nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

The Criminalisation of Tools Under the Computer Misuse Act 1990. The Need to Rethink Cybercrime Offences to Effectively Protect Legitimate Activities and Deter Cybercriminals

verfasst von : Audrey Guinchard

Erschienen in: Rethinking Cybercrime

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Fourteen years after its creation in 2006, s3A Computer Misuse Act 1990 remains as problematic, if not more problematic than ever. Established to support the fight against cybercrime, the offence of misuse of tools has not only the paradoxical effect of endangering legitimate security research, as foreseen in 2006, but has also become a threat to established newsgathering practices. Its broad structure, combined with the vagueness of the other CMA offences, and the absence of public interest defences, criminalises the very tools which facilitate the work of, respectively, security researchers, and whistle-blowers and journalists-, leaving these actors exposed to criminal liability for resorting to dual-use hacking tools and obfuscating tools. Ultimately this pattern of over-criminalisation harms the fight against cybercrime and crime, defeating the very objective of deterrence cybercrime offences harbour. It is time, not just for reforming the CMA and in particular s3A, but also for the legislator, both in the UK and at international level, to properly engage with the security industry and civil society.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Vygotsky and Internet Grooming: The Darker Side of ZPD and Scaffolding

Nächstes Kapitel A Short History of Hacktivism: Its Past and Present and What Can We Learn from It

For the details of the Parliamentary debates with reference, see Fafinski (2008: 61–65).

Great Britain. Police and Justice Act 2006, c.48, s35. London: The Stationery Office for the legislation/statute.

Ball, J. (2014, June 5). Guardian Launches SecureDrop System for Whistleblowers to Share Files, The Guardian [Online]. Available from: https://www.theguardian.com/technology/2014/jun/05/guardian-launches-securedrop-whistleblowers-documents.

Billig, J., Danilchenko, Y., & Frank, C. E. (2008, September). Evaluation of Google Hacking. In Proceedings of the 5th Annual Conference on Information Security Curriculum Development (pp. 27–32).

Broucek, V., & Turner, P. (2013). Technical, Legal and Ethical Dilemmas: Distinguishing Risks Arising from Malware and Cyber-attack Tools in the ‘Cloud’—A Forensic Computing Perspective. Journal of Computer Virology and Hacking Techniques, 9(1), 27–33.CrossRef

Brunton, F., & Nissenbaum, H. (2013). Political and Ethical Perspectives on Data Obfuscation. In Privacy, Due Process and the Computational Turn: The Philosophy of Law Meets the Philosophy of Technology (pp. 164–188).

Clayton, R. (2007, December 31). Hacking Tool Guidance Finally Appears. Blog. https://www.lightbluetouchpaper.org/2007/12/31/hacking-tool-guidance-finally-appears/. Accessed 27 November 2017.

Clough, J. (2015). Principles of Cybercrime. Cambridge University Press.

Committee to Protect Journalists. (2012). CPJ Journalist Security Guide: Covering the News in a Dangerous and Changing World. Available at https://cpj.org/security/guide.pdf.

CRLNN, Criminal Law Reform Now Network. 2020. Reforming the Computer Misuse Act. Available at http://www.clrnn.co.uk/.

Council of Europe. Explanatory Report to the Convention on Cybercrime. Available at https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185.

Cyber-Rights. (2003). An advocacy Handbook for the Non Governmental Organisations. http://www.cyber-rights.org/cybercrime/.

Denning, D. (2000). Reflections on Cyberweapons Control. Computer Security Journal, 16(4), 43–53.

European Digital Rights (EDRi) Submission to the Council of Europe’s Second Protocol to the Convention on cybercrime, 20 February 2019. https://edri.org/safeguarding-fundamental-rights-in-the-new-cybercrime-protocol/.

European Digital Rights (EDRi). (2018, April 3). Nearly 100 Public Interest Organisations Urge Council of Europe to Ensure High Transparency Standards for Cybercrime Negotiations. Available at https://edri.org/global-letter-cybercrime-negotiations-transparency/.

European Network and Information Security Agency (ENISA). (2013). The Directive on Attacks Against Information Systems. A Good Practice Collection for CERTs on the Directive on Attacks Against Information Systems. Available at https://www.enisa.europa.eu/publications/the-directive-on-attacks-against-information-systems.

European Network and Information Security Agency (ENISA). (2015). Good Practice Guide on Vulnerability Disclosure. From Challenges to Recommendations. Available at https://www.enisa.europa.eu/publications/vulnerability-disclosure. Accessed 4 February 2020.

European Network and Information Security Agency (ENISA). (2018). Economics of Vulnerability Disclosure. Available at https://www.enisa.europa.eu/procurement/economics-of-vulnerability-disclosure.

European Parliament. (2011, November 24). Draft Report on the Proposal for a Directive of the European Parliament and of the Council on Attacks Against Information Systems and Repealing Council Framework Decision 2005/222/JHA, 2010/0273 (COD).

European Parliament, LIBE. (2017, July 25). Report on the Fight Against Cybercrime, (2017/2068 (INI), para 21, 34. Available at http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A8-2017-0272+0+DOC+PDF+V0//EN.

Fafinski, S. (2006). Access Denied: Computer Misuse in an Era of Technological Change. The Journal of Criminal Law, 70(5), 424–442.CrossRef

Fafinski, S. (2008). Computer Misuse: The Implications of the Police and Justice Act 2006. The Journal of Criminal Law, 72(1), 53–66.CrossRef

Furnell, S., & Papadaki, M. (2008). Testing Our Defences or Defending Our Tests: The Obstacles to Performing Security Assessment References. Computer Fraud & Security, 2008(5), 8–12.CrossRef

Great Britain. Police and Justice Act 2006. Explanatory Notes. Available from: https://www.legislation.gov.uk.

Great Britain. House of Lords. (2006, July 11). Official Report: Parliamentary Debates [Hansard], Vol. 684, co. 611. London: The Stationery Office.

Guinchard, A. (2018). Transforming the Computer Misuse Act 1990 to Support Vulnerability Research? Proposal for a Defence for Hacking as a Strategy in the Fight Against Cybercrime. Journal of Information Rights, Policy and Practice, 2(2).

Guinchard, A. (2020). Better Cybersecurity, Better Democracy? The Public Interest Case for Amending the Convention on Cybercrime n.185 and the Directive 2013/40/EU on Attacks Against Information Systems. In R. Pereira, A. Engel, & S. Miettinen (Eds.), The Governance of Criminal Justice in the European Union: Transnationalism, Localism, and Public Participation in an Evolving Constitutional Order. London: Edward Elgar.

Hafiz, M., & Fang, M. (2016). Game of Detections: How Are Security Vulnerabilities Discovered in the Wild? Empirical Software Engineering, 21(5), 1920–1959.CrossRef

Horder, J. (2019). Ashworth’s Principles of Criminal Law (9th ed.). Oxford: Oxford University Press.CrossRef

Jardine, E. (2015). The Dark Web Dilemma: Tor, Anonymity and Online Policing. Global Commission on Internet Governance Paper Series, No. 21. Available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2667711.

Katos, V., & Furnell, S. (2008). The Security and Privacy Impact of Criminalising the Distribution of Hacking Tools. Computer Fraud & Security, 2008(7), 9–16.CrossRef

Kleberg, C. F. (2015). The Death of Source Protection? Protecting Journalists’ Source in a Post-Snowden Age. London, UK: LSE Polis. Available at http://eprints.lse.ac.uk/63140/.

Law Commission. 2007. Conspiracy and Attempts. CP 183.

Lee, M. (2015, November 12). Edward Snowden Explains How to Reclaim Your Privacy. The Intercept [Online]. Available from: https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/.

Maurushat, A. (2013). Disclosure of Security Vulnerabilities: Legal and Ethical Issues. Springer.

Organisation for Economic Co-operation and Development. (1986). Computer-Related Crime: Analysis of Legal Policy. OECD.

Posetti, J. (2017). Protecting Journalism Sources in the Digital Age. UNESCO. Available at https://unesdoc.unesco.org/ark:/48223/pf0000248054.

Poulsen, K. (2013, May 14). Strongbox and Aaron Schwartz. The New Yorker [Online]. Available from: https://www.newyorker.com/news/news-desk/strongbox-and-aaron-swartz.

Pyetranker, I. (2015). An Umbrella in a Hurricane: Cyber Technology and the December 2013 Amendment to the Wassenaar Arrangement. Northwestern Journal of Technology and Intellectual Property, 13, i.

Rachovitsa, A. (2016). Engineering and Lawyering Privacy by Design: Understanding Online Privacy Both as a Technical and an International Human Rights Issue. International Journal of Law and Information Technology, 24(4), 374–399.CrossRef

Romanosky, S., Libicki, M. C., Winkelman, Z., & Tkacheva. O. (2015). Internet Freedom Software and Illicit Activity: Supporting Human Rights Without Enabling Criminals. Santa Monica: The RAND Corporation. Chapter 7, ProQuest Ebook Central. Available at https://www.rand.org/pubs/research_reports/RR1151.html. Accessed 8 September 2020.

R v Bow Street Magistrates’ Court and Allison (AP) Ex Parte Government of the United States of America (Allison). (2002). 2 AC 216.

R v Coulson. (2013). EWCA Crim 1026.

R v Martin. (2013). EWCA Crim 1420.

Safi, M. (2020, January 22). Greenwald Charges Are ‘Existential Threat’ to Journalism in Brazil, Says Edward Snowden. The Guardian [Online]. Available from: https://www.theguardian.com/media/2020/jan/22/greenwald-charges-are-existential-threat-to-journalism-in-brazil-says-edward-snowden and https://www.hrw.org/news/2020/01/23/brazil-journalist-faces-baseless-charges.

Schuster, S., Van Den Berg, M., Larrucea, X., Slewe, T., & Ide-Kostic, P. (2017). Mass Surveillance and Technological Policy Options: Improving Security of Private Communications. Computer Standards & Interfaces, 50, 76–82.CrossRef

Silic, M. (2013). Dual-Use Open Source Security Software in Organizations–Dilemma: Help or Hinder? Computers & Security, 39, 386–395.

Sommer, P. (2006). Criminalising Hacking Tools. Digital Investigation, 3(2), 68–72.CrossRef

Stieglitz, E. J. (2006). Anonymity on the Internet: How Does It Work, Who Needs It, and What Are Its Policy Implications. Cardozo Arts & Entertainment Law Journal, 24, 1395.

Townend, J., & Danbury, R. (2017). Protecting Sources and Whistleblowers in a Digital Age. Institute of Advanced Legal Studies. Available at https://infolawcentre.blogs.sas.ac.uk/files/2017/02/Sources-Report_webversion_22_2_17.pdf.

United States v J P Assange, Indictment. (2018, March). Available from: https://www.justice.gov/usao-edva/press-release/file/1153481/download.

Van der Vlist, F. N. (2017). Counter-Mapping Surveillance: A Critical Cartography of Mass Surveillance Technology After Snowden. Surveillance & Society, 15(1), 137–157.CrossRef

Titel: The Criminalisation of Tools Under the Computer Misuse Act 1990. The Need to Rethink Cybercrime Offences to Effectively Protect Legitimate Activities and Deter Cybercriminals
verfasst von: Audrey Guinchard
Verlag: Springer International Publishing
Buch: Rethinking Cybercrime
Print ISBN: 978-3-030-55840-6

Electronic ISBN: 978-3-030-55841-3

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-55841-3_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner