What is the Computer Misuse Act?

Nick Titchener headshot

Nick Titchener

Managing Partner

In 1984, journalist hackers broke into the Duke of Edinburgh’s electronic mail and the resulting public outcry uncovered the fact that no law existed against computer hacking. This case (R v Gold & Schifreen (1988) 1 AC 1063) resulted in the Computer Misuse Act 1990. The Computer Misuse Act makes it illegal to gain unauthorised access to a computer or to make changes to files on a computer without permission. We still use this foundational British computer legislation today.

The act states that a person is guilty of an offence if:

  • He causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured;
  • The access he intends to secure, or to enable to be secured, is unauthorised; and
  • He knows at the time when he causes the computer to perform the function that that is the case.

Today this act is often used when people are facing accusations of:

  • Data harvesting
  • Hacking
  • Unauthorised encryption of data

Although the Computer Misuse Act has been widely criticised for failing to address issues like criminal intent, the act has certainly influenced other laws across the world.

Amendments to the Computer Misuse Act

Like any laws, especially those regarding ever-changing technology, there have been a number of amendments over the years. In 2015, provisions were changed to align with the Serious Crime Act when Computer Misuse was added to the list of serious crimes (applying to UK citizens worldwide).

However, the biggest amendment in 2015 was that the maximum penalty for being guilty under the Computer Misuse Act was increased. The potential for computer misuse has also changed over the years, and the Act was amended in 2015 to reflect this. If a charge under the Computer Misuse Act constituted a threat to national security or human welfare then a life sentence could be given.

What are the penalties if you are prosecuted?

Depending on the severity of the crime, there are different levels of penalty:

1/ Up to two years in prison and a £5,000 fine for gaining unauthorised access to a computer.

2/ Up to 10 years in prison and a fine of unlimited amounts (depending on the severity of the case) if you gain unauthorised access to a computer in order to steal data, or use the data to commit fraud. It can be difficult to prove intent.

3/ Up to 10 years in prison with an unlimited fine if you modify the content of a computer or provide the tools so that others can modify the content. 

4/ Up to life imprisonment if this computer misuse puts national security at risk or causes harm to human welfare.

Is the Computer Misuse Act effective?

According to the Office for National Statistics, approximately 4.5 million cyber crimes were committed in England and Wales in 2018, with around 1.2 million related to computer misuse. 

The number of crimes related to the Computer Misuse Act was down on the previous year, perhaps due to many criminal’s identities remaining unknown as they use computer viruses to do the job. Some of the people being prosecuted are simply trying to do their job, like journalists. There has been a call to reform the act, otherwise it will become a threat to journalists and their work.

If you have been accused of an offence under the Computer Misuse Act you need expert advice. Contact Lawtons for guidance in this specialist area of law. Our team of legal professionals are highly experienced and will provide you with the individual guidance you need.

Related Articles