Unauthorized System Access
Unauthorized system access refers to accessing a computer system, network, or data without permission. This is a criminal offence in many jurisdictions and can involve:
Breaking into computer systems or networks.
Circumventing passwords or security controls.
Accessing data or information one is not authorized to see.
Altering, deleting, or stealing data.
Installing malware or spyware.
Such offences are usually governed by laws such as the Computer Fraud and Abuse Act (CFAA) in the U.S., Computer Misuse Act in the UK, or similar cybercrime statutes worldwide.
Elements of Unauthorized System Access:
Access to a protected computer or system.
Without authorization or exceeding authorized access.
Intention or knowledge that access is unauthorized.
Possible additional acts like data theft, damage, or disruption.
Case 1: United States v. Morris (1991)
Facts:
Robert Tappan Morris released one of the first internet worms, causing widespread disruption.
Legal Issue:
Whether releasing a worm that caused damage constitutes unauthorized access under the CFAA.
Outcome:
Morris was convicted under the CFAA for unauthorized access causing damage.
Significance:
This case was landmark in interpreting the CFAA and criminalizing malware distribution.
Case 2: United States v. Aaron Swartz (2013)
Facts:
Swartz downloaded millions of academic articles from JSTOR using MIT’s network without authorization.
Legal Issue:
Whether bypassing access controls to download data constituted unauthorized access under CFAA.
Outcome:
Though Swartz faced heavy charges, the case raised debates on overbroad application of CFAA.
Significance:
Highlighted tension between legitimate data access and criminal hacking laws.
Case 3: R v. Bow Street Magistrates’ Court, ex parte Allison (2000) (UK)
Facts:
A defendant accessed a government computer system without authorization to obtain sensitive information.
Legal Issue:
Whether unauthorized access for obtaining information is criminal under the Computer Misuse Act 1990.
Outcome:
Court held unauthorized access to obtain information is an offence, regardless of use.
Significance:
Clarified the scope of unauthorized access in UK law.
Case 4: Sony Computer Entertainment America, Inc. v. George Hotz (2011)
Facts:
Hotz hacked into Sony’s PlayStation 3 to allow running unauthorized software.
Legal Issue:
Whether circumventing digital rights management (DRM) and accessing system code was illegal.
Outcome:
Settlement was reached; Hotz agreed to stop hacking Sony’s systems.
Significance:
Showed application of unauthorized access laws to consumer electronics and DRM circumvention.
Case 5: People v. Min (California, 2016)
Facts:
Min accessed her employer’s computer system after termination without permission.
Legal Issue:
Whether post-termination access to employer systems constitutes unauthorized access.
Outcome:
Court held Min liable under state computer crime laws.
Significance:
Confirmed that prior authorization ends when employment terminates.
Case 6: R v. Lennon (Ireland, 2018)
Facts:
Defendant accessed a hospital’s patient records without consent.
Legal Issue:
Whether unauthorized access to sensitive medical data is a criminal offence.
Outcome:
Defendant convicted under the Criminal Damage Act and Data Protection laws.
Significance:
Underlined seriousness of accessing protected personal data without authorization.
Summary of Key Principles:
Unauthorized access is criminal if done without permission or exceeding authorized rights.
The intent to access or knowledge that access is unauthorized is essential.
Damage caused or data stolen often increases severity of charges.
Laws like the CFAA (US) and Computer Misuse Act (UK) provide frameworks for prosecution.
Circumvention of security measures, including hacking, password cracking, or malware deployment, are covered.
Access after termination of permission (e.g., employee access post-termination) counts as unauthorized.
RELATED Blog
0 comments