From Granizada

Contents 1 Defining "Computer" 1.1 The Data Protection Act, 1998 1.2 The Computer Misuse Act 1990 UK-wide, and in Scotland 1.3 The All Party Internet Group

Defining "Computer"

Since there are many laws that govern what can be done with computers, it is important to know what is considered to be a computer. So far in looking at UK national law, the definitions seem to very robust and soundly founded in computer science. So while computer-related law in the UK has many flaws, a narrow definition of "computer" does not seem to be one of them. Other related issues arise, such as the definition of "network" and the need to reconcile "computer" with "information system", the latter term being used in EU legislation.

There is, I suspect, a potentially greater problem, that of professionals in the justice system failing to recognise that a computer is involved in the facts of a case as it swirls past them, or that the actions of all including the investigators are required to be within certain parameters. I wonder if there may possibly be a blind spot in the justice system in this respect and will consider this further elsewhere.

But the basic building block is the term "computer", and this article considers its use in UK law.

Dan 19:16, 17 July 2007 (CST)

The Data Protection Act, 1998

The Data Protection Act 1998 is very sound in its definitions. The Act does not set out to define "computer" but does in fact do so in a suitably general way, in effect concluding that a computer consists of "equipment that operates automatically to process data".

This is all in section 1 (1):

  "data" means information which- ...
           (a) is being processed by means of equipment operating automatically in response to
               instructions given for that purpose,
  and
  "processing", in relation to information or data, means obtaining, recording or holding the 
  information or data or carrying out any operation or set of operations on the information or 
  data, including- 
           (a) organisation, adaptation or alteration of the information or data,
           (b) retrieval, consultation or use of the information or data,
           (c) disclosure of the information or data by transmission, dissemination or 
               otherwise making available, or
           (d) alignment, combination, blocking, erasure or destruction of the information or data;

These definitions will, I sincerely hope, outlast the Data Protection Act.

The Computer Misuse Act 1990 UK-wide, and in Scotland

In contrast, the Computer Misuse Act 1990 deliberately avoids defining "computer", "computer system" or "computer data". Certainly the evident dangers of a narrow definition have been avoided. The intention is that the courts will use the appropriate contemporary meaning, an intention I fear is less realistic than well-meant.

In 2003 the Legal Subgroup of the Internet Crime Forum issued a discussion paper titled Reform of the Computer Misuse Act 1990. This paper covers terminology issues well. As to Scotland, the jurisdiction with which I have most to do, the paper says:

  In Scotland the CMA has only ever been used on a handful of occasions. Prosecutors have
  preferred to use charges at common law such as fraud or malicious mischief. These have
  a wide definition and carry a maximum sentence of life imprisonment. By using such charges
  prosecutors in Scotland can avoid many of the problems with the CMA highlighted above.

In other words, in Scotland not only the definition but also the complete context is left up to the court. So while this outcome is in my view optimistic (expecting the court to be sufficiently versed in a wide range of computer science and social science concepts that it can apply traditional law to the virtual world) at least the court is not constrained by definitions. Rather, it is exuberantly unconstrained, in every respect.

The All Party Internet Group

The All Party Internet Group is a body of parliamentarians in the Commons and the Lords. They conducted an inquiry and produced a report in 2004 called Revision of the Computer Misuse Act . This report has an extensive discussion of the lack of definition highlighted in this article. Key points:

• In practice, courts tend to use a broad definition
• It was considered advantageous to be able to move with the times
• No evidence found that lack of explicit definition was an issue
• Recommended the government resist calls to embed a definition into the law

Reference was made to a "Convention on Cybercrime" which so far I assume to be the 2001 Budapest Convention on Cybercrime which has these definitions in Chapter I Article I:

 a    "computer system" means any device or a group of interconnected or related devices, 
      one or more of which, pursuant to a program, performs automatic processing of data;
 b    "computer data" means any representation of facts, information or concepts in a form 
      suitable for processing in a computer system, including a program suitable to cause 
      a computer system to perform a function;

which covers the required ground quite well.

This content is licensed under the Creative Commons Attribution ShareAlike License v. 2.5: http://creativecommons.org/licenses/by-sa/2.5/

GFDL: Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". (shearer.org uses but does not currently recommend the GDFL and here's the explanation why. )