COMPUTER MISUSE ACT IN THE UK
COMPUTER MISUSE ACT IN THE UK
Information security experts would be interested to learn that the modified Computer Misuse Act 1990 (“the Act”) went into force on May 3, 2015, because of the modifications made by sections 41–44 of the Serious Crime Act 2015.
Information security experts would be interested to learn that the modified Computer Misuse Act 1990 (“the Act”) went into force on May 3, 2015, because of the modifications made by sections 41–44 of the Serious Crime Act 2015. This implies that criminals who commit cybercrime with the intent to inflict “severe damage” may face heavier punishments. The reforms are an attempt by the government to increase the government’s ability to combat cybercrime.
One of the most significant changes is the establishment of a new offence of “unauthorized conduct causing, or creating the danger of, substantial harm” regarding a computer.
The sections describing “severe harm”… “of a material sort” are broadly drafted and encompass “damage to human welfare, a country’s economy, a country’s national security, and the environment.”
“Human welfare” is defined as “loss or harm to human life” as well as “disruption to communication, electricity, food distribution, and transportation networks, as well as health services.” Previously, cybercrime law was seen to be rather inadequate in combating massive cyber-attacks with the potential to cause catastrophic loss of life or damage to the country’s economic and civic institutions.
A person who is now found guilty of the new offence faces a jail term of up to 14 years; and (ii) a fine of up to $10,000. (or life imprisonment in certain serious circumstances) (ii) either a sentence or a fine; or (iii) both a sentence and a fine. To be caught by the Act, the criminal only merely has a “significant relationship” to the UK.
The amendments to the Act’s jurisdictional provisions are intended to embrace crimes committed by UK persons overseas, providing the relevant act constituted an offence under the law of the country in which it happened. Previously, the maximum penalty for major computer usage offences was ten years in jail, although sentences of this length were rare.
It would be fascinating to watch how the police employ these additional authorities to act against a suspect before a cyber-attack happens, as well as if the Act’s new jurisdictional provisions result in the extradition of British nationals. It will also be fascinating to watch if judges feel compelled to impose harsher punishments as a result of these developments.
The Act’s goal is to limit the threat and effect of cybercrime by ensuring that UK legislation keeps up with the rapidly developing tactics employed by hackers.
Unintended consequences of these developments might include measures designed to extradite persons committing acts of cyber terrorism or violence overseas being utilized to target some nations more than others.
These reforms demonstrate that governments in the UK and throughout the world are taking the prospect of cyberwar significantly more seriously than they were previously. The government acknowledges that most people these days are online. but we should question whether these changes are a reactionary response to an area that is getting more sophisticated, with new hacking tools being built regularly and made open source without a second’s thought.
To combat cybercrime, we should employ several strategies, including education, training, law, technology countermeasures, and others. Rather than being employed in isolation, these should be used in tandem to lessen the potential for cyber assaults. Once this is completed, we will be in a better position to regulate, rather than eradicate, the arrival of cyber threats.
From a practical and legal standpoint, cyber security firms that deploy their consultants to give cyber security advice to their customers should always get their clients’ prior express authorization before performing any activities that may be construed to violate the Act.
Information security experts would be interested to learn that the modified Computer Misuse Act 1990 (“the Act”) went into force on May 3, 2015, because of the modifications made by sections 41–44 of the Serious Crime Act 2015.
Information security experts would be interested to learn that the modified Computer Misuse Act 1990 (“the Act”) went into force on May 3, 2015, because of the modifications made by sections 41–44 of the Serious Crime Act 2015. This implies that criminals who commit cybercrime with the intent to inflict “severe damage” may face heavier punishments. The reforms are an attempt by the government to increase the government’s ability to combat cybercrime.
One of the most significant changes is the establishment of a new offence of “unauthorized conduct causing, or creating the danger of, substantial harm” regarding a computer.
The sections describing “severe harm”… “of a material sort” are broadly drafted and encompass “damage to human welfare, a country’s economy, a country’s national security, and the environment.”
The amendments to the Act’s jurisdictional provisions are intended to embrace crimes committed by UK persons overseas, providing the relevant act constituted an offence under the law of the country in which it happened. Previously, the maximum penalty for major computer usage offences was ten years in jail, although sentences of this length were rare.
It would be fascinating to watch how the police employ these additional authorities to act against a suspect before a cyber-attack happens, as well as if the Act’s new jurisdictional provisions result in the extradition of British nationals. It will also be fascinating to watch if judges feel compelled to impose harsher punishments as a result of these developments.
The Act’s goal is to limit the threat and effect of cybercrime by ensuring that UK legislation keeps up with the rapidly developing tactics employed by hackers.
Unintended consequences of these developments might include measures designed to extradite persons committing acts of cyber terrorism or violence overseas being utilized to target some nations more than others.
These reforms demonstrate that governments in the UK and throughout the world are taking the prospect of cyberwar significantly more seriously than they were previously. The government acknowledges that most people these days are online. but we should question whether these changes are a reactionary response to an area that is getting more sophisticated, with new hacking tools being built regularly and made open source without a second’s thought.
To combat cybercrime, we should employ several strategies, including education, training, law, technology countermeasures, and others. Rather than being employed in isolation, these should be used in tandem to lessen the potential for cyber assaults. Once this is completed, we will be in a better position to regulate, rather than eradicate, the arrival of cyber threats.
From a practical and legal standpoint, cyber security firms that deploy their consultants to give cyber security advice to their customers should always get their clients’ prior express authorization before performing any activities that may be construed to violate the Act.
Computer Misuse Act penalties
If you are charged under Computer Misuse Conduct, there are three degrees of penalties that are imposed based on the offence and severity of the act.
If you are proven guilty of getting unauthorized access to a computer, the most lenient penalty is imposed (or officially known as “unauthorized access to a computer”). This offence is punishable by up to two years in jail and a £5,000 fine.
If you gain unauthorized access to a computer to steal data or commit another crime, such as using that data to commit fraud, you will face up to ten years in prison and an unlimited fine, depending on the severity of the crime and the amount of damage caused, though it may be difficult to prove intent in this case.
If you manipulate the content of a computer or offer the means for others to do so, for example, if you transmit malware to destroy or change the contents of a computer, you can face up to 10 years in jail and an infinite fine.
If the prospective damage causes harm to human welfare or jeopardizes national security, the penalty could be life in prison.
UK Cyber Security Group Ltd is here to help
Please check out our Cyber Essentials Checklist
Please check out our Free Cyber Insurance
If you would like to know more, do get in touch as we are happy to answer any questions. Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us