Week 3 - Law and cybercrime

Question 1

Outline the main offences introduced by the Computer Misuse Act 1990 and explain their significance (6 marks)

Answer 1

Section 1 - unauthorised access to computer material (basic hacking offence).
Section 2 - unauthorised access with the intent to commit or facilitate further offences.
Section 3 - unauthorised acts with intent to impair or with recklessness (e.g., malware, DDoS).

These provisions allowed courts to address cyber-dependent crime directly, filling a gap in traditional laws that couldn’t handle digital acts like hacking or spreading viruses.

Question 2

Compare cyber-enabled and cyber-dependent crimes with examples. Why is this distinction legally relevant? (5 marks)

Answer 2

1) Cyber-enabled - traditional crimes made easier by tech (e.g., fraud, stalking)
2) Cyber-dependent - crimes that only exist via tech (e.g., hacking, denial-of-service attacks).

The distinction shapes legal definitions, jurisdiction, and international policies. It guides what needs to new laws (e.g., CMA 1990) and what can be prosecuted under traditional frameworks.

Question 3

Explain the aims and key mechanisms of the Budapest Convention on cybercrime (7 marks).

Answer 3

Aims - harmonise national laws, enable international cooperation, and support digital evidence procedures.
Mechanisms - substantive law (criminalising illegal access, system interferences); procedural law (data seizure and live data capture); cooperation tools (extradition, 24/7 contact points, mutual legal assistance).

It’s widely adopted but lacks full global buy-in (e.g., not signed by China, Russia)

Question 4

What are the key legal reforms introduced by the Police and Justice Act 2006 to strengthen the Computer Misuse Act? (6 marks)

Answer 4

1) Section 35: raise section 1’s penalty to 2 years, making it indictable
2) Section 36: redefined section 3 to include temporary or reckless impairment, aligning with EU law
3) Section 37 / 3A: criminalised supplying or obtaining hacking tools. These addressed emerging tech threats like DDoS and tools used in attacks, enhancing enforceability.

Question 5

Discuss the concept of ‘responsibilisation’ in cybercrime prevention and the role of legal instruments in enabling it (8 marks)

Answer 5

Responsibilisation involves shifting crime control from the state to private actors (Garland).

Legal support includes: GDPR/Data Protection Act 2018 which obliges data protection; NIS Regulations 2018 where risk assessment for critical systems; Online safety bill where duties of care for platforms (e.g., content moderation, reporting).

This is all enforced by NCSC, ICO, OFCOM. This collaborative approach reduces dependence on traditional law enforcement alone and empowers private sector resilience.

Question 6

What are the main limitations of national cybercrime laws when addressing cross-border cyber offences?

Answer 6

1) Jurisdictional ambiguity - cybercrimes span borders; unlcear which country has legal authority.
2) Legal inconsistency - countries that define and publish cybercrime differently.
3) Access to evidence - data may be stored overseas so international cooperation may be needed.
4) Slow legal updates - national laws lag behind rapidly evolving tech.

These 4 issues all hinder effective protection of transnational cybercriminals.

Question 7

Explain the role of the Online Safety Bill (2023) in preventing cybercrime and protecting users. (7 marks)

Answer 7

• Introduces new offences like cyber flashing and harmful online communications
• Imposes duties of care on online platforms to assess and mitigate illegal content
• Enhances user empowerment with controls and complaints procedures
• OFCOM regulates compliance with powers to enforce duties.

Shifts responsibility to service providers, aiming to proactively reduce online harm.

Question 8

How does the UN Convention on Cybercrime (2024) differ from the Budapest Convention, and what controversies does it raise? (8 marks)

Answer 8

• It’s the first global cybercrime treaty, aiming for broader adoption than the regional Budapest Convention.
• It covers newer offences (e.g., child grooming, cyber laudering).
• This opposed by rights groups and tech firms.
• It reflects a geopolitical compromise with mixed reception.
• Controversial points: vague offences may threaten free speech and data collection powers may raise privacy concerns.

Question 9

Describe how extra-territorial jurisdiction applies under the Computer Misuse Act 1990 and give one example scenario. (6 marks)

Answer 9

UK courts can prosecute cybercrimes committed outside the UK if there’s a ‘significant link’:
- Offender is a UK citizen.
- Targeted system is in the UK.
- Harm occurred in the UK.

Example: A hacker in the US attacks a UK hospital’s database. Despite being abroad, they can be prosecuted in the UK due to harm and target location.