What is the Computer Misuse Act of 1990?

The Computer Misuse Act of 1990 is a law in the United Kingdom that makes certain activities illegal, such as hacking into other people’s systems, misusing software, or helping a person to gain access to protected files of someone else's computer. The act was created after the 1984-1985 R v. Gold case, which was appealed in 1988. The appeal was successful, inspiring parliament to create a law that would make punishable the behavior committed by Robert Schifreen and Stephen Gold. It obviously could not be applied retroactively, but it's goal was to discourage behavior like theirs in the future.

What occurred to prompt the case and ultimately lead to the law was the following: Gold watched an employee of Prestel at a tradeshow enter his username and password into a computer. Gold and Schifreen then used this information from a home computer to access the system of British Telecom Prestel, and specifically to enter the private message box of Prince Philip. Prestel became aware of this access, trapped the two men, and charged them with fraud and forgery. The men were convicted and fined, but they appealed their case.

One of the key aspects of the appeal was that the two men were not using the data in anyway for personal or illegal gain. Since no material gain was involved in spying on someone else’s system, they argued that the charges under the specific laws could not apply to them. The House of Lords acquitted the men, but became determined to forbid this type of behavior in future. This led to the Computer Misuse Act being developed and passed into law in 1990, two years after the successful appeal.

The act is split into three sections and makes the following acts illegal:

The first section in the act forbids a person to use someone else’s identification to access a computer, run a program, or obtain any data, even if no personal gain is involved in such access. Individuals also cannot change, copy, delete, or move a program. The Computer Misuse Act also outlaws any attempts to obtain someone else’s password. Obviously, if someone gives another person his identification and he may legally use the computer, these laws under unauthorized access do not apply.

The second provision in the law is gaining access to a computer system in order to commit or facilitate a crime. An individual can’t use someone else’s system to send material that might be offensive or to start worms or viruses. He also can’t give someone his identification so that he can use a system for this purpose. This second part means that the individual would be facilitating someone else’s intent or crime.

Unauthorized modification in the Computer Misuse Act means that a person can’t delete, change, or corrupt data. Again, if someone puts a virus into someone else’s system, he would be violating the act. Usually, committing unauthorized access only is thought a crime punishable by fine. Access with intent and unauthorized modification are considered more severe and may be punished by heavy fines and/or jail time.