Offences and powers relating to information and communications - cybercrime

Which legislation provides the definition of unauthorised access to computer material?

Section 1 computer misuse act 1990

How is unauthorised access to computer material triable?

Either way

What is the sentence for unauthorised access to computer material?

Magistrates - 6 months and/or fine

Crown - 2 years and/or fine

What is the definition of unauthorised access to computer material?

Knowingly causing a computer to perform any function with intent to secure unauthorised access to any program or data held in any computer

Does an attempt to log on to a computer with the requisite intent suffice to unauthorised access to computer material?

Yes

Does reading material off the computer screen suffice to unauthorised access to computer material?

No

Which legislation provides the definition of unauthorised access to computers with intent?

Section 2 computer misuse act 1990

How is unauthorised access to computers with intent triable?

Either way

What is the sentence for unauthorised access to computers with intent?

Magistrates - 6 months and/or fine

Crown - 5 years and/or fine

What is the definition of unauthorised access to computers with intent?

Committing an offence under section 1 with intent to commit an offence or facilitate the commission of an offence

Which type of offence must the person commit to be guilty of unauthorised access to computers with intent?

An offence that carries a sentence fixed by law or that a person over 18 with no previous convictions may be sentenced to 5 years

When must the further offence be committed for unauthorised access to computers with intent?

Either on the same occasion as the unauthorised access offence or on a subsequent occasion

Can someone be guilty of unauthorised access to computers with intent if the commission of the further offence is impossible?

Yes

What must the offender have the requisite intent for at the time of the offence of unauthorised access to computers with intent?

Either the access or the other actus reus

Which legislation provides the definition of unauthorised modification of computer material?

Section 3 computer misuse act 1990

How is unauthorised modification of computer material triable?

Either way

What is the sentence for unauthorised modification of computer material?

Magistrates - 6 months and/or fine

Crown - 10 years and/or fine

What is the definition of unauthorised modification of computer material?

Doing an act which causes an unauthorised modification of the contents of any computer, with the requisite intent and knowledge at the time of the act

What is the definition of requisite intent for unauthorised modification of computer material?

Modify contents of any computer to impair operation, prevent or hinder access to program or data, or impair operation of program or reliability of data

Does the intent for unauthorised modification of computer material need to be towards a specific computer, program, data or modification?

No

What is the definition of requisite knowledge for unauthorised modification of computer material?

The knowledge that any modification they intend to cause is unauthorised

Does intentionally implanting or sending a virus fall within unauthorised modification of computer material?

Yes

Does the unauthorised modification have to be permanent for unauthorised modification of computer material?

No, it can be permanent or temporary

Which legislation provides the definition of unauthorised acts causing or creating the risk of serious damage?

Section 3ZA computer misuse act 1990

How is unauthorised acts causing or creating the risk of serious damage triable?

Indictable only

What is the sentence for unauthorised acts causing or creating the risk of serious damage?

Crown - 14 years and/or fine

What is the mens rea of unauthorised acts causing or creating the risk of serious damage?

Knowing the act is unauthorised, and the person intends or is reckless that serious damage of a material kind will be caused by the act

What is the actus reus of unauthorised acts causing or creating the risk of serious damage?

Doing any unauthorised act in relation to a computer that causes or creates significant risk of serious damage of a material kind

What is the definition of damage of a material kind?

Damage to human welfare, the environment, the economy, or national security

Which legislation provides the definition of making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

Section 3A computer misuse act 1990

How is making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA triable?

Either way

What is the sentence for making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

Magistrates - 6 months and/or fine

Crown - 2 years and/or fine

How many offences are under making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

3

What is the actus reus of offence 1 under making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

Making, adapting, supplying or offering to supply any article including any programme or data held in electronic form

What is the mens rea of offence 1 under making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

Intending it to be used to commit or assist in the commission of section 1 or 3 computer misuse act 1990 offences

What is the actus reus of offence 2 under making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

Supplying or offering to supply any article including any programme or data held in electronic form

What is the mens rea of offence 2 under making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

Believing it likely to be used to commit or assist in the commission of section 1 or 3 computer misuse act 1990 offences

What is the actus reus of offence 3 under making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

Obtaining any article including any programme or data held in electronic form

What is the mens rea of offence 3 under making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA?

With a view it being supplied for use to commit or to assist in the commission of section 1, 3 or 3ZA computer misuse act 1990 offences

How many areas are covered by the data protection act 2018 and GDPR?

4

What are the areas covered by the data protection act 2018 and GDPR

• General data processing

• Law enforcement data processing

• Intelligence services data processing

• Regulatory oversight and enforcement by information commissioner

Who can the controller be?

Employer, public authority, agency or body

When must the controller notify the information commissioner?

Before processing personal data

What is the definition of personal data? article 2A GDPR

Any information that can be linked to an identified or identifiable living individual

What is the definition of an identifiable living individual?

A living individual who can be identified directly or indirectly by an identifier, or one or more identifying factors specific to the individual

What the categories of sensitive personal data?

• Religious or philosophical beliefs

• Political opinions

• Race

• Ethnic origins

• Trade union membership

• Sexual orientation

• Sex life

• Health data

• Biometric data

• Genetic data

What are the 2 ways data can be processed?

By automated means or manually via a filing system

What are the rights of a data subject?

Be informed when their data is processed, access all data processed and demand rectification or deletion of data that is inaccurate or incomplete or has been processed improperly

When will it be permissible for the controller to process personal data?

When the data subject has given their consent and a necessity ground is established

What are the 5 necessity grounds for a controller to process personal data?

• Contract

• Legal obligation

• Protection of subject

• Public interest or official authority vested in controller/3rd party

• Legitimate interests of the controller/3rd party

To what extent may personal data be processed if a ground is established?

The extent that it is adequate, relevant and not excessive in relation to the purpose for which they are collected and processed

What are the 4 obligations in respect of processed data?

1. Accurate

2. Up to date

3. Not kept longer than necessary

4. Erase or rectify inaccurate or incomplete data

How many data protection principles are there? Article 5 GDPR

6

What is the first data protection principle?

Data processed lawfully, fairly and in a transparent manner

What is the second data protection principle?

Data only processed no further than the legitimate purpose for which it was collected

What is the third data protection principle?

Data must be adequate, relevant and limited to what is necessary for the legitimate purpose for which it was collected

What is the fourth data protection principle?

Reasonable steps must be taken to erase or rectify inaccurate or incomplete data without delay

What is the fifth data protection principle?

Data kept for no longer than is necessary for the legitimate purpose for which it was collected

What is the sixth data protection principle?

Data processed securely

Which data protection offences require permission to prosecute?

• Unlawfully obtaining personal data

• Selling personal data

• Offering to sell personal data

• Re-identifying information that is de-identified personal data

• Processing personal data that has been re-identified

• Alteration of personal data to prevent disclosure to a data subject

Who must you go to for permission to prosecute the special data protection offences?

The information commissioner or director of public prosecutions

Which legislation provides the definition of malicious communications?

Section 1 malicious communications act 1988

How is malicious communications triable?

Either way

What is the sentence for malicious communications?

Magistrates - 6 months and/or fine

Crown - 2 years and/or fine

What is the actus reus of malicious communications?

Sending or transmitting to another person, a letter, electronic communication or article

What must the content of the malicious communication be?

• Indecent or grossly offensive

• A threat

• False information they know or believe to be false

What is the mens rea for malicious communications?

With the intention of causing anxiety or distress to the recipient or any other person they intend its contents to be communicated to

When is the offence of malicious communications complete?

When it is sent accompanied by the requisite intention to cause distress or anxiety

Is there a requirement of a result for malicious communications?

No

What is the defence to malicious communications?

On the balance of probability, the threat was sent to reinforce a demand they had reasonable grounds for making, they believed the threat was a proper means of reinforcing the demand, and they had reasonable grounds for forming the belief