Computer Science
Computers & The Law

The Legislation

The following are the main pieces of legislation that apply to the use of computers.

  • Health & Safety (Display Screen Equipment) Regulations 1992
  • Copyright, Designs & Patents Act 1988
  • Computer Misuse Act 1990
  • Regulation Of Investigatory Powers 2000
  • Data Protection Act 1998 (Updated from 1984)

Health & Safety (Display Screen Equipment) Regulations 1992

These regulations relate to the Health and Safety of individuals using computers in a work context. Employers, employees and manufacturers all have certain responsibilities.

Employers must,

  • evaluate the health and safety conditions workstations give rise
  • train employees in the safe use of equipment
  • ensure employees take regular breaks or changes in activity
  • provide regular eye tests and pay for glasses

Employees must,

  • use workstations correctly according to their training
  • bring problems to the attention of their employer and co-operate in their correction

Manufacturers must,

  • make sure that screens have clear characters, are flicker-free, swivel and tilt and are at an appropriate height
  • make sure that keyboards are separate from screen and tiltable, have a matt surface to avoid glare, and have key symbols that are of adequate contrast and visibility.

Applicability

This legislation applies to employees who use VDUs as a significant part of their work. Those who use VDUs only occasionally are not covered by this legislation.

Employers still have other health and safety responsibilities.

Myth-Information

Like the EU, the Health & Safety Executive suffers from an image problem and a regular assault from the tabloid media and bad TV. In most cases, news stories centre around myths or the misinterpretation of legislation by organisations.

The term 'health and safety', like the term 'political correctness' is often swiftly followed by the words, '...gone mad!'. Take the trouble to find out the truth. The tabloid journalists know full well what the real truth is - they also know what sells stories. The misreporting is always deliberate.

For example, you may be interested to know that there is not and has never been a law against the throwing of snowballs. There are plenty of good reasons why a school might choose not to allow pupils to do so. The actual regulations cover basic responsibilities and prevent the needless endangerment of hard-working people simply to line someone else's pockets. They also make organisation's legally accountable for the accidents that result from their negligence.

Check out the myths at http://www.hse.gov.uk/myth/index.htm

Copyright, Designs & Patents Act 1988

Under this act it is illegal to,

  • copy software or distribute software
  • execute or run software for which you do not have a license
  • alter or edit software
  • transmit software or send via a telecommunications link

This Act has been updated more recently by the Copyright and Related Rights Regulations 2003 which includes a section on Electronic Rights Management.

Patents

A patent is an intellectual property right. Governments grant patents. Patents protect inventions in the country in which they are granted.

For an invention to be patentable it must be

  • new - not already known to the public before the date a patent is applied for
  • inventive - not an obvious modification of what is already known
  • capable of industrial application - can be made or used in any kind of industry.

Inventions relating to computer software may be patentable, but only if they involve something more than just software running on a computer in a technically ordinary way. There must be some form of innovative 'technical effect' for software to be patentable.

Computer Misuse Act 1990

There are three levels of offence under this act:

  • unauthorised access to computer material
  • unauthorised access to computer material with criminal intent
  • unauthorised modification of computer material

Police & Criminal Justice Act 2006

This act contains clauses which effectively stand as amendments to the Computer Misuse Act. It provides clarification in some areas

Unauthorised Access To Computer Materials (Hacking)

Someone is guilty of the offence if:

  • they cause a computer to perform any function
    1. with intent to secure access to any program or data held in any computer
    2. or to enable any such access to be secured
  • the access they intend to secure, or to enable to be secured, is unauthorised

Carrying Out Unauthorised Acts In Relation To A Computer

Someone is guilty of the offence if

  • they do any unauthorised act in relation to a computer;
  • at the time when they do the act they know that it is unauthorised; and
  • either the person intends that the act will have a certain result (discussed next) or the person is reckless as to whether or not the act will have that certain result.

The term certain result can be taken to mean,

  • impairing the operation of any computer
  • preventing or hindering access to any program or data held in any computer
  • impairing the operation of any such program or the reliability of any such data
  • enabling any of the above to be done

Making, Supplying Or Obtaining Articles For Use In Computer Misuse Offences

Someone is guilty of the offence if

  • they make, adapt, supply or offer to supply any article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3; and/or
  • they supply or offer to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence under section 1 or 3; and/or
  • they obtain any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.

Section 1 Penalties (Hacking)

  • Summary penalty: up to 12 months in prison and / or a fine of up to the statutory maximum.
  • Indictment penalty: up to 2 years in person and / or a fine.

Section 3 Penalties (Carrying Out Acts...)

  • Summary penalty: up to 12 months in prison and / or a fine of up to the statutory maximum.
  • Indictment penalty: up to 10 years in person and / or a fine.

Section 3A Penalties (Making, Supplying Or Obtaining Articles...)

  • Summary penalty: up to 12 months in prison and / or a fine of up to the statutory maximum.
  • Indictment penalty: up to 2 years in person and / or a fine.

You can see from the table below that there are not many prosecutions under the act in any given year. These figures are for England & Wales in 2001 and are taken from Hansard.

StatuteCautionsProsecutions
Computer Misuse Act 1990,
Sec. 1 Unauthorised access to computer material		109
Computer Misuse Act 1990,
Sec. 2 Unauthorised access with intent to commit or facilitate commission of further offences		04
Computer Misuse Act 1990,
Sec. 3 Unauthorised modification of computer material		1012
Total2025

Regulation Of Investigatory Powers Act 2000

Under the RIP Act it is an offence to intercept a message sent via public or private telecommunication system, although there are exemptions. The Act regulates the power of government security services and law enforcement authorities by allowing the interception, surveillance and investigation of electronic data in specified situations such as when preventing and detecting crime. Powers include being able to demand the disclosure of data encryption keys.

Data Protection Act 1984, 1998

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

The 8 Principles Of Data Protection

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

Definitions From 1984

  • Personal Data any information held about identifiable individuals.
  • Automatically Processed any technology used in document production.
  • Data Users those who control the data
  • Data Subjects those about whom data is held.

Personal Data

Personal data covers both facts and opinions about the individual. It also includes information regarding the intentions of the data controller towards the individual, although in some limited circumstances exemptions will apply. With processing, the definition is far wider than in 1984. For example, it incorporates the concepts of 'obtaining', holding' and 'disclosing'.

Organisations Must

Registers with the Information Commissioner's Office (called notification) providing,

  • Their name and address.
  • Items of data held.
  • Purposes for which data is used.
  • Sources of information.
  • To whom information is disclosed.
  • Overseas territories to which data is transferred.

The Information Commissioner

The Information Commissioner's Office (ICO) is UK's independent authority set up to promote access to official information and to protect personal information. It covers

  • Data Protection
  • Freedom Of Information
  • Privacy & Electronic Communication
  • Environmental Information Regulations

The ICO handles complaints regarding breaches as well as providing advice to data subjects and data users.

Your Rights Under The Act

  • The right to access data held about you.
  • The right to prevent processing where it is causing you substantial distress under some cases
  • The absolute right to prevent processing for direct marketing.
  • The right to prevent automatic decisions being undertaken based solely on the data held about you, under certain cases.
  • The right to claim compensation from a Data Controller for damage and distress under certain cases.
  • The right to rectification, erasure and destruction of incorrect data or expression of opinions.
  • The right to ask the Commissioner whether the Act has been contravened

Exemptions

  • Payroll data, pensions and accounts
  • Exemptions may be granted when data is for personal, family, household use.
  • Right to access does not apply when this is for backup or statistical purposes.
  • Data can be disclosed to an agent (eg lawyer) or to prevent injury or damage to health.
  • Matters of national security
  • Prevention of crime
  • Collection of tax or duty

Accessing Personal Data

Organisations can charge up to a maximum of £10 to cover the cost of supplying the information on request. Credit agencies can only charge £2 for a request regarding financial standing. Health and education records require a charge of £1 - £50 depending on the number of pages of information requested. Repeat charges can be avoided by carefully listing the data required in the first letter to the organisation. The organisation must respond to requests within 40 days.

Freedom Of Information Act 2000

Extends rights to include access to any information (on computer or paper) held by a public authority. £10 fee can be levied although the organisation can refuse if the estimated cost of granting the request exceeds £450 for a local authority, £600 for central government.

Mark Thomas Product

Mark Thomas is an activist and comedian who manages to do both at the same time. His books, TV shows, videos and performances are well worth your time and money.

Mark Thomas made a request for information held about him by the government. He received copies of emails in which he was referred to as 'a complete prat' and a 'nutter' and asking if there was any 'background dirt' on him. You can read more in the BBC article,

http://news.bbc.co.uk/1/hi/uk_politics/1106142.stm