At any school, it's important to introduce students to the global network and so encourage a global vision in business and communications. At Radcliffe Riverside, we also feel it's vitally important to educate our students as to what's legally acceptable when communicating and interacting remotely on a global network. The Computer Misuse Act is one of a number of government legal papers that outline how we should behave on a network if we are to remain within the law. It's important for everyone to realise that serious computer crime can be committed from the comfort of your own bedroom as demonstrated by recent arrests throughout the UK. When any offence is committed, "I didn't know it was a crime" is not a valid excuse and will not save you from the long arm of the law.
The Computer Misuse Act was passed to deal with the problem of hacking of computer systems. In the late 80's days of hacking the problem wasn’t taken very seriously – it was seen as mischievous behaviour, rather than as something which could cause serious loss or problems to companies, institutions, organisations and individuals. However, with developments in technology the issue has become more serious and hence legislation was introduced to recognise three key offences:
- Unauthorised access to computer material.
- Unauthorised access with intent to commit or facilitate commission of further offences
- Unauthorised modification of computer material.
Unauthorised access to computer material
This includes, for example, finding or guessing someone’s password, then using that to get into a computer system and have a look at the data it contains. This is an offence even if no damage is done, and no files deleted or changed. The very act of accessing materials without authorisation is illegal. This offence carries a penalty of imprisonment up to six months and/or a fine.
Unauthorised access with intent to commit or facilitate commission of further offences
This builds on the previous offence. The key here is the addition of ‘intent to commit...further offences’. It therefore includes guessing or stealing a password, and using that to access material or services without the consent of the owner. For this offence the penalty is up to five years’ imprisonment and/or a fine.
Unauthorised modification of computer material
This could include deleting files, changing the desktop set-up or introducing viruses with the intent to impair the operation of a computer, or access to programs and data. The word ‘intent’ means it has to be done deliberately, rather than someone deleting files by mistake. This also includes using a computer to damage other computers outside the school, even though the computer used to do this is itself not modified in any way. This offence carries a penalty of up to five years and/or a fine.
The Act clearly takes a very serious view of hacking – even where there is no intent to defraud or do damage. It is therefore important that pupils are made aware of the potential penalties, and equally importantly, why these offences are so serious. Most people would understand that using a computer to commit fraud is clearly wrong. However, some would not see ‘victimless’ hacking, or playing around with computer settings, as serious. But the reality is that such activities can seriously affect the operation and work of the computer, resulting in unhappy and dissatisfied users, and probably creating a lot of additional work for school staff in repairing damage done to programs and data.
Dealing with misuse
Prevention is far better than cure. Reference to appropriate use of the ICT facilities is made in the school’s Acceptable Use Policy.
Radcliffe Riverside have recently introduced systems for dealing with deliberate misuse of computer systems, both internal and external. Depending on the seriousness of the offence, internal sanctions might range from first warnings to temporary OR permanent bans from using the ICT resources, to involvement of parents and guardians and in extreme cases where severe network abuse occurs, permanent exclusion with the matter passed over to the GMP Hi-Tec crime unit. It is important for students to realise that the involvement of the police will only be necessary in cases where students interrupt our networks deliberately.
Click here to view The Computer Misuse Act in full
© Radcliffe Riverside 2008
