Analysis Of Computer Misuse Act 1990 And Its Impact On Society

Introduction: Throughout this report, we would be discussing one of the legislation laws, known as computer misuse act 1990 and how the computer misuse act, has an impact on society, and as a result the adequate consequences behind it, and how it affects businesses. Although, the misuse act has been around since the 90’s, people didn’t take much notice, and now they are starting to realise how severe the consequences are, if they break into a computer. As the problem began to persist, the legislation and laws had to change, in order to prevent hackers from hacking into the computer and violating the law which comes under the “computer misuse act 1990”. Moreover, it wasn’t acceptable for people to get away with it in the past, so that means the laws now are much stricter than ever, and if this act is brought into the business, it will punish those that carry out this misconduct. Thus, the CMA, will also update as the technology does, and also monitor the actions of criminals, so when they violate one section of the act, the aim is to maximise punishment, and offer harsher sentences.

Initially, the so called “CMA” act was introduced in 1990, by the UK parliament, mainly because there was a hack that took place around the late 80s into early 90s, carried out by [3] “Robert Schifreen” and “Stephen Gold” and they were somehow able to get unauthorised access, to the British telecom, which is now known as BT, in today’s world. By having this access, without any consent, they were able to view and personalise Prince Phillip’s message box, and since then, they decided, there has to be some sort of prosecution to prevent, offenders from committing the same sort of offense. Introduction to Network Security:One of the factors associated with CMA, is the “ CIE, triangle”, otherwise known as Confidentiality, integrity, and availability, and these factors play a key role,when it comes to the business environment. Likewise, they outline, what to do in terms of keeping information in safe hands, and how to back up information, as discussed below. CIA: CIA, otherwise known as Confidentiality, integrity, and availability is a type of security model in Place to ensure the paramount safety of a business. If there is thought to be any misconduct in either breeching any of these three, then severe consequences, will be put in place for any parties that have an involvement in this.

Confidentiality - This is simply referring to information or data, which is sought to be private or to remain a secret, which means there should be no other third parties involved. The only main and most obvious reason, is to avoid unauthorised access, In any sort of way. Other ideas, include having valid data encryption This could be largely attained by putting biometric measures in place. For example, having strong facial, eye, and finger print recognition could help prevent someone’s identity and strong passwords, with a combination of numbers and alphabets.

Integrity- The word itself “integrity” refers to data being reliable and accurate, it is data which is not meant to be modified or tampered in any way. Data as such is always trustworthy, therefore, it should only be overseen by people who have authorised access and whilst they’re gone, the information shouldn’t be altered in any way, if this happens, this is known as unauthorised access, which means data has been compromised.

Availability- When referring to the term “availability” this means to have something in place, and this could mean by having multiple back -ups, whether that being in a filing cabinet locked away safely, or a backup in the computer. Moreover, having resources at hand is another way in the event of hardware mishap or any technical failures. It is extremely essential, that all devices are running up to date, and tested regularly. CIA: (confidentiality, integrity, availability,) is changing rapidly, over the years, in terms of industry as they want to make it stricter, for those who still don’t understand, the consequences of what happens when there is a breach.

They are now thinking of new possibilities, such as bringing in new training to help understand what happens, when private information is shared, and this includes explaining the risk factors involved, in terms of security. In terms of universities, as a business, students and staff are given their ID’s which they use to scan to gain access into the building. This is referring to one of the biometric measures, as discussed above. Another way to put this would be, the use of two factor authentication, in this case having access to sensitive information with consent, and at the same time making sure, the candidate has a strong password.

In terms of integrity, the nature of hacking allows outside users to access this information for social or commercial gain, allowing the hacker to manipulate information and customise it according to their liking. Once data has been compromised, or a virus gets through, information has been stolen, this leaves the system vulnerable to further attacks. Examples like such as known as phishing and trojans. Once this happens, it is called vulnerability exploitation. The integrity of a system is like an ego, once tampered, it becomes vulnerable. The cost of the breach is weighed up against the cost. In worst case scenario the breach is done by a malicious hacker intending on sabotaging the network, deleting files, folders and server information. If this happens in a business environment, this can seriously affect the business’s reputation and in some case, can shut down a company, depending on how serious the matter is. The issue can be minimised by limiting or exchanging private information, as those that work within a business can’t even be trusted.

Computer Misuse Act in England and Scotland: The Scottish policy for the CMA is to ensure that the rules and regulations are up to date and stronger, as well as they comply with the UK law too. Scotland also states that all information should be kept safe, and there is not the risk of information being exploited in any way. [5] The key differences between England and Scotland, is that there is not much difference between the sections, but the sentencing of the crimes is different.

For example, England follows sections 1,2,3,3za and 3a, whereas, Scotland follows only sections 1 – 3A. Both the laws state, that if an offence is misconducted, then a search will be conducted, and questions will be raised, as to why the crime was committed, this is referring to sections 1- 3A, which has the same effect for England and Scotland. Both England and Scotland, state that anyone who is found accountable of breaching the act, there will be a maximum of 12 years in jail, or followed by a fine, passed down by the government.

The sections are mostly broken down into three parts; with section 1 to do with hacking, whereas, access was gained to a computer without express consent. Section 3 to do with committing unethical hacks, with the help of the computer, and section 3A, consists of three parts, known as making, supplying, and obtaining. Making- referring to setting up viruses, to attack computers, or to create any malicious software. Supplying- now this is to with, where you got your source from, if you made a virus for example, or got the notion from someone else, it is illegal to share the idea with another third party. Finally, not least, Obtaining- This is to do with the law, if you know you have purposefully intended on sabotaging someone’s computer by creating malicious files, and left the person vulnerable to an attack, then you have breached the computer misuse act, and are held liable for prosecution. Therefore, this serves a punishment for up to 12 months, with a fine, as followed by the government regulations.