(1) A person is guilty of an offence if:
a) he causes a computer to perform any function with intent to secure access to any program or data held in a computer;
b) the access he intends to secure is unauthorized; and
c) he knows at the time when he causes the computer to perform the function that this is the case. 1(2) the intent a person has to commit an offence under this section need not be directed at
a) any particular program or data
b) a program or data of any particular kind; or
c) a program or data held in any particular computer. 1(3) a person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5, on the standard scale or both.
2(1) a person is guilty of an offence under this section if he commits an offence under section 1 above ("the unauthorized access offence") With intent
a) to commit an offence to which this section applies; or
b) to facilitate the commission of such an offence (whether by himself or by any other person) and the offence he intends to commit or facilitate is referred to below in this section as the further offence. 2(2) this section applies to offences
a) for which the sentence is fixed by law; or
b) for which a person of twenty one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or in England and Wales might be so sentenced but for the restrictions imposed by section 33 of the Magistrates Courts Act 1980). 2(5) a person guilty of an offence under this section shall be liable
a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or both; and
b) on conviction on indictment, to imprisonment for a term not exceeding five years, or to a fine, or both.
3(1) A person is guilty of an offence if
a) he does any act in a way which causes the unauthorized modification of the contents of any computer; and
b) at the time when he does so the act he has the requisite intent and the requisite knowledge. 3(2) for the purposes of subsection 3(1)b above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing
a) to impair the operation of any computer;
b) to prevent or hinder access to any program or data held in any computer; or
c) to impair the operation of any such program or the reliability of any such data. 3(3) the intent need not be directed at
a) any particular computer;
b) any particular program or data or a program or data of any particular kind; or
c) any particular modification or a modification of any particular kind. 3(4) For the purpose of subsection 1b above, the requisite knowledge is knowledge that any modification he intends to cause is unauthorized. 3(5) it is immaterial for the purposes of this section whether an unauthorized modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary
The Act was created to criminalise unauthorized access to computer systems (the s1 offence) and to deter the more serious criminals from using a computer to assist in the commission of a criminal offence or from impairing or hindering access to data stored in a computer (the ss2 and 3 offences). The basic offence is to attempt or achieve access to a computer or the data it stores, by inducing a computer to perform any function with intent to secure access. Hackers that program their computers to search through password permutations are therefore liable, even though all their attempts to log on are rejected by the target computer. The only precondition to liability is that the hacker should be aware that the access attempted is unauthorized. Thus, using another person's username or identifier (ID) and password without proper authority to access data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data to a screen or printer, or to impersonate that other person using e-mail, online chat, web or other services, constitute the offence. Even if the initial access is authorized, subsequent exploration if there is a hierarchy of privileges in the system, may lead to entry to parts of the system for which the requisite privileges are lacking and the offence will be committed. But looking over a user's shoulder or using sophisticated electronic equipment to monitor the electromagnetic radiation emitted by VDUs ("electronic eavesdropping") is outside the scope of this offence.
The ss2 and 3 offences are aggravated offences, requiring a specific intent to commit another offence (for these purposes, the other offences are to be arrestable, and so include all the major common law and statutory offences of fraud and dishonesty). So a hacker who obtains access to a system intending to transfer money or shares, intends to commit theft, or to obtain confidential information for blackmail or extortion. Thus, the s1 offence is committed as soon as the unauthorized access is attempted, and the s2 offence overtakes liability as soon as specific access is made for the criminal purpose. The s3 offence is specifically aimed at those who write and circulate a computer virus or worm, whether on a LAN or across networks. Similarly, using phishing techniques or a Trojan to obtain identity data or to acquire any other data from an unauthorized source, or modifying the operating system files or some aspect of the computer's functions to interfere with its operation or prevent access to any data, including the destruction of files, or deliberately generating code to cause a complete system malfunction, are all criminal "modifications".
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment