Section 1 of the Computer Misuse Act criminalises unauthorised access to any program, data or computer. While this broad definition can be helpful to prosecute hackers, there is a grey area when it comes to events such as Ellis vs DPP.

In this instance, an ex-student used a computer in a campus library that was logged in as another user. It was successfully argued that Ellis, as an ex-student, knew he was not authorised to access the computer let alone another students account and that by interacting with the computer that a breach of CMA Section 1 occurred.

The case was appealed by Ellis whereby the argument put forward was that the actions constituted nothing more than the digital equivalent of reading a discarded newspaper and was therefore not a offence.

Unfortunately, the appeal was rejected due to the wording of the law and that Ellis caused a “function” to be performed.

This case highlights some of the key concerns with the Computer Misuse Act that is caused due to the broad language that is used by the legal profession.

‍