Computer Misuse Act Reform

From Orgwiki

The existing Computer Misuse Act in the UK was created in 1990, and was based on issues pursuing the hacking cases of the eighties.

Its primary principle is the concept of the "unauthorised access" and "unauthorised modification" to computers. It is currently scheduled to be updated by sections of the Police and Justice Bill 2006.

Contents 1 Current Law 2 Reforming the CMA 3 The Cuthbert Case 4 Applicability of CMA for Pro-Rights Cases

[edit] Current Law

From a digital rights perspective, the current CMA suffers from some flaws. In an online world where many machines now provide open access to data - public web servers, for instance - it can be difficult to discriminate between what is authorised, and what is unauthorised access.

The Computer Misuse Act has generally protected the rights of those who wander into "unauthorised" areas by requiring not just unauthorised access, but also knowledge by the accused that such access was unauthorised. This has made it a hard law to prosecute under, which has led for some calls for reform.

[edit] Reforming the CMA

There has been some lobbying for the law to be reformed to explicitly include "denial of service" attacks, which might not fall under its provisions as currently written.

Microsoft have also suggested that DRM be protected under a reformed Computer Misuse Act: so it would be possible for computer users to be prosecuted for "unauthorised access" to their own computer. (See para 18, Revision of the Computer Misuse Act: Report of an Inquiry by the All Party Internet Group).

There's also a danger that any reform will include the prohibition of "hacking tools", which would have profound effects on code as speech, as well as handcuffing legitimate security professionals.

[edit] The Cuthbert Case

Computer users also have the right to defend their own systems against attack, and to research and investigate the networks in which they operate. This was part of problem with the Daniel Cuthbert case, where a user checking to see the validity of a website he was using was latter prosecuted for "unauthorised access".

The solution here is not reform, but establishing more clearly into case law the expectations of an experienced online user. The danger lies in blanket "terms of service" establishing minimal rights for Net users, against common practice.

[edit] Applicability of CMA for Pro-Rights Cases

• Could the Act be interpreted to disallow invasive DRM such as the Sony Rootkit, as similar laws in the US have been? (Possibly for acts that took place before the EULA was clicked. Arguably for subsequent behaviour if insufficiently described by the EULA, or if the EULA is not seen as authorisation --dob 01:44, 22 January 2006 (GMT) )