Access to police computer was authorised
LAW REPORT 21 May 1997
Wednesday 21 May 1997
Police officers who accessed the Police National Computer at an authorised level, but for an unauthorised purpose, were not guilty of securing unauthorised access contrary to section 1 of the Computer Misuse Act 1990.
The Divisional Court dismissed the appeal by way of case stated by the Director Public Prosecutions against the Crown Court's decision, allowing the respondent's appeals against conviction by a stipendiary magistrate of offences contrary to section 1 of the Computer Misuse Act 1990.
The respondents were serving officers in the Metropolitan Police. They had instructed police computer operators to extract from the Police National Computer details of the registration and ownership of two motor cars, for private purposes.
Michael Bowes (CPS) for the Director of Public Prosecutions; Peter Doyle (Russell Jones & Walker) for the respondents.
Mr Justice Astill said that the question for the court was whether the Crown Court had been right to conclude that the primary purpose of the Computer Misuse Act 1990 was to protect the integrity of computer systems rather than the the integity of information stored on computers, even though that might leave a lacuna in the law; and that a person who secured access to any material held in a computer at a level at which he was entitled to access, but for unauthorised purposes, did not commit an offence under section 1.
The appellant had contended that access to the Police National Computer by a police officer for a non-police purpose was unauthorised. *A police officer's authority to secure access to the computer had been limited or restricted to access for police purposes by the Commissioner of Police, who was entitled to control access.**
The respondents submitted that they were authorised to control access to the computer. *Controlling access was different from defining or restricting authority to access.** *The Computer Misuse Act 1990 was concerned with the unauthorised access to computer material, not with unauthorised access to computer material for an unauthorised purpose.**
*The use of the National Police Computer by officers was subject to directions given by the Commissioner of Police.** Access to the computer for a non- police purpose involved giving a false Reason Code in contravention of instructions. The respondents submitted that that was not securing unauthorised access to the computer, but was securing access at an authorised level for an unauthorised purpose.
They further submitted that section 5(2)(b) of the Data Protection Act 1984 made adequate provision for the prosecution of police officers who used the computer for non-police purposes: see R v Brown (Law Report, 13 February 1996)  1 All ER 545.
The starting point was to consider the purpose of the 1990 Act. It was common ground that it had been enacted to criminalise the breaking into or "hacking" of computer systems. It was also common ground that the Data Protection Act 1984 had been enacted with the purpose of criminalising the improper use of data.
Regard must be had to the wording of section 17(5) of the 1990 Act. Access was stated to be unauthorised if:
(a) a person is not himself entitled to control access of the kind in question to the program or data; and (b) he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled".
Access "of the kind in question" was set out in section 17(2)(a) to (d).
The respondents did have authority to secure access by reference to section 17(2)(c) and (d) at least. They therefore had authority to access the data even though they did it for an unauthorised purpose, and thus did not commit an offence contrary to section 1 of the Act.
*The authority of the Commissioner was not thereby undermined, because the respondents remained subject to internal discipline. They could also have been prosecuted under the Data Protection Act 1984.**
If, as the appellant had submitted, the Commissioner alone had control access, the consent given by him to the respondents to access the computer at the point of entry for any of the kinds of access set out in section 17(2) provided them with a defence by virtue of section 17(5)(b) even if the access was for an unlawful purpose.
The Crown Court had, accordingly, been right to conclude that the primary purpose of the Computer Misuse Act 1990 was to protect the integrity of computer systems rather than programmes or data, but there was no lacuna in the law because the respondents could have been prosecuted under the Data Protection Act 1984.
Kate O'Hanlon, Barrister
- 1 Scottish independence: Ireland since 1919 is a lesson for Scotland in what a Yes vote means
- 2 Thailand deaths: Pair's bloodied bodies found naked on Koh Tao beach
- 3 Lego breaks out of the toy box and heads for the gallery
- 4 Julian Assange and Edward Snowden join piracy mogul Kim Dotcom’s political campaign in New Zealand
- 5 Daniele Watts: Django Unchained actress detained by Los Angeles police after being mistaken for a prostitute
Thailand deaths: Pair's bloodied bodies found naked on Koh Tao beach
Jihadi John': MI5 may have identified Isis militant who killed David Haines but options limited
Russia freezes Ukraine into submission: Kiev admits country doesn't have enough fuel for winter
Scottish independence: Police will be on high alert on Friday whatever the result
David Haines beheading: David Cameron says Britain will hunt down Isis 'monsters' shown in video murdering aid worker
Daniele Watts: Django Unchained actress detained by Los Angeles police after being mistaken for a prostitute
The political class is doing what Hitler couldn’t – destroying Britain
Scottish independence: Nationalist leader Jim Sillars threatens pro-union companies with 'day of reckoning' after independence
Scottish independence: Yes campaign feels the heat as Alex Salmond's NHS claims come under furious attack
£23m Birmingham cycle scheme is attacked by Tory councillor for not catering to the elderly
Salmond accused of laughing off national debt with ‘what are they going to do: invade?’ joke
£32000 - £40000 per annum + bonus: Ashdown Group: HR Manager (Generalist) -Old...
£45000 - £50000 per annum: Ashdown Group: Talent / Learning & Development Mana...
Up to £40,000: Ashdown Group: Standalone HR Manager role for an SME business b...
£350 - £400 per day: Orgtel: HR Analyst - Banking - Bristol - £350 - £400 per ...