Many conversations have taken place regarding the misuse of computers and technology. Historically there has been concern about unauthorized alterations to computer programs and electronic information. In response to a swelling number of offences, the Government enacted the Computer Misuse Act 1990 (CMA) (Walton, p. 39). Although it’s been in existence for 15 years, many individuals still question CMA’s applicability and effectiveness. Especially given the growing number of hacking incidents and the few instances of prosecution. Despite such statistics, the CMA has laid the groundwork for combatting computer misuse and should therefore maintain its legal status.
The CMA is a law that not only combats criminal activity but establishes an allowance for crimes committed outside of a local territory. The TCSEC is a standard of practice that addresses evaluation methods for Cybersecurity. In the 1980’s there was substantial international concern regarding the growing number of cybercrimes such as hacking. (Walton, p. 39). What made prosecuting cybercrimes so challenging was the remote nature of such criminal behavior. In many instances an individual could commit an offense in one jurisdiction but cause harm to persons in other areas.
For prosecutors, connecting the illegitimate act with a responsible person often proved difficult. This was due to the fact that many cybercrimes were committed from remote locations. Initially there was opposition to the idea of separate legislation to address computer misuse. Advocates of this view felt that existing laws addressing criminal damage, deception, and espionage were sufficient. However, one deficiency in existent laws was its inability to address the extraterritorial dimension to cyberspace crimes (Walton, p. 39). This meant that a more specific and comprehensive law needed to be established. This proposed law should also have an extraterritorial mechanism in place to account for the separation of cause and effect.
In addition to combating cybercrimes, the CMA and TCSEC provide inclusive enforcement guidelines and protocols. The CMA gives a detailed explanation of unauthorized access, computer misuse, and unsanctioned modification of computer materials (Walton, p. 40). From an enforcement or legal standpoint, the definition of what constitutes an offence is important. It is also beneficial that within the described offences the terms of punishment if convicted are appropriately explained. In analysis, Magistrate courts are provided with guidelines but still retain the autonomy to interpret each case individually. This is important because different courts will inescapably interpret cybercrimes differently. This is not beneficial as it does not force the courts into restrictive processes.
The TCSEC was monumental during the period from 1983-1999, as a landmark computer security evaluation methodology. This process was established by the Department of Defense and created a blueprint for documented security requirements. It was also part of a broader security process called the Rainbow Series. The Rainbow Series created a standardized process for protecting Government networks, databases, audit systems, and passwords. This was extremely important given the classified nature of government systems and documentation (Clemson.edu, n.d.).
TCSEC aptly describes six evaluation classes that are part of a rating scale. The alphabetic rating scale ranges from D to A1. From a descriptive standpoint the rating scale ranges from minimal protection to verified protection (Clemson.edu, n.d.). This is beneficial as a method for evaluating computer products and rating them based on use. For example, a home computer may be evaluated on the lower end of the rating scale. Whereas a work computer that is used for sensitive information (i.e. patient medical records) would require a higher level of verified protection. This higher level of verified protection could include covert channel analysis, and enhanced test and design procedures (Clemson.edu, n.d.).
Although the CMA is a law that is beneficial in enforcing cybercrimes there have been identified gaps. To address such gaps the Fraud Act (FA) was established in 2006. According to the FA individual guilt includes any form of fraud including false representation, failure to disclose information, and abuse of position. If a person is convicted of a crime under the FA, the maximum term of punishment can include fines, imprisonment (up to ten years), or a combination of both (Bainbridge, p. 277).
One anticipated benefit of the FA is that it provides more punitive consequences than the CMA, for unauthorized access. Under the original CMA act only an individual who knowingly gained access to unapproved information was punished. Under the new FA there is also consequences for persons intending to authorize access to such confidential information (Bainbridge, p. 277). This is significant as it creates greater corporate accountability. With the existence of the CMA combined with the passing of the FA, hopefully incidents of cybercrime will go down.
It is extremely important for individuals and companies working with highly confidential information to incorporate protection mechanisms. This is especially true given the advanced nature of internal and external security attacks. For example denial of service attacks can flood a network with useless information. Once that happens a network can temporarily be rendered useless until the source of the attack is both identified and addressed. Even with the existence of the CMA and the FA, further laws could be forthcoming. This is due to the substantial level of disruption that continually takes place. Individuals who are involved in cybercrimes will ultimately stop at nothing to breach current Cybersecurity.
In conclusion the CMA has truly created an effective platform for combatting cybercrimes. Admittedly it is not the final legislative action anticipated. Historically there has been new legislation at least every 15-20 years. In 1968 and 1978 the first Theft Acts were established (Bainbridge, p. 276). As previously mentioned the CMA was subsequently passed in 1990. Approximately 16 years after the passage of the CMA the FA was established. Looking forward one hypothesis is that there could be either a modification to the existing laws or even a completely new law. Even if there is the establishment of a new law it does not diminish the value of the CMA which laid the groundwork.
Bainbridge, David. "Criminal Law Tackles Computer Fraud and Misuse." Computer Law & Security Review 23.3 (2007): 276-81. Science Direct. Elsevier. Web. 15 Apr. 2015. www.sciencedirect.com.
"Trusted Computer System Evaluation Criteria (TCSEC)." Http://www.cs.clemson.edu/. Clemson University. Web. 15 Apr. 2015. http://www.cs.clemson.edu/course/cpsc420/material/Evaluation/TCSEC.pdf.
Walton, Richard. "The Computer Misuse Act." Information Security Technical Report 11.1 (2006): 39-45. Science Direct. Elsevier. Web. 15 Apr. 2015. www.sciencedirect.com.
Subscribe to 5staressay's writing blog. Get email updates from our experts and stay up to date on all aspects of academic essay writing.
5StarEssays is the #1 ranked global leader in essay writing. Each of our professional essay writers is a native-English-speaking U.S.-based academic specialist. We’re not off-shore, and every essay we write is 100% original, with the highest level of composition and research. When we work for you, we exceed your expectations on every level.