Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.820806
Title: Computer (mis)use and the law : what's wrong with the CMA?
Author: Wilson, Kristopher James
ISNI:       0000 0004 9356 8278
Awarding Body: University of Oxford
Current Institution: University of Oxford
Date of Award: 2019
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
A series of justifications accompany the introduction of any new criminal law. The Computer Misuse Act 1990 (‘CMA’) section 1 offence was justified on the basis that acts that might otherwise be characterised as digital trespass represented a new form of criminally wrongful conduct: such acts compromised the integrity of a computer, program, or system. ‘Hackers’ and ‘hacking’, those that seek ‘unauthorised access’ to computers or data and the tools and techniques that enable that access, were to be deterred. This deterrence was to be achieved, in part, by the intentionally broad operation of the CMA’s section 1 offence. The offence exhibits the features of inchoate mode drafting; it does not criminalise obtaining access to a computer. Instead, it criminalises the ‘causing of a computer to perform a function’. In casting the offence broadly, and in an effort for it to be technology-neutral and future-proof, key terms, like ‘computer’ were also left undefined. The question of whether a given ‘access’ is ‘unauthorised’, is to be determined by reference to any consent provided by the owner of the computer. However, computers are not the same as physical property. There is a much broader scope for delimiting the authorisation of a particular user to specific data, in a way that was not envisaged by the Law Commission when recommending the adoption of the section 1 offence to respond to harms to the integrity of the computer. The result, as this thesis argues, is that in practice the section 1 offence may instead operate to provide criminal law protection to data and information in a way not otherwise contemplated by the general criminal law. Further, the use of ‘terms of service’ agreements and internal policies as the means of delimiting ‘authorisation’ now criminalises what would otherwise be a breach of a civil law right, merely because it is carried out by way of a computer. The offence operates to presume criminally wrongful behaviour, even in circumstances where the use of a computer was tangential to the result an accused intended. These concerns are further compounded by the evolving nature of computing technologies, with the increasingly common approach of applying those technologies to ever more facets of daily life. This thesis aims to revisit the initial justifications set out to support the creation of the CMA and its five offences. Focus then shifts to the drafting, application, and policy orientation of the section 1 offence. The thesis argues that the offence, as structured, is over-inclusive and exhibits an increasingly high degree of overlap with both general criminal offences, the other offences within the CMA, and those contained in, for example, data protection frameworks. While the section 1 offence was conceived to serve a supplementary role to these broader offences, this thesis contends that, as a result of shifts in computing technologies and their uses, the section 1 offences’ breadth and low evidence burden may instead be operating in practice to supplant those offences. This thesis considers those initial justifications in the context of examples of newer technologies, and through the application of broader criminological and cyber security approaches to computer-related crime.
Supervisor: Williams, Rebecca Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.820806  DOI: Not available
Keywords: Criminalisation ; Technology and Law ; Criminal Law ; Cyber Security
Share: