Skip to content

Can I amend The Computer Misuse Act please?

March 13, 2011

Late Addition:

In theory there is nothing to stop the CPS using the CMA to charge people over the phone hacking scandal. It could even have been used in the initial charging of Mr Mulcaire, if it was a heavily criminal prosecution that the CPS intended to bring. It would have been a very interesting case had they done so, but it could well have been another instance of the CMA being stretched to breaking point to cover offences that it was not originally intended to, as in DPP v Lennon.


This is another piece I wrote for Internet Law last semester. The task was to advocate one or more ammendments to the Computer Misuse Act 1990 (As already ammended by the Police and Criminal Justice Act 2006).

The CMA has had a troubled history to a point, and often needs the dust blown off it by the CPS so its practical application rarely has an airing in court, let alone at appeal so these were my thoughts as to how it works and how it should be changed.

The brief of the piece was to advise the fictional state of Tomlinsonia (thanks to Dr. Daithí Mac Síthigh for the name!)


Amend s.3(6)(c) of the Computer Misuse Act 1990 (As Amended) to read “on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both” – Halving the sentence.

Amend s.3A(2) of the Computer Misuse Act 1990 (As Amended) to read “A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit an offence under section 1 or 3. – Removing the “assist in the commission of” an offence.

I recommend the above amendments to the UK’s Computer Misuse Act 1990 (As Amended) before it is adopted into the law of Tomlinsonia.

The first is a recommendation on sentencing. The UK, in the Police and Criminal Justice Act 2006 changed the CMA by increasing the punishment and adapting the language in s.3 to clearly catch Denial of Service (DoS) attacks. The latter was a wise move, but since s.3 does not differentiate between serious organised criminals, as was the aim of the section, and protests or mischievous teenagers, the possible decade in prison is ludicrous. Indeed, it is even longer than that of theft (Theft Act 1968 s.7).  Although we do trust our judiciary in their sentencing discretion, we believe that having this long a punishment sends out the wrong message. Having a longer maximum sentence than theft and other serious real-world crimes, we can ultimately have an act, which causes little harm being punished more seriously than a multi-million pound heist.  This, we feel, does not represent what the CMA was about originally – an intelligent piece of legislation to cope with a growing problem.

The second amendment I propose is in relation to the new s.3A of the CMA. This section exists to attach liability to software developers who manufacture “articles” which can potentially be used by people in breach of sections 1, 2 and 3.  Section 3A was required by Article 6 of the EU’s Cybercrime Directive, but only part of it. Indeed, even the All-Party Internet Group (APIG) recommended not criminalising hacking tools by leaving out the optional requirements of Article 6.  To contextualise the offence, it would be making every hammer sold potentially illegal.

In an effort to prevent this situation, the amendment would serve to lower the bar of burden on a software distributor. A software distributor is unlikely to personally know every person downloading a tool, and for what purpose they are using it. Under the amended version, a developer would have to be more certain that their tool would likely be used in the commission of an offence. This would enable us to convict intentional hackers and their assistants but not give a great criminal burden on legitimate IT security experts. Murray even goes so far to say that he is worried that despite the recommendations by the APIG and the House of Lords Committee on Science and Technology, s.3A was not amended, as there is now a blurred line between legitimate and illegal use.  Indeed, even very recently, there are new doubts about legalities of certain types of software available over mainstream channels.

These two provisions do need changing in order to make the law fair and relevant in our society. The strengths of the CMA always lay in its ambiguity, but with its low sentencing, the potential for wrong by the government was lower. Now just as general, it has high consequences for those that stray over a faintly visible line.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: