uk legislation that affects hackers

Contents

  • Introduction
  • Computer Misuse Act (1990)
  • Data Protection Act (2018)
  • Copyright, Design and Patents Act (1988)
  • Intellectual Property Act (2014)
  • Regulation of Investigatory Powers Act (2000)
  • Police and Justice Act (2006)

    • Introduction

    As technology changes and evolves, new techniques are developed by malicious hackers to compromise the systems of innocent users and obtain valuable data. Legislation has been put in place by the government to ensure that computer crime and computer hacking is punishable by the law. “Computer” is defined here as any programmable electronic device that can store and/or process data, such as a PC, phone, laptop, TV boxes, etc.

    Computer Misuse Act (1990)

    Before the Computer Misuse Act (1990), malicious acts such as hacking, computer fraud, blackmail and computer viruses were technically not illegal. As computers became more and more important in daily society, it became clear that this was a blind spot in the law that needed to be rectified. The following acts were made illegal:

    The act is still in use today and has had a marked effect on the reduction of cybercrimes. Depending on how severe the case is, the penalty may be on the lighter side, but the sentences for offences are as follows:

  • Up to two years in prison and a £5,000 fine for gaining unauthorised access to a computer.

  • Up to 10 years in prison and an unlimited fine (depending on the severity of the case) if you acquire unauthorised access to a computer to steal data or use the data to commit fraud.
  • Up to 10 years in prison and an unlimited fine if you modify the content of a computer or provide the tools so that others can alter the content.
  • Up to life imprisonment if the computer misuse puts national security at risk, or causes harm to welfare.

    • Data Protection Act (2018)

    The Data Protection Act (2018) replaced legislation from 1998 and defines several important key principles that must be adhered to in order to protect essential user data from leaks and from being bought and sold for corporate interest. The principles are: "lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality and accountability."

    This means that data must be stored lawfully, with the informed consent of the end user, solely to be used in a specific legitimate way stated by the data holder. The data must be accurate and data holders may only collect information that is necessary to provide a service. The data must be kept securely, without being able to identify individuals for longer than intended. Institutions are held responsible for complying and upholding these principles.

    There are six lawful bases for processing, meaning that data holders must have clear reason for possessing user data. One of the following must apply: "contract, legal obligation, vital interests, public task, legitimate interests, consent".

    Copyright, Design and Patents Act (1988)

    The Copyright, Design and Patents Act (1988) governs what is classed as copyrighted material. Copyright is considered the legal right an individual or entity to create and produce a work- quite literally the right to copy. Copyright protections are awarded immediately upon the creation of a work, there is no need to have it approved by the government. Originally copyright lasted up to 14 years after the death of the original author, however thanks to lobbying from large megacorporations such as Disney it currently lasts for up to 70 years after the original author dies.

    It is allowed to create work similar to copyrighted material provided it doesn't infringe on the copyright and is distinct enough to be considered its own unique material. There are exceptions to copyright, such as non-commercial research and private study, quotation, news reporting, education, and other uses, as these are all considered "fair use."

    Patents are a specialised type of government licence that allows only a permitted person to create something for a period of time, making it illegal for anyone to make, use or sell the material.

    Only the copyright owner may attempt to prosecute for copyright infringement. The maximum sentence is an unlimited fine and/or ten years of imprisonment.

    Intellectual Property Act (2014)

    The Intellectual Property Act (2014) is legislation created to prevent the theft or copying of material. Copyright and patents are both examples of intellectual property. The term does not include having an idea, only physical creations are protected. Having the right type of protection is important, as some rights are granted automatically, however some must be applied for. Intellectual property can have more than one owner and can be bought and sold by individuals or businesses.

    Different forms of intellectual property have different penalties for infringement, such as up to ten years imprisonment.

    Regulation of Investigatory Powers Act (2000)

    The Regulation of Investigatory Powers Act (2000) was put in place as it was decided by the European Court of Human Rights that laws were unclear and provisions needed to be put in place to prevent abuses of power. It governs the use of covert surveillance by public bodies, protecting the individual right to privacy. It makes it a crime for anyone not authorised by the Act to surveil and monitor communications. The government is currently phasing out this Act, replacing it with the Investigatory Powers Act (2016), also known as the Snooper's Charter. Over 1000 organisations including but not limited to the Food Standards Agency are allowed to intercept and serveil the communications of the public. It also allows the state to lie in court, as shown in section 56(1):

    "Exclusion of matters from legal proceedings etc.

    (1) No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner)—

    (a) discloses, in circumstances from which its origin in interception-related conduct may be inferred—

    (i) any content of an intercepted communication, or

    (ii) any secondary data obtained from a communication, or

    (b) tends to suggest that any interception-related conduct has or may have occurred or may be going to occur.

    This is subject to Schedule 3 (exceptions)."

    In 2018, the EHRC declared the UK's mass surveillance unlawful. DPG Law writes: "The surveillance regime was challenged on the grounds that there was no sufficient legal basis, no accountability, and no adequate oversight, and that as a result, it infringed UK citizens' Article 8 right to a private life."

    Noncompliance with the Act can lead to a sentence of up to five years, depending on the severity of the case.

    Police and Justice Act (2006)

    The Police and Justice Act (2006) was introduced to change how police officers are appointed. It amends some issues of the Computer Misuse Act and the Serious Crime Act and extends the scope of the Computer Misuse Act to make Distributed Denial of Service attacks illegal where they previously were not.

    The penalties for computer misuse are as follows:

  • "(3)A person guilty of an offence under this section shall be liable—
  • (a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
  • (b)on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
  • (c)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both."

    • Computer misuse act (1990) - ethical, legal and environmental impact - CCEA - GCSE Digital Technology (CCEA) revision - BBC Bitesize (no date) BBC News. Available at: https://www.bbc.co.uk/bitesize/guides/z8m36yc/revision/5 (Accessed: 28 February 2024).

    What is the computer misuse act? (no date) What is the Computer Misuse Act? - Noble Solicitors. Available at: https://www.noblesolicitors.co.uk/about/indepth-computer-mis-use-act.html (Accessed: 28 February 2024).

    An introduction to data protection (no date) Jisc. Available at: https://www.jisc.ac.uk/guides/an-introduction-to-data-protection (Accessed: 28 February 2024).

    UK copyright law: An introduction (no date) UK Copyright Service. Available at: https://copyrightservice.co.uk/copyright/uk_law_summary (Accessed: 1 March 2024).

    Participation, E. (1988) Copyright, designs and patents act 1988, Legislation.gov.uk. Available at: https://www.legislation.gov.uk/ukpga/1988/48/contents (Accessed: 1 March 2024).

    Exceptions (2020) CopyrightUser. Available at: https://www.copyrightuser.org/understand/exceptions/ (Accessed: 3 March 2024).

    Service, G.D. (2014) Intellectual property and your work, GOV.UK. Available at: https://www.gov.uk/intellectual-property-an-overview (Accessed: 10 April 2024).

    Intellectual property offences (no date) GOV.UK. Available at: https://www.gov.uk/government/publications/intellectual-property-offences/intellectual-property-offences (Accessed: 10 April 2024).

    Ali (2019) European Court of Human Rights declares UK's mass surveillance regime unlawful, DPG Law. Available at: https://dpglaw.co.uk/european-court-of-human-rights-declares-uks-mass-surveillance-regime-unlawful/ (Accessed: 10 April 2024).

    Investigatory powers act 2016 (no date) Legislation.gov.uk. Available at: https://www.legislation.gov.uk/ukpga/2016/25/schedule/4/enacted (Accessed: 12 April 2024).

    Corfield, G. (2017) The UK's Investigatory Powers Act allows the state to tell lies in court, The Register® - Biting the hand that feeds IT. Available at: https://www.theregister.com/2016/12/06/parallel_construction_lies_in_english_courts/ (Accessed: 12 April 2024).

    Participation, E. (no date) Police and justice act 2006, Legislation.gov.uk. Available at: https://www.legislation.gov.uk/ukpga/2006/48/part/5/crossheading/computer-misuse (Accessed: 1 June 2024).