Development of cybercrime law in the United Kingdom
The enactment of computer crime specific legislation or cybercrime law in the United Kingdom can be attributed to a number of cases which highlighted the issue of absence of such legislation and the subsequent acquittal of individuals.
R v. Thompson
Firstly, in R v. Thompson,[1] the appellant in Kuwait, had fraudulently caused a bank to credit certain bank balances in England. The access was authorized, however, such access was used for an unlawful purpose. The Theft Act of 1968 was sought to be applied[2]. The primary issue was that of jurisdiction (Kuwait or England) as well as identifying the victim. The court held that for applying the Theft Act, the identification of a human victim is a prerequisite. However, in the present case, the computer system was deceived, rather than a human mind. This highlighted the inadequacy of the existing legal framework to deal with cases where computer was a victim of a crime, rather than a mere facilitator.
R v. Gold and Schifreen
Secondly, in R v. Gold and Schifreen,[3] certain individuals got access to the files contained in British Telecom Prestel Network by seeing the username and password entered by the authorized person, over his shoulders. The accused were charged under the Forgery and Counterfeiting Act of 1981. However, the court held that the accused cannot be prosecuted under the said Act as the use of recorded electronic information did not fall under the definition of ‘false instrument’[4]. Therefore, the act committed by the accused does not come under the ambit of the Forgery and Counterfeiting Act. The outcome of this case highlighted that new age crimes (cybercrimes) cannot be prosecuted under the traditional criminal laws.
Learn more about Cyber Laws with Enhelion’s Online Law firm certified Diploma Course on Cyber Law.
It is pertinent to note that there were a series of case laws wherein the court adopted a more liberal approach to include the new age crimes within the ambit of traditional laws. In Cox v. Riley,[5] the court held that ‘damage’ implies any injury impairing the value and usefulness. Such injury need not be apparent to the naked eyes. Therefore, deleting program from a computer-controlled machine, which renders it unusable, constitutes ‘damage’ under the Criminal Damages Act, 1971. A similar approach was adopted in R v. Whiteley[6].
The increasing instance of computer crimes, the failure of court to effectively prosecute individuals who committed computer crimes, and the significance of ensuring effective prosecution by broadening the scope of existing laws, had a combined effect which led to the enactment of the Computer Abuse Act of 1990[7] in the United Kingdom.
Originally, the 1990 Act brought within its ambit, three categories of offences-
- Unauthorized access to programs or data[8];
- Unauthorized access with further criminal intent[9] and
- Unauthorized modification of data[10].
In Ellis v. DPP,[11] section 1 of the Act was interpreted, and the court held that unauthorized access, even though in absence of damage, comes under the ambit of the 1990 Act.
Learn more about Cyber Laws with Enhelion’s Online Law firm certified Diploma Course on Cyber Law.
The 1990 Act addressed the issue of jurisdictional challenge in cases of computer crime by making it an offence to use a computer in the home country to commit a crime in another country and to commit a crime in the country from a computer in another country[12].
It is pertinent to note that the 1990 Act was not well equipped to deal with computer crimes per se in a comprehensive manner. The issue with respect to section 2 of the Act was highlighted in R v. Bedworth[13], wherein while proving intent, addiction was recognized as a defense. As a result, the Jury acquitted the accused.
Learn more about Cyber Laws with Enhelion’s Online Law firm certified Diploma Course on Cyber Law.
[1] R v. Thompson, (1984) 79 Cr App R 191.
[2] Theft Act, 1968, § 15.
[3] R v. Gold and Schifreen, CACD [1987] QB 1116.
[4] Forgery and Counterfeiting Act, 1981, s. 8(1)(d).
[5] Cox v. Riley, [1986] QBD.
[6] R v Whiteley, [1991] 93 CAR 25.
[7] Computer Abuse Act, 1990.
[8] Id., § 1.
[9] Supra note 18, § 3.
[10] Supra note 18, § 2.
[11] Ellis v. DPP, [2001] EWHC 362.
[12] Supra note 18, § 4.
[13] R v. Bedworth, 1991.