any particular kind; or

I any particular modification or a modification of any particular kind.

(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.

(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.

(6) For the purposes of the Criminal Damage Act 1971 a modification of the contents of a computer shall not be regarded as damaging any computer or computer storage medium unless its effect on that computer or computer storage medium impairs its physical condition.

(7) A person guilty of an offence under this section shall be liable

(a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both; and

(b) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.

An Introduction To Corporate Regulation and Standardization
Computer Frauds - Unauthorised Access + Intent + Modification Computer crime is a somewhat amorphous term referring both to cases in which a computer is the instrument of a crime and those in which it is the object. As the instrument, for example, a computer might be used to direct calls in a scheme to sell shares in a non existent gold mine or might be used to steal funds from a bank account. As the object of a crime, the information contained in a computer might be stolen or destroyed. Most computer crimes are prosecuted under traditional fraud, theft, and embezzlement statutes. However, some statutes make certain computer-related activity specific offences. The Computer Misuse Act 1990 s.1 and sec.2, sec.3 Computer and network attacks involving hacking, cracking, viruses, worms, denial of service and domain name frauds are all inherently computer crimes, covered by the Computer Misuse Act 1990. The Act covers three areas of computer-related crime: · Unauthorised access; · Unauthorised access with intent to commit or facilitate commission of further offences; · Unauthorised modification of computer material. S.1. UNAUTHORISED ACCESS Section 1 of the Act provides against unauthorised access to computer material as follows: (1) A person is guilty of an offence if (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorised; and (c) I he knows at the time when he causes the computer to perform the function that that is the case. (2) The intent a person has to have to commit an offence under this section need not be directed at (a) any particular program or data; (b) a program or data of any particular kind; or (c) a program or data held in any particular computer. (3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both. It, therefore, makes hacking a criminal offence, irrespective of whether any harm is intended. Hacking out of curiosity, or for the challenge of breaking through a security system, is covered, so long as the hacker is aware that his access is unauthorised. The intent need not be directed at any particular type of program or data. While Section 1 is aimed at unauthorised access, it is not necessary actually to gain access. Attempted access also falls within the section. It is necessary only to cause 'a computer to perform any function with intent to secure access'. For example, an attempt to log on, which is rejected by the computer, falls within the section. The hacker who programs his computer to search through every possible password is therefore caught, whether or not his or her attempts at accessing are successful. Mere surveillance of data displayed on a VDU is outside the scope of the section, however, even where sophisticated electronic equipment is used, which can monitor from a distance radiation signals emitted from computers ("electronic eavesdropping"). The penalty is 6 months imprisonment and/or a level 5 fine. Section 2 of the Act concerns the offence of hacking "with intent to commit or facilitate commission of further offences". A hacker who gains (or attempts to gain) access to a banking computer system with intent to transfer funds from another account into his or her own account is caught by this section. If the funds are actually transferred, then he or she will of course also be guilty of theft. Another possibility would be committing the Section 1 offence with intent to obtain confidential and personal information in order to commit blackmail. In each case, the Section 2 offence is committed as soon as the hacker 'causes a computer to perform any function' with the requisite intent. This could be long before the offences respectively of attempted theft and attempted blackmail are committed. The section 2 penalty is 5 years imprisonment and an unlimited fine. S.2. UNAUTHORISED ACCESS WITH INTENT TO COMMIT OR FACILITATE COMMISSION OF FURTHER OFFENCES (1) A person is guilty of an offence under this section if he commits an offence under section 1 above ("the unauthorised access offence") with intent (a) to commit an offence to which this section applies; or (b) to facilitate the commission of such an offence (whether by himself or by any other person); and the offence he intends to commit or facilitate is referred to below in this section as the further offence. (2) This section applies to offences (a) for which the sentence is fixed by law; or (b) for which a person of twenty-one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or, in England and Wales, might be so sentenced but for the restrictions imposed by section 33 of the Magistrates' Courts Act 1980). (3) It is immaterial for the purposes of this section whether the further offence is to be committed on the same occasion as the unauthorised access offence or on any future occasion. (4) A person may be guilty of an offence under this section even though the facts are such that the commission of the further offence is impossible. (5) A person guilty of an offence under this section shall be liable (a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both; and (b) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both. Section 3 is aimed at those who introduce worms and viruses to computer systems. If the physical condition of the computer is impaired, whether intentionally or recklessly, an offence under the Criminal Damage Act 1971 may also be committed. Section 3 covers non tangible damage, which is now (by section 3(6)) expressly excluded from the Criminal Damage Act, but intention is required (as defined in sections 3(2)-(4)). Recklessness is not sufficient. Modifications include altering, erasing or adding to data. Tampering is an offence if someone who is unauthorised modifies computer material. S.3. UNAUTHORISED MODIFICATION OF COMPUTER MATERIAL (1) A person is guilty of an offence if (a) he does any act which causes an unauthorised modification of the contents of any computer; and (b) at the time when he does the act he has the requisite intent and the requisite knowledge. (2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing (a) to impair the operation of any computer; (b) to prevent or hinder access to any program or data held in any computer; or I to impair the operation of any such program or the reliability of any such data. (3) The intent need not be directed at (a) any particular computer; (b) any particular program or data or a program or data of any particular kind; or I any particular modification or a modification of any particular kind. (4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised. (5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary. (6) For the purposes of the Criminal Damage Act 1971 a modification of the contents of a computer shall not be regarded as damaging any computer or computer storage medium unless its effect on that computer or computer storage medium impairs its physical condition. (7) A person guilty of an offence under this section shall be liable (a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both; and (b) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.	Practitioner.Com: An Introduction to Corporate Regulation and Standardization
Return To An Introduction to Corporate Regulation and Standardization