Introduction To Cybercrime
INTRODUCTION TO CYBERCRIME
Written February 2016 by:
SANDIP PATEL QC - Called 1991 - Silk 2014
Sandip is a truly exceptional Lawyer with a phenomenal eye for detail. He is routinely instructed in cases involving Complex Fraud, Serious & Organised Crime and Computer Misuse Offences. Sandip is on the board of the Cybercrime Practitioners Association and was recently instructed in the case of Mark Johnson, accused of attacking the main Home Office website and Theresa May, the Home Secretary’s website.
WHAT IS CYBERCRIME?
- There is no single standard definition of Cybercrime. The Misuse of Computer Act 1990, the principle statute, does not use the term. However, as a colloquial description it is useful. At the Tenth United Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop devoted to the issues of crimes related to computer networks, Cybercrime was broken into two categories and defined thus:
- Cybercrime in a narrow sense (computer crime): Any illegal behaviour directed by means of electronic operations that targets the security of computer systems and the data processed by them.
- Cybercrime in a broader sense (computer-related crime): Any illegal behaviour committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network.
- Common types of cybercrime include hacking, online scams and fraud, identity theft, attacks on computer systems and illegal or prohibited online content.
MISUSE OF COMPUTER ACT 1990 (THE ACT)
- The Act created 3 main offences, namely unauthorised access to a computer, unauthorised access with intent to commit another offence, and doing an act intending to impair the operation of a computer (ss.1-3). The Act has extraterritorial scope.
- Section 3ZA introduced offences of unauthorised acts causing, or creating risk of, serious damage (added by Serious Crime Act 2015 c. 9 Pt 2 s.41(2) (May 3, 2015).
- Section 3A introduced offences of making, supplying or obtaining any article for use in offences under ss.1 or 3.
- Section 1 provides that where a person causes a computer to perform any function ‘with intent to secure access to any program or data held in any computer then an offence is committed when the access is unauthorised and the individual knows that to be the case’. Switching on a computer without permission might be an offence.
- The “Interpretation” section of the Act states that “any function” covers “copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held.” The “intent” component does not need to be directed at any particular computer/program and/or data. This is the basic hacking offence. Conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.
- Section 2 comprises a further offence where, in committing the unauthorised access offence in section 1, a person intends to commit or facilitate the commission of a further offence which further offence in itself has a sentence fixed by law (e.g. fraud, blackmail, murder). The access and the further offence do not have to be carried out at the same time. It does not matter if the further offence was in fact impossible. Conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.
- Section 3 contains the offence of unauthorised modification of computer material with intent to impair, or with recklessness as to impairing, operation of computer, etc, for example, spreading a computer virus or obtaining access to a company's computer system and inserting messages and amending its data. Modifications include actions “to impair the operation of any computer to prevent or hinder access to any program or data to impair the operation of any such program or the reliability of any such data”. Conviction on indictment, to imprisonment for a term not exceeding ten years or to a fine or to both.
- Section 3A contains the offence to make any article (including any program or data) intending it to be used to commit an offence under ss.1 or 3 - s.3A(1), 3ZA. It is also an offence to supply any article (including any program or data) intending it to be used to commit an offence under s.1 or 3 or believing that it is likely to be used to commit an offence under ss.1 or 3 - s.3A(1) and (2), 3ZA. Furthermore, a person commits an offence if he obtains any article to assist in the commission of an offence under ss.1 or 3 - s.3A(3), 3ZA. It is immaterial for the purposes of an offence whether the accused was in the home country concerned at the time of any act or other event proof of which is required for conviction of the offence if there is a significant link with domestic jurisdiction in relation to the offence (added by Serious Crime Act 2015 c. 9 Pt 2 s.43(3) (May 3, 2015).Conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.
- Section 3ZA contains the aggravated offence of an unauthorised act that causes, or creates a significant risk of, serious damage of a material kind (human welfare, environment, economy, national security) and the person intends by doing the act to cause serious damage of a material kind or is reckless as to whether such damage is caused. An act causes damage to human welfare only if it causes loss to human life; human illness or injury; disruption of a supply of money, food, water, energy or fuel; disruption of a system of communication; disruption of facilities for transport; or disruption of services relating to health. Conviction on indictment, to imprisonment for a term not exceeding 14 years, or to a fine, or to both. Where an offence under this section is committed as a result of an act causing or creating a significant risk of serious damage to human welfare of the kind mentioned in subsection (3)(a) or (3) (b), or serious damage to national security, a person guilty of the offence is liable, on conviction on indictment, to imprisonment for life, or to a fine, or to both.The damage may be suffered in any country.
- R. v Martin (Lewys Stephen)  1 Cr. App. R. (S.) 63: A sentence of two years' imprisonment was appropriate for a young offender who had launched computer attacks upon the websites of various organisations and hacked into two people's personal and financial information. The prevalence of computer crime, the fact that organisations were compelled to spend substantial sums combating it and the potential impact on individuals meant that sentences for such offences should involve a real element of deterrence.
- Ahzaz v United States EWHC 216 (Admin): A District Judge had not erred in referring an alleged offender's case to the Secretary of State for the Home Department to consider extraditing him to the United States for computer hacking where it was plain from his conduct that, had it occurred in the United Kingdom, it would, if proved, have constituted an offence under the Act s.3 and s.1, thus satisfying the dual criminality test.
- R. v Nichols (Andrew Alan)  2 Cr. App. R. (S.) 10: A custodial sentence imposed on a police officer who had used the police force intelligence system to perform checks on relatives was wrong in principle and inappropriate. The wrongdoing was a serious breach of trust by a person in a position of trust and authority in the community but it was not of the sort where information was disseminated corruptly for money or to the criminal fraternity. A community order with an unpaid work requirement was appropriate.
- R. v Khan (Mahdiya)  1 Cr. App. R. (S.) 113: There was no arguable error in a judge's approach to passing concurrent eight-month sentences of imprisonment for unauthorised access to computer material contrary to the Act s.1. The offences had involved serious breaches of trust and undermining of the public's confidence in the security of their personal information.
- R. v Crosskey (Gareth)  1 Cr. App. R. (S.) 76: The court had to determine the appropriate sentences for offences contrary to the Act s.1 and s.3 where an offender had assumed another's identity to access and take effective control over a celebrity's Facebook account for three days. Threats had been made to publicise personal information, although the offender had expressed remorse at his actions and had not sought financial gain or hidden his identity.
- DPP v Lennon  EWHC 1201 (Admin): For the purposes of s.17(8)(b) the owner of a computer able to receive emails would ordinarily be taken to have consented to the sending of emails to his computer. However, such implied consent was not without limits, and the consent did not cover emails that had been sent not for the purpose of communication with the owner but to interrupt his computer system.
- Ellis v DPP (No.1)  EWHC Admin 362: It was not necessary for the prosecution to adduce expert evidence in a case alleging computer misuse, as it was sufficient to rely on the admissions made in interview and the factual evidence of the administrative officer involved.
- R. v Brown (Gregory Michael)  A.C. 543: Data protection; computer data; meaning of "use"; whether display of computer data on screen constituted "use".
- R. v Whiteley (Nicholas Alan) (1991) 93 Cr. App. R. 25: It is an offence of damaging property to alter unlawfully data contained on a computer disk.
KEY EUROPEAN LEGISLATION:
- Directive 2013/40 on attacks against information systems
Expert Cybercrime & Computer Misuse Solicitor:
Majad J Habib: Director - Stuart Miller Solicitors
The expert Cybercrime Solicitors at Stuart Miller Solicitors are proficient with Cybercrime legislation, knowledgeable in creating the best strategy & able to analyse huge volumes of evidence to find the grain of detail required to achieve success for you. Having Specialist Computer Misuse Lawyers on your side is vital to achieve the best result and ensure fairness in the proceedings. Challenging Cybercrime allegations successfully is not a stroll in the park by any means, thus ensuring your Solicitors are leading experts and have the support of world renowned QCs will maximise your chances of success.
This document is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of its content.