Search Legislation

Police and Justice Act 2006

Section 35: Unauthorised access to computer material

294.Section 35 amends section 1 of the Computer Misuse Act 1990 (offence of unauthorised access to computer material). Section 1 of the 1990 Act deals with the unauthorised access to computer systems or data, commonly known as “hacking” or “cracking”. Under that section, it is an offence to cause a computer to perform any function with intent to secure unauthorised access to any program or data held in any computer. It is necessary to prove that the access secured is unauthorised and that the suspect knew that this was the case.

295.Section 35(2) extends the section 1 offence so that it would be committed where the person’s intention is to enable someone else to secure unauthorised access to a computer or to enable the person himself to secure unauthorised access to a computer at some later time.

296.Section 35(3) replaces the penalty for this offence by substituting a new subsection (3) into section 1 of the 1990 Act. The offence is made indictable, and the maximum sentence is increased from six months imprisonment to two years.

297.The European Union Framework Decision on Attacks Against Information Systems, adopted by the European Union and Justice and Home Affairs Council of Ministers on 24 February 2005 (http://register.consilium.eu.int/pdf/en/04/st15/st15010.en04.pdf), requires the approximation of Member States’ criminal law (offences, penalties and jurisdiction) on attacks against information systems; this amendment to the 1990 Act is designed to ensure compliance. The EU Framework Decision requires all Member States to give effect to its provisions in legislation by 24 February 2007. This is to ensure that there are adequate and more effective penalties available for the offence of unauthorised access to computer material, to reflect the seriousness of the criminal activities which can be involved in committing this offence.

Back to top

Options/Help