You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson covers the Computer Misuse Act 1990 as required by OCR J277 Section 1.6. This act was introduced to criminalise unauthorised access to computer systems and has been updated several times to address modern cyber threats.
Before 1990, there was no specific UK law that made hacking illegal. In 1985, two hackers (Robert Schifreen and Stephen Gold) gained unauthorised access to BT's Prestel email system and even accessed Prince Philip's mailbox. They were initially convicted under the Forgery and Counterfeiting Act 1981, but the conviction was overturned on appeal because the existing law did not cover computer-based offences.
This case highlighted the need for dedicated legislation to address computer crime, leading to the Computer Misuse Act 1990.
The Computer Misuse Act 1990 created three levels of offence, each with increasing severity:
| Aspect | Detail |
|---|---|
| Offence | Knowingly accessing a computer system without authorisation |
| Example | Guessing someone's password to read their emails |
| Intent required | The person must know they are not authorised |
| Maximum penalty | 2 years imprisonment and/or a fine |
This is the most basic offence — simply accessing a system you are not authorised to use, even if you do not cause any damage or steal any data.
| Aspect | Detail |
|---|---|
| Offence | Gaining unauthorised access with the intention of committing another crime |
| Example | Hacking into a bank's system to steal money or commit fraud |
| Intent required | Must intend to commit or facilitate a further offence |
| Maximum penalty | 5 years imprisonment and/or a fine |
This is more serious because the unauthorised access is a step toward committing another crime (such as fraud, theft, or blackmail).
| Aspect | Detail |
|---|---|
| Offence | Performing unauthorised actions that impair the operation of a computer |
| Example | Spreading a virus, conducting a DDoS attack, deleting files |
| Intent required | Must intend to impair or be reckless about impairing a computer's operation |
| Maximum penalty | 10 years imprisonment and/or a fine |
This covers acts of sabotage, including distributing malware, modifying or deleting data, and denial of service attacks.
OCR Exam Tip: You must know all three sections of the Computer Misuse Act. A common exam question gives a scenario and asks which section of the act has been broken. Remember: Section 1 = just accessing, Section 2 = accessing to commit another crime, Section 3 = damaging/impairing systems.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.