Spec & Goals 3 min
AQA Spec 3.8.1 — Legislation: the Computer Misuse Act 1990
By the end of this lesson you can:
- State what the Computer Misuse Act 1990 makes illegal.
- Describe its three main offences.
- Apply the Act to scenarios from Unit 6 (hacking, malware).
Warm-Up 5 min
In Unit 6 you met hacking and malware. The Computer Misuse Act is the UK law that makes these crimes.
Quick starter
Someone guesses a friend's password and logs into their account "just to look", changing nothing. Have they broken the law?
Reveal the idea
Yes. Unauthorised access alone is an offence under the Computer Misuse Act — even with no damage done.
Key Concept — making hacking a crime 14 min
The Computer Misuse Act 1990 is the UK law that makes unauthorised access to, and misuse of, computer systems illegal.
The three offences
| Offence | What it covers | Example |
|---|---|---|
| 1. Unauthorised access | Accessing a computer/data you have no permission to use. | Logging into someone's account without consent. |
| 2. Unauthorised access with intent to commit a further crime | Breaking in to commit fraud, theft, etc. | Hacking a bank to steal money. |
| 3. Unauthorised modification of data/programs | Changing, deleting or planting code without permission. | Spreading malware; defacing a website. |
Worked Example — which offence? 12 min
Problem: Match each act to the Computer Misuse Act offence.
| Action | Offence |
|---|---|
| Arjun looks through a colleague's files using a borrowed login, changing nothing. | 1 — Unauthorised access. |
| A hacker breaks into an online shop to steal card details. | 2 — Unauthorised access with intent to commit a further crime. |
| A worm is released that deletes files across a network. | 3 — Unauthorised modification of data. |
Even the first — looking but not changing — is illegal, because the access was unauthorised.
Try It Yourself 12 min
Goal: State what the Computer Misuse Act 1990 makes illegal.
Goal: Describe the three offences under the Act, with an example of each.
Goal: Explain why penetration testing (Unit 6) does not break the Computer Misuse Act.
Hint: the key word is permission.
📝 Exam Practice 10 min
State which law makes hacking a criminal offence in the UK.
Mark scheme
- The Computer Misuse Act 1990 (1).
Describe two offences covered by the Computer Misuse Act.
Mark scheme
- Unauthorised access to computer material (1).
- Unauthorised access with intent to commit a further offence / unauthorised modification of data (1).
A student logs into the school network using a teacher's password but changes nothing. Explain whether they have broken the law.
Mark scheme
- Yes — they have gained unauthorised access (1).
- This is an offence under the Computer Misuse Act even without changing data (1).
Recap & Key Terms 3 min
The Computer Misuse Act 1990 makes hacking and malware crimes. Its three offences are unauthorised access, access with intent to commit a further crime, and unauthorised modification of data. The key word is unauthorised — permission makes the same action legal.
- Computer Misuse Act 1990
- UK law making unauthorised access to, and misuse of, computer systems illegal.
- Unauthorised access
- Using a computer or data without permission — the first offence.
- Unauthorised modification
- Changing, deleting or planting data/code without permission — e.g. malware.
Homework 1 min
Task (≤ 15 min): Write three short scenarios — one for each Computer Misuse Act offence — and label which offence each is and why.
Model answer (shape)
(1) Reading a sibling's private messages with their phone — unauthorised access. (2) Breaking into a company server to steal customer data — access with intent to commit a further crime. (3) Releasing a virus that corrupts files — unauthorised modification. Each is illegal because it is done without permission.
Award marks for: a correct scenario for each offence (3); a valid reason (the access/change is unauthorised).