Being safe on the internet (was Re: Here we go again - ISP DPI,butis it interception?)
Andrew.Cormack at ja.net
Sun Aug 1 14:03:52 BST 2010
Also worth re-reading the definition of the offence in the CMA: there's no requirement for harm to be caused.
"1 Unauthorised access to computer material
(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case."
There is some assistance in interpretation provided by sections 1(2) and 17, but those don't change the requirements for the offence.
As I read the judgment, the judge went through each of 1(1)(a) (b) & (c), concluded that all of them were true, and therefore the offence had been committed. Incidentally there are plenty of other offences that don't require harm to have occurred: driving past a red traffic light is a crime whether or not you run into anyone.
Andrew Cormack, Chief Regulatory Adviser
JANET(UK), Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, OX11 0SG, UK
Phone: +44 (0) 1235 822302
Fax: +44 (0) 1235 822399
JANET, the UK's education and research network
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Peter Sommer
> Sent: 01 August 2010 08:17
> To: ukcrypto at chiark.greenend.org.uk
> Subject: Re: Being safe on the internet (was Re: Here we go again - ISP
> DPI,butis it interception?)
> You got the wrong impression. The judge's reasoning was that in the
> circumstances the directory traversal was an unauthorised access.
> Cuthbert was "authorised" to type in a valid URL and to move around the
> website via links, but not to re-form a URL for the purposes of
> exploring the contents of the web-server.
> But, as I said, what set the police and the judge against him was his
> initial lack of candour and the attempt to suggest that the actions
> recorded by the IDS were the result of proxy server activity.
> And can I repeat - this case sets no precedents: the judge decided on
> the day on the facts in front of him. All the points made in this
> thread why he could have decided otherwise were made by counsel and in
> my own evidence.
> Peter Sommer
> >I got the impression at the time that the logic was that anything that
> >an ids was an intrusion, and the harm lay in the fact that the
> operators had
> >the analyse the logs. which is total madness.
More information about the ukcrypto