The Computer Misuse Act 1990 (OCR A-Level Computer Science): Revision Notes

The Computer Misuse Act 1990

Overview

The Computer Misuse Act 1990 (CMA) is a UK law designed to protect computer systems and data from unauthorised access and misuse. With the increasing reliance on computers, the CMA helps prevent crimes such as hacking, data theft, and the spread of malware. Understanding this law is crucial for both IT professionals and general users to ensure the ethical and legal use of computer systems.

Purpose of the Computer Misuse Act

• The CMA was introduced to combat the rise in cybercrime and misuse of computer systems.
• It aims to protect individuals, organisations, and governments from unauthorised access and malicious activities involving computer systems.

Offences Under the CMA

The Act defines three primary offences:

Unauthorised Access to Computer Material (Section 1):

• Accessing a computer system or data without permission.
• Example: Logging into someone else's account using their password without consent.
• Penalty: Up to 2 years imprisonment or a fine.

Unauthorised Access with Intent to Commit or Facilitate Further Offences (Section 2):

• Gaining unauthorised access to commit additional crimes, such as fraud or identity theft.
• Example: Hacking into a bank's system to steal money.
• Penalty: Up to 5 years imprisonment or a fine.

Unauthorised Modification of Computer Material (Section 3):

• Intentionally altering or deleting data without authorisation.
• Includes spreading viruses, ransomware, or other malware.
• Example: Introducing a virus to disrupt an organisation's operations.
• Penalty: Up to 10 years imprisonment or a fine.

Additional Provisions

Making, supplying, or obtaining tools for misuse (Section 3A):

• Developing or distributing software that can be used for unauthorised access, like hacking tools or malware.
• Penalty: Up to 2 years imprisonment or a fine.

Why the CMA is Important

• Protects organisations and individuals from cyber threats.
• Acts as a deterrent for malicious activities, ensuring a safer digital environment.
• Supports the prosecution of cyber criminals, promoting justice and security.

Examples

Example 1: Hacking a Social Media Account

A student guesses a friend's password and accesses their social media account without permission.

• This is a Section 1 offence (unauthorised access).

Example 2: Spreading Malware

A cybercriminal distributes a virus designed to delete important files on victims' computers.

• This is a Section 3 offence (unauthorised modification of data).

Example 3: Fraudulent Online Banking

An attacker hacks into a banking system and transfers funds from customer accounts to their own.

• This constitutes a Section 2 offence (unauthorised access with intent to commit further offences).

Note Summary