Telephone 07870 501003 or use our website contact facility

News & Updates

27/11/21
When it is Black Friday to be followed by Cyber Monday then it seems appropriate to share a few snippets about the Computer Misuse Act 1990 and 2018. As well as the Fraud Act 2006 computer crime and fraud in UK can also result in charges under this Act.

A simple summary guide follows:

The Computer Misuse Act applies to any digital operation with a significant link to the United Kingdom. This covers situations where a computer being targeted is in the UK; if the person responsible carried out the operation from the UK; if they used a server located in the UK; or if the resulting cyberattack caused damage within the country.

Section 1 of the Act criminalises ‘unauthorized access to computer material’.

Section 2 then addresses ‘unauthorized access with intent to commit, or facilitate commission of, further offences’. This is when the offender intends to commit more crimes, such as extortion or fraud, using the data they have accessed.

Section 3 of the Act then refers to unauthorized acts with the intent to impair the operation of a computer, either recklessly or intentionally. Again, this section relies on a crime under Section 1 having been established and adds further penalties if the offender/s meant to damage (such as through a virus) or alter the computer or computer system and its contents (such as through modifying, deleting data or introducing malware and spyware), or simply had this effect as a result of the unauthorised access.

A 2006 addition to the original Computer Misuse Act, specifically outlawed the making, supplying or obtaining articles for use in an offences under Section 1,2 and 3. This now addressed the issue of people using malware, viruses and other such tools developed by others, for the purposes of cybercrime.

Where the original 1990 Act had for the first time explicitly criminalised activities which damaged computers, in 2015, a further provision was added in relation to serious damage. This 2015 addition significantly increased the penalties for ‘unauthorised acts causing, or creating risk of, serious damage’.

Under the 2015 change, ‘serious damage’ extended beyond the digital world and referred to damage to people, the environment, and states. The remit of the Act now expanded to cover the possibility of cyber-terrorism and a state backed cyber attack. Crimes which are committed, and which fall within the remit of ‘serious damage’, can now result in a maximum sentence of life imprisonment.

All crimes under the Computer Misuse Act can result in a fine and potential imprisonment.

I've recently been delivering training on this and other legislation which prompted me to share. Feel free to to use our contact page to ask for more information and case summaries from convictions.

Stay safe and secure online. Let's be careful out there...