The Computer Misuse Act (CMA) prohibits the unauthorized modification of the contents of any computer, which includes the introduction of viruses . In general, the gravamen of the crime is the introduction or spreading of the virus into a computer. The mere writing of a computer virus is not a crime. However, it may be possible that the mere writing of a computer virus will result in a Section 3 offence. An example of this is when a employee writes the code of a self-executing computer virus from scratch onto his office computer which is connected to the office network. In this specific situation, the mere writing or coding of a computer virus is tantamount to the spreading of the same.

The crime of “unauthorized modification of the contents of any computer” doesn’t just cover the spreading of viruses to cause damage but also makes it a crime to: (i) change the data on any computer without authority (e.g., students hacking into a system to change their grades); (ii) installation of spyware; (iii) installing DRM/TPM software without consent of the user; (iv) unethical websites hijacking your browser (e.g., changing your home page) or installing a browser tool bar without your authorization; (v) installing any client side software without your consent (technically,  even the installation of website cookies can be illegal).

With respect to updates to the CMA, experts mainly recommend the criminalization of Denial of Service Attacks and increasing of the imposable penalties. The most important reform to cybercrime may be those that promote better enforcement and prosecution through mutual cooperation between nations.

This post was originally written for a class in Information Technology Law when I was an LLM student at the University of Edinburgh.

Advertisement