Chapter 2 - notes


Chapter 1


p17

1. Computer Misuse Act 1990 (UK) s 1(1).


p18

2. Criminal Damage Act 1991 (IE) s 5(1).

3. A-G’s Reference (No 1 of 1991) [1993] QB 94 (Lexis).

4. Computer Misuse Act 1990 (UK) s 1(2); Criminal Damage Act 1991 (IE) s 5(2).

5. Computer Misuse Act 1990 (UK) s 1(1).

6. Criminal Damage Act 1991 (IE) s 1(1), definition of ‘data’.

7. Computer Misuse Act 1990 (UK) s 17(2).

8. Computer Misuse Act 1990 (UK) s 17(3). p19


p19

9. Ellis v DPP [2001] EWHC Admin 362 (Lexis); see also Ellis v DPP [2002] EWHC 135 Admin (Lexis).

10. ‘Warchalking: London wi-fi guerrillas take tips from hobos’ ZDNet UK 26 June 2002. Cf Ryan, P, ‘War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics’ (2004) 9 VJOLT 7.

11. Computer Misuse Act 1990 (UK) s 2.


p20

12. Criminal Justice (Theft and Fraud Offences) Act 2001 (IE), ss 2(1) and 9.

13. Criminal Damage Act 1991 (IE) s 6(2).

14. Computer Misuse Act 1990 (UK) s 1; ‘unauthorised’ is defined, in very general terms, in s 17(5).

15. R v Bow Street Magistrates’ Court and Allison ex parte USA [2000] 2 AC 216.


p21

16. [1998] 1 Cr App Rep 1 (Lexis).

17. Below, ch 4. For such a prosecution see ‘Data protection charges for sale of police data’ Register 26 April 2005.

18. R v Bow Street Magistrates’ Court and Allison ex parte USA [2000] 2 AC 216, 225, per Lord Hobhouse.

19. For discussion see Hamin, Z, ‘Inside cyber-threats: problem and perspectives’ (2000) 14 IRLCT 105 (Taylor and Francis).

20. R v Bow Street Magistrates’ Court and Allison ex parte USA [2000] 2 AC 216, 225, per Lord Hobhouse.


p22

21. Kerr, O, ‘Cybercrime’s scope: Interpreting “access” and “authorization” in computer misuse statutes’ (2003) 78 NYULR 1596 (Lexis).

22. Computer Misuse Act 1990 (UK) ss 4-5, Criminal Damage Act 1991 (IE) s 5(1).


p23

23. Criminal Justice (Terrorism and Conspiracy) Act 1998 (UK) ss 5-7.

24. R v Delamare [2003] EWCA Crim 424, (2003) 2 Cr App Rep (S) 474 (Lexis).

25. Oxford v Moss (1978) 68 Cr App Rep 183; similarly Grant v Procurator Fiscal [1988] RPC 41 (Lexis).

26. Forgery and Counterfeiting Act 1981 (E&W, NI) ss 1 and 8; cf Criminal Justice (Theft and Fraud Offences) Act 2001 (IE) ss 24-25.

27. R v Gold [1988] AC 1063, 1071, Lord Brandon (Lexis).

28. See ch 4 below.

29. See ch 3 below.

30. See p 83 below.

31. Eg Theft Act 1968 (E&W) s 13; Energy (Miscellaneous Provisions) Act 1995 (IE) s 15.


p24

32. See p 209 below.

33. Below, p 26.

34. ‘Computer Misuse Act: Prosecutions’ Hansard (Lords) 7 January 2003.

35. National Hi-Tech Crime Unit home page.

36. Hyde, S, ‘A few coppers change’ [1999] 2 JILT.

37. Eg Carr, I and Williams, K, ‘Securing the e-commerce environment’ (2000) 16 CLSR 295 (Ingenta).


p25

38. US Code Title 18 s 1030.

39. eg Denco Ltd v Joinson [1992] 1 All ER 463 (Lexis).

40. eg Mullins v Digital Equipment International BV UD 329/1989.


p26

41. 2002 Cal SB 1386, amending the California Civil Code (§1798.92), in force on 1 July 2003. For discussion see Chang, J, ‘Computer Hacking: Making the Case for a National Reporting Requirement’ (April 2004).

42. Usually attributed to the security consultant Bruce Schneier - see his home page.

43. Eg ‘Brits are crap at password security’ Register 20 April 2004.

44. Yan, J, Blackwell, A, Anderson, R and Grant, A, ‘The memorability and security of passwords - some empirical results’ (September 2000).


p27

45. Computer Misuse Act 1990 (UK) s 3(1)(a).

46. Computer Misuse Act 1990 (UK) s 17(7).

47. Criminal Damage Act 1991 (IE) s 1(1), definition of ‘property’.

48. Criminal Damage Act 1991 (IE) s 1(2).

49. Criminal Damage Act 1991 (IE) s 1(1), definition of ‘to damage’.

50. Criminal Damage Act 1991 (IE) s 1(1), definition of ‘data’.

51. Computer Misuse Act 1990 (UK) s 3(1).

52. Computer Misuse Act 1990 (UK) s 17(6).

53. See eg Re Yarimaka and Zezev [2002] EWHC 589 Admin, [2002] Crim LR 648.


p28

54. ‘Questions cloud cyber crime cases’ BBC News 17 October 2003; Mann, P, ‘Mine’s a Caffrey’ [2003] EBL (Dec) 6.

55. See below, p 34.

56. Re Yarimaka and Zezev [2002] EWHC 589 Admin, [2002] Crim LR 648.

57. Computer Misuse Act 1990 (UK) s 3(2)-(3).


p29

58. Criminal Damage Act 1991 (IE) s 2(6).

59. See below, p 35.


p30

60. Above, p 20.

61. Eg Mullen, T, ‘The Right to Defend’ (July 2002); Moran, B, ‘Vigilantes on the Net’ [2004] NS (12 June) 26 (New Scientist).

62. Sewart, T, ‘Software Contracts - Time to Drop the Bomb?’ (2003) 14 C&L (4) 23 (SCL).

63. ‘Hacking “addict” acquitted’ Times 18 March 1993.


p31

64. Computer Misuse Act 1990 (UK) ss 4-5, Criminal Damage Act 1991 (IE) s 1(1) (definition of ‘to damage’).

65. Above, p 22.

66. [2001] EWCA Crim 1720 (Lexis).

67. Southwark Crown Court, 21 January 2003, (2003) 3 ECLR (1) 8.

68. [2001] 2 Cr App R(S) 136 (Lexis).

69. ‘Melissa author helped Feds track other virus writers’ Register 18 September 2003.

70. ‘Kournikova virus author loses appeal’ Register 23 October 2002.


p32

71. Criminal Damage Act 1991 (IE) s 2.

72. Criminal Damage Act 1991 (IE) s 3.

73. Criminal Justice (Public Order) Act 1994 (IE) s 17.

74. Criminal Damage Act 1991 (IE) s 4.

75. Criminal Damage Act 1971 (E&W) ss 1 and 12(1).

76. R v Whiteley (1991) 93 Cr App Rep 25 (Lexis).

77. Computer Misuse Act 1990 (UK) s 3(6).

78. Theft Act 1968 (E&W) s 21.

79. See especially Terrorism Act 2000 (UK) s 1(2)(e).

80. See generally National Infrastructure Security Co-ordination Centre home page.


p33

81. eg Graham-Rowe, D, ‘Power play’ [2004] NS (15 May) 24 (New Scientist).

82. eg Quinn, T, ‘Electro-paranoia’ [2002] Prospect (Sept) 12 (Prospect Magazine).

83. eg ‘Feds investigating “largest ever” Internet attack’ Register 23 October 2002. The operation of the Domain Name System is explained in slightly more detail below, ch 7.

84. Delibasis, D, ‘The right of states to use force in cyberspace’ (2002) 11 ICTL (Taylor and Francis) 255; Abeyratne, R, ‘Cyber-terrorism and activities in outer space’ (2000) 5 Comms L 20.

85. Duboff, L and Garvey, S, ‘From the Love Bug to the Stages virus: The threat of computer virus damage’ [2001] Ent LR 39 (Westlaw UK). For litigation see Tektrol Ltd v International Insurance Co of Hanover Ltd [2005] EWCA Civ 845.

86. See ‘Security contractors urged to take out personal indemnity insurance’ ZDNet UK 2 June 2004.


p34

87. Faulkner, S, ‘Invasion of the information snatchers: Creating liability for corporations with vulnerable computer networks’ (2000) 18 JCIL 1019 (John Marshall JCIL).

88. For general discussion see de Villiers, M, ‘Virus ex machina: Res ipsa loquitur’ [2003] STLR 1; Weston, C, ‘Suing in tort for loss of computer data’ (1999) 58 CLJ 67 (CUP).

89. eg Logical Computer Supplies Ltd v Euro Car Parks Ltd QBD 19 June 2001 (Lexis).

90. Convention on Cybercrime arts 2 and 4-6. For yet another approach see Nemerofsky, J, ‘The Crime of “Interruption of Computer Services to Authorized Users”: Have You Ever Heard of It?’ (2000) 6 RJOLT 23.


p35

91. Computer Misuse Act 1990 (Amendment) Bill 2005.

92. Revision of the Computer Misuse Act (APIG, June 2004). See also ‘Hacker law change gets “elevator pitch” in parliament’ Register 6 April 2005.

93. ‘Electronic Civil Disobedience’ Hansard Lords 3 March 2005.

94. Council Framework Decision 2005/222/JHA on attacks against information systems, esp art 3.

95. ICSTIS home page; ‘New powers granted to slam rogue diallers’ ZDNet UK 16 July 2004. For an attempt at a technological solution see ‘BT cracks down on rogue diallers’ Register 27 May 2005.

96. ‘ICSTIS in meltdown - MPs’ Register 1 July 2004.

97. Below, ch 4.


p36

98. Spyware Control Act 2004 (Utah Code Title 13 Chapter 40).

99. ‘Utah judge freezes anti-spyware law’ News.Com 22 June 2004.

100. ‘Spyware’ Hansard Lords 10 Jan 2005.

101. Criminal Justice (Theft and Fraud Offences) Act 2001 (IE). See especially ss 9, 48 and 52.

102. Fraud law reform: Consultation on proposals for legislation (Home Office, May 2004).


p37

103. See ‘New Study Revealing Behind the Scenes of Phishing Attacks’ CircleID 22 May 2005.

104. Identity Theft and Assumption Deterrence Act 1998, amending US Code Title 18 s 1028. See Saunders, K and Zucker, B, ‘Counteracting identity fraud in the information age: The Identity Theft and Assumption Deterrence Act’ (1999) 13 IRLCT 183 (Taylor and Francis).


p38

105. Identity Theft Penalty Enhancement Act 2004, on which see White House press release 15 July 2004.

106. R v Preddy [1996] AC 815 (Lexis), interpreting Theft Act 1968 (E&W) ss 4 and 15.

107. Theft (Amendment) Act 1996 (E&W) s 1, inserting new ss 15A-15B into the 1968 Act; see also Theft (Amendment) (Northern Ireland) Order 1997 (NI) SI 1997/277. For discussion see Clements, L, ‘Theft, mortgage fraud and the age of technology’ [1997] 2 WJCLI.

108. Criminal Justice (Theft and Fraud Offences) Act 2001 (IE) s 6.

109. Lipton, J, ‘Property Offences into the 21st Century’ [1999] 1 JILT.

110. Chapman, M, ‘Can a computer be deceived? Dishonesty offences and electronic transfer of funds’ (2000) 64 J Cr L 89 (Lexis).


p39

111. Gilbert, G, ‘Who has Jurisdiction for Cross-Frontier Financial Crimes?’ [1995] 2 WJCLI.

112. Hormel Foods’ trademarks include SPAM, SPAMBURGER, SPAMTASTIC and any other SPAM-derived terms. See Spam home page.


p40

113. ‘Spammers get fussy as zombie army grows’ ZDNet UK 21 May 2004; ‘The illicit trade in compromised PCs’ Register 30 April 2004.

114. Spamhaus home page.

115. ‘“Spam King” Richter get legal roasting’ Register 17 June 2004.


p41

116. See below, p 152.

117. Directive 2002/58/EC, on processing of personal data and the protection of privacy in the electronic communications sector, art 13. The directive is implemented by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (UK) SI 2003/2426 and the European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003 (IE) SI 2003/535.

118. Directive 2002/58/EC art 13.5.

119. SI 2003/535 (IE) regs 2(1) (definition of ‘subscriber’) and 13(1).

120. Married Women’s Status Act 1957 (IE) s 8. The legislation assumes a conventional nuclear family, the parents being married.

121. SI 2003/535 (IE) reg 13(3).


p42

122. See SI 2003/535 (IE) reg 1(2)-(5), and Data Protection (Amendment) Act 2003 (IE) s 2, definition of ‘direct marketing’.

123. SI 2003/2426 (UK) regs 2(1) and 22(1).

124. Contracts (Rights of Third Parties) Act 1999 (E&W and NI) s 1.

125. Marchini, R, ‘The new privacy and e-commerce regulations’ (2003) 14 C&L (4) 26, 27 (SCL).

126. SI 2003/2426 (UK) reg 30; SI 2003/535 (IE) reg 16.

127. ‘UK spammers set to avoid prosecution until 2005’ ZDNet UK 16 April 2004.

128. ‘Britain is flooding the world with spam’ Times 24 January 2004; ‘Spammers consider UK a soft touch’ VNUNet 11 June 2004.

129. Eg ‘Text scammers fined £450,000’ Register 24 May 2004.

130. ‘Virgin spammer settles out of court’ Register 26 May 1999.

131. ‘Spammers use your cat’s name to sell you Viagra’ ZDNet UK 22 June 2004.

132. See below, p 84.


p43

133. ‘UK advertising authority introduces anti-spam rules’ ZDNet UK 5 March 2003.

134. Ellison, L and Akdeniz, Y, ‘Cyberstalking: The regulation of harassment on the Internet’ [1998] Crim LR (special edition) 29 (Westlaw UK).

135. Communications Act 2003 (UK) s 127 (at the time of writing this provision is not fully in force); Post Office (Amendment) Act 1951 (IE) s 13 as substituted by Postal and Telecommunications Services Act 1983 (IE) sch 3 part 2 and amended by Postal and Telecommunications Services (Amendment) Act 1999 (IE) s 7.

136. Notably in Earthlink, Inc v Carmack 2003 US Dist LEXIS 9963 (D N Ga, 7 May 2003) (Lexis) ($16.4m in damages and a permanent injunction against further spam). Theories of liability here are considered below, p 210.

137. Eg ‘Microsoft says sorry to “spammer”’ BBC News 8 August 2003.

138. For general surveys of the US position see Kosiba, J, ‘Legal relief from spam-induced Internet indigestion’ (1999) 25 Dayt LR 187 (Lexis); Kelin, S, ‘State regulation of unsolicited commercial e-mail’ (2001) 16 BTLJ 435 (Lexis); Sorkin, D, ‘Technical and legal approaches to unsolicited electronic mail’ (2001) 35 USFLR 325.

139. Controlling the Assault of Non-Solicited Pornography and Marketing Act 2003, on which see Alongi, E, ‘Has the US canned spam?’ (2004) 46 Ariz LR 263 (Lexis).


p44

140. See ‘Nine years in slammer for US spammer’ Register 8 April 2005.

141. Spamhaus home page.

142. CAUCE home page.

143. Eg ‘Big US ISPs set legal attack dogs on big, bad spammers’ Register 10 March 2004; ‘MS sues 200 for spamming’ Register 11 June 2004.

144. ‘Spammer prosecutions waste time and money’ Register 16 June 2004.

145. Geissler, R, ‘Whether “anti-spam” laws violate the first amendment’ (2001) 8 JOL.

146. ‘EU members ignore spam directive’ ZDNet UK 27 April 2004.


p45

147. For discussion see Cobos, S, ‘A Two-Tiered Registry System to Regulate Spam’ [2003] UCLA JLT 5; Khong, W, ‘Spam Law for the Internet’ [2001] 3 JILT; Sullivan, J and de Leeuw, M, ‘Spam after CAN-SPAM: How inconsistent thinking has made a hash out of unsolicited commercial e-mail policy’ (2004) 20 SCCHTLJ 887 (Lexis).

 

FURTHER READING

Carr, I and Williams, K, ‘Securing the e-commerce environment’ (2000) 16 CLSR 295 (Ingenta).

Colombell, M, ‘The Legislative Response to the Evolution of Computer Viruses’ (2002) 8 RJOLT 18.

Esen, R, ‘Cyber Crime: A growing problem’ (2002) 66 J Cr L 269 (Lexis).

Goodman, M, ‘Why the police don’t care about computer crime’ (1997) 10 HJOLT 465.

Kerr, O, ‘Cybercrime’s scope: Interpreting “access” and “authorization” in computer misuse statutes’ (2003) 78 NYULR 1596 (Lexis).

Klang, K, ‘A critical look at the regulation of computer viruses’ (2003) 11 IJLIT 162 (Lexis).

Lee, M, Pak, S, Kim, T, Lee, D, Schapiro, A and Francis, T, ‘Electronic commerce, hackers and the search for legitimacy: A regulatory proposal’ (1999) 14 BTLJ 839.

Macodrum, D, Nasheri, H and O’Hearn, T, ‘Spies in suits: New crimes of the information age from the United States and Canadian perspectives’ (2001) 10 ICTL 139 (Taylor and Francis).

McIntyre-O’Brien, R, ‘The current status of computer hacking offences in Ireland and their application to the Internet’ [2004] COLR 7.


p46

McMahon, R, ‘After billions spent to comply with HIPAA and GLBA privacy provisions, why is identity theft the most prevalent crime in America?’ (2004) 49 Vill LR 625 (Lexis).

Philippsohn, S, ‘Combating financial fraud on the Internet - An overview of current financial crimes on the internet’ (May 2000).

Towle, H, ‘Identity theft: Myths, methods, and new law’ (2004) 30 RCTLJ 237 (Lexis).


Chapter 3