Have you been charged with an offence under the Computer Misuse Act 1990? If so, you are probably in need of some expert advice. The offences under the Computer Misuse Act (CMA), and their application, especially in the current world of complex technologies (which are far more advanced than when the legislation was written) can be confusing and difficult to decipher. Perhaps you are looking at the words on the charge sheet and struggling to fit them to the facts of your case. This article aims to unpack the offences under the Computer Misuse Act. It looks at the types of evidence that are currently used in Computer Misuse Act cases, and the maximum sentence(s) you could face if you are convicted. It also considers possible defences, which could mean you get a lighter punishment or no punishment at all.
The CMA sets out various offences that mainly relate to unauthorised access to, and interference with computers, including hacking. Here is a summary of the main offences:
Offences under the CMA can be prosecuted even where the offence took place outside of England and Wales. However, according to Section 4 CMA, the court is only permitted to hear the case where there is a ‘significant link’ to England and Wales.
According to the Crown Prosecution Service, this could include if the target of the computer misuse is in the home country or if the misuse would create a significant risk of serious damage in the home country. It could also include if the technological activity that enabled the offending may have passed through a server based in the home country. This significantly widens the application of the legislation to include acts committed against any individual or network of a company or organisation with servers in England and Wales.
The CMA leaves the definition of ‘computer’ open. In 1997, courts interpreted this to mean ‘a device for storing, processing, and retrieving information.’ This was some time ago, and of course technology has progressed exponentially since then. If the matter is heard again by the courts, it may be possible that they develop a more refined definition to acknowledge the progress in technology. The offences under the CMA have been criticised by civil society organisations such as the Criminal Law Reform Now Network for being outdated and ambiguous.
The police are likely to seize and interrogate any electronic devices that they allege were used in the commission of the offence. As well as searching the contents of the devices, they may also seek to access information held in the cloud.
Where the defendant is accused of hacking into a computer network system or computer, the prosecution is likely to rely upon electronic records that show when the system or computer was accessed, by whom, and how. In cases of unauthorised access, say for example in a bank, the prosecution would use the organisation’s audit records to show at what time the accounts were unlawfully accessed and by whom. They may also seek to link this unauthorised access to harm caused to the victim or connect it to further offences committed by the defendant – such as theft or fraud.
The maximum sentences are set out in the CMA and depend upon the offence that has been committed. The table below sets out the various offences and the maximum sentence available for each:
Offence | Maximum Sentence |
Unauthorised access to computer material (Section 1 CMA): | 2 years’ imprisonment |
Unauthorised access with intent to commit or facilitate commission of further offences (Section 2 CMA) | 5 years’ imprisonment |
Unauthorised Acts with intent to impair, or with recklessness as to impairing the operation of a computer (Section 3 CMA) | 10 years’ imprisonment |
Unauthorised acts causing, or creating risk of, serious damage (Section 3ZA CMA) | 14 years’ imprisonment, unless the offence caused or created a significant risk of serious damage to human welfare or national security, in which case a person guilty of the offence is liable to imprisonment for life |
Defences are a complex area of law. Whether you have a valid defence depends on the facts of your case, and you should always consult a solicitor for specialist advice. That said, there are several possible defences to offences under the CMA:
A ‘general defence’ to relates to the person accused rather than the crime itself. The following general defences may apply to offences under the CMA:
Mistake: This defence could apply if you were mistaken as to certain factual circumstances and would not have committed the offence if you had known otherwise. For example, perhaps you accessed a person’s records, believing mistakenly that you were entitled to retrieve the information.
Insanity: To succeed in this defence, you need to do more than simply show that you were suffering from mental health issues. You need to show that due to mental illness, you lacked the ability to reason such that you did not know that the act that you were doing was against the law.
Duress: This is where you were forced by a person or a set of circumstances to commit an offence. The court will consider whether you reasonably feared death or serious injury if you did not commit the act, and whether a reasonable person in your situation would have shared those fears and responded in the same way. This could apply to you if someone forced or pressurised you to hack or otherwise interfere with a computer.
Automatism: If you were not aware of your actions when committing the offence, in some rare circumstances, you may be able to rely upon the defence of automatism. Generally, if you were under the voluntary influence of alcohol or illicit drugs you will not be able to rely on this defence.
A successful defence may lead to you being acquitted or convicted of a lesser charge. Defences are highly fact dependent, so it is always best to seek advice on your case from a criminal defence solicitor with experience in handling CMA cases.
If you have been accused of an offence under the Computer Misuse Act, make sure that you instruct criminal defence solicitors who are ready to take on the technical challenge of such a case. Not all solicitors are qualified to handle these cases given the technicalities of the provisions. With a team of highly experienced specialist and experienced criminal defence experts, Stuart Miller Solicitors is here to help. Contact us for a no obligation consultation today.
Responsive
A legal expert will consult you within 24 hours of making an enquiry.
Empathetic
We will always treat you with trust, understanding and respect.
Specialised
Your case will be handled by an expert who specialises in your type of offence.
Proactive
We will take early action to end proceedings as soon as it is practically and legally possible to do so.
Engaged
You will be kept updated on your case at all times. We will provide a named contact available to answer your questions.
Caring
We understand this is a difficult and stressful time for you and your family. Our team will support you every step of the way.
Tenacious
We will never give up on your case. We fight tirelessly to get you the best possible outcome.