I won’t add anymore to the story (Andy Coulson, NoTW) than most already have, and indeed, I am only interested in a particular element of the law which most have overlooked (that I am aware of, if not the case, please refer me). The Act used to arrest those responsible has been extensively covered already. I would like to add a perspective to the crime that some may not have considered.
In my 20’s, I worked at a communications company (the litigation department) when mobile ‘phones were available to Joe Public pretty much for the first time in Britain (I even chose my mobile number to match my home telephone number!) Previously, they were toys that only business persons had (I remember my uncles ‘mobile’ ‘phone complete with car battery).
Why do I mention this? More often than not, users would contact us complaining they had deleted an important voicemail message (“message”). The user thought that message was gone. Not so. As long as it was not left too long (exact time now escapes me) we (company) could retrieve it. Why? Because the message was retained on a computer system – bingo. Here enters the Computer Misuse Act 1990.
Now as a tutor of Computer Law in various manifestations and to various audiences (LLB, LLM) I have examined the evidence, and I would suggest this matter could encompass evidential examinations under the Computer Misuse Act 1990.
With any offence the Actus Reus and Mens Rea are important. S.1 of the Act provides:
(a) he causes (Actus Reus) a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends (Mens Rea) to secure is unauthorised and;
(c) he knows at the time when he causes the computer to perform the function that
this is the case.
In other words, potentially any act (a) that the ‘hacker’ has done to change a function of the ‘phone could come under this (accessing the messages which are causing the ‘phone to act in a manner which is not authorised by the owner).
In terms of intent (b); as the hacker is accessing the messaging function with intent to listen to messages, the program that facilitates this is a computer program and holds personal data, Mens Rea satisfied. Undoubtedly, he is aware this is illegal and thus test (c) is also satisfied.
Importantly, the definition of a computer, data or program (S.17) was never defined. Why? Arguably, it’s because the introduction of new technology meant that everyday items could potentially be created into computers. Most mobile ‘phones are now SmartPhones, effectively mini-computers if you like. (I still remember surfing the web through my television for the first time, which is very odd!) Parliament and its advisors could not even begin to think about what a computer, data or program really ism so failed to define it for that very reason. To define it is to potentially discriminate against its successors.
S.1 (a)-(c), still did not cover enough situations and in 2002 an attempt was made to update the act and it failed. The All Party Parliamentary Internet Group in 2004 reported increasing sentencing powers and a new Fraud Bill which finally came about in Fraud Act 2006 (I think there is a case here, too, but that’s another blog) and the Police and Justice Act 2006.
So, what precisely did the Police and Justice Act 2006 enact? C.48 inserted Part 5 Computer Misuse, S.35, in short it dealt with the short comings of the Computer Misuse Act 1990 (CMA) (which some argue was passed in haste) by adding the following:
- increased the penalty for unauthorised access to computer to two years in prison
- expanded unauthorised modification of data (S3) to include someone who does an unauthorised act in relation to a computer with unauthorised access to computer material
- made changes to the wording of the old section 1 CMA and increased the term of imprisonment
- a defendant knowingly commits an unauthorised act in relation to a computer;
- or intends to perform such an act; or is reckless as to whether he might be performing such an act. (N.b. lower mens rea than S1 CMA and new S3A)
- it is much wider than old section 3 (Does not require any modification of data)
So it’s no longer unauthorised modification – it is unauthorised impairment, there has to be a “requisite intent” – an intent to impair the operation of any computer, prevent or hinder access to any program or data held in computer or to impair the operation of any program or data held in any computer sentencing: Magistrates Court – 12 months prison / Crown Court – 10 years or fine or both.
So in other words, hackers that impair the operation of any computer; prevents or hinders access to any program or data held in any computer; or impairs the operation of any such program or the reliability of any such data (deleted messages), is liable.
Hark! I hear you cry, I’m still not convinced!
What is all this talk of computers? They used ‘phones, didn’t’ they? The answer to that is we don’t actually know (at least I do not). Going back to the early days of technology and ‘phones being just ‘phones (pre-Skype and in-house diallers which are computer systems used for calling, headset on and dialling through a computer –can you see where I’m going with this?) hackers may well have been sat at their desk or in the car tapping away at the ‘phone hoping to get a default P.I.N. This has all changed with the introduction of technology. In-house diallers (see above) are computers, so now the offence has merged, again, potentially and could come under the Computer Misuse Act 1990. In-house diallers work, quite simply, where the user inputs a number to call into their computer keypad. A bit like Skype for the corporate world (but without the video – thankfully!). Again, applying the above law, can you see why these offences could now be examined under the Computer Misuse Act 1990? (As updated).
So, that said I conclude the hackers were right to be brought to justice, and were arrested contrary to the Criminal Law Act 1977 S.1(1) for suspicion of unlawful interception of communications, inter alia, but a thorough investigation should allow for at least an examination of potential crimes under the Computer Misuse Act 1990 (as amended).
Originally posted at the Huffington Post in 2011
© Gary Lee Walters, 2011