The major software producers were losing so much revenue through of illegal copying that they have formed associations take action against software piracy. There are two such associations, both organisations have a policy of actively pursuing copyright violations: -

FAST is the UK federation of software producers. In 1991 FAST brought an action against GEC Marconi Instruments alleging unauthorised copying of software. In a controversial test case they obtained an 'Anton Piller' order to inspect the company's computers. This was a form of injunction, which acted as a search warrant, instructing the defendant to admit a search party and allow seizures. Failure to comply would have put the company in contempt of court and its officers would have faced imprisonment. The case ended amicably with Marconi agreeing to carry out a "software audit" and presumably agreeing to buy extra copies of software as a result. In 1998, FAST commissioned a Mori Poll in which 2,400,000 users admitted having broken the copyright law.

BSA is a US based organisation and was founded in 1988 by Lotus, Microsoft, Aldus, Ashton-Tate, Autodesk and Wordperfect. It merged with another body the Software Publishers Association, SPA, and now has well over 600 members, with branches in 64 countries.

The table below shows the extent of the problem.

BSA were very alarmed by a case in 2000, when a Turin judge ruled that copying software programs was not illegal, under Italian law, provided they are not sold for profit. The judge acquitted a local businessman of illegally copying word processing, accounting and industrial design software because he had done it only for use within his own company.

Copyright is one of a number of special property rights collectively referred to as 'intellectual property'. The various intellectual property rights are frequently confused. You sometimes hear talk of copyrighting an invention or patenting a trademark.

The simple view of copyright is that it is a right given to authors or creators of 'works', such as books, films, design drawings or computer programs to control the copying or other exploitation of their works. Unlike patent rights, copyright begins automatically when a 'work' is created without the need to comply with any formalities.

There are generally two categories of works, original works such as literary, dramatic, musical and artistic works, and derivative works such as sound recordings, films and broadcasts. A computer program is protected expressly as a species of literary work. However, the scope for protection is very wide. In use a computer program will generate reports, screen displays and even sound effects and copyright can exist in these as well as in the program itself. Although, the major emphasis of the Act is on protecting the program code from being copied, compiled or de-compiled, protection can also extend to structural aspects of the program and its associated data files, and even to the basic algorithm underlying the program.

English copyright law has a history going back five centuries and has been regulated by statute for almost three. Copyright has always had difficulty in keeping up with the technology of the day, the first modern copyright law, the 1709 Statute of Anne, was introduced to protect the interests of authors faced with advances in printing technology.

Until as late as 1985, when the Copyright (Computer Software) Amendment Act 1985 became law, it was uncertain whether computer programs were protected by copyright in the United Kingdom. This act was an interim measure until the main copyright and patent legislation was modified to cover software. The Copyright Designs and Patents Act 1988 came into force on August 1 1989. Its predecessor the Copyright Act 1956 had been the subject of considerable amendment throughout its life and the 1988 Act was seen as an attempt to start again, to cope with the considerable changes that had occurred in technology and to make provision for computer software. This Act is a long document, it runs to some 233 pages, and the provisions for computer programs are often hidden in discussions on literary works etc., many of the interpretations still need to be tested in court.

In the strange way that the law works, interpretations often arise from apparently completely unconnected sources. One of the most important statements on copyright arose from a dispute between two curtain rail manufactures, LB (Plastics) Ltd and Swish Products Ltd in 1979. In his judgement Lord Wilberforce made the following statement: -

Put in these terms copyright protection is established as a very simple ethical and moral question. We would never dream of stealing a car, nor would we steal a piece of software from a shop. Yet we find it so difficult to resist stealing their software by copying.

There are two types of Infringement.

Primary infringement is when someone directly commits an infringing act or authorises someone else to do so. If I give you the original discs of a piece of software to copy, we are both guilty of a primary infringement.

Secondary infringers are at least one step removed from the original infringement but may be implicated by, for example, distributing the illegal copies. There is an important distinction between the two, primary infringers are guilty of copyright infringement whether or not they realise what they are doing but in the secondary form you are only liable if you know or have reason to believe that you are committing an infringement.

The Act contains a very simple statement; the copyright owner has the exclusive right 'to copy the work' and to authorise anyone else to do so. The Act states that the control over copying applies to the whole or any substantial part of a work. Copying is defined as 'reproducing the work in a material form' including 'storing the work in any medium by electronic means'. This is reinforced by the statement that 'copying in relation to any description of work includes the making of copies which are transient or are incidental to some other use of the work.’ Running a computer program entails copying the program from disc into the computer's memory, therefore it is possible to infringe program copyright by use of the program. This gives the software owners the right to insist on a licence to use. It follows that use of a single copy of the software on several machines is illegal without the owner’s permission.

The Act restricts the making of an adaptation of a literary, dramatic, or musical work. 'Adaptation' means, among other things, making a translation of a work. In relation to a computer program, translation means converting the program to a different language or compiling or decompiling it. This section makes the reverse engineering of object code back to source illegal without the permission of the owner.

Issuing Copies to the Public

The Act provides that ' The issue to the public of copies of the work is an act restricted by the copyright in every description of copyright work'. This has the effect of giving the owner control over the publication of his work. There is exclusion in the Act, which allows the hiring of legal copies, but this exclusion is qualified in that the restriction on the issuing of copies includes rental for sound recordings, films and computer programs. Prior to this Act copyright owners were only able to restrict the rental of their product by a specific agreement, this restriction is now automatic. Restriction by agreement was of limited value to authors in the mass-market distribution of products.

Secondary infringement occurs where without the consent of the copyright owner, a person 'imports into the United Kingdom, otherwise than for his own private and domestic use, an article which is, and which he knows or has reason to believe is, an infringing copy of the work'. Possession and dealing in infringing copies are also offences.

Copyright in a work is infringed when, without the consent of the copyright owner, 'an article specially designed or adapted for making copies of that work' is manufactured, imported, or commercially dealt in by a person who knows or has reason to believe that it will be used for that purpose. It is still not clear what interpretation should be put on this section. In the broad interpretation it could be argued that it covers photocopiers, personal computers and tape decks. Certainly the manufacturers of twin cassette decks often put a notice on their products pointing out the existence of the Act. The probable interpretation is a very narrow one, on the basis of the reference to 'that work', it could be taken to mean a device specifically designed to copy a particular work and not just for making copies generally.

If a work is transmitted over some communication system, then in theory each recipient who stores the work is guilty of infringing copyright. However the practical difficulties of enforcing this right make it of little value. But, the Act does provide copyright owners with the right to prevent transmission in the first place.

In other words if you supply copies of a program down a telephone or over a network without the permission of the owner you are guilty of secondary infringement.

The Act specifically strengthens the rights of copyright owners who distribute their products with some form of copy protection incorporated. It is an offence to make available any device designed to circumvent copy protection. 'Copy protection' is defined as including ' any device or means intended to prevent or restrict copying of a work, or to impair the quality of copies made'. This section again will need careful interpretation, in its widest sense it could include any hardware or software designed to recover corrupted data. In fact a more restricted interpretation will prevail, if a device has several potential uses, some of which are legitimate, it is unlikely that this section would apply. However, if the device were advertised as being capable of circumventing copy protection then action would probably succeed.

In looking at the penalties we need to consider both Civil Remedies and Criminal Sanctions.

Copyright is a property right and in the case of a proven infringement the owner is entitled to various benefits. He is entitled to take out an injunction to prevent further breaches of copyright, to damages for the losses incurred through breaches and for an order to deliver up infringing copies. In some circumstances, court orders can be obtained before a trial without the alleged infringer being given any warning. An order, which has been used successfully against audio, video and software pirates, is the 'Anton Piller' order. This order allows you to enter the premises of someone you suspect of breaching copyright, without warning and seize evidence, which might disappear or be tampered with before the trial. The possibilities of abuse inherent in this type of order are obvious and the courts strictly control its use.

Damages are intended to compensate the owner for the actual loss incurred as a result of the infringement. One way that damages are often calculated is on the basis of how much it would have cost to obtain a licence for the software instead of copying it. There is however provision for the courts to award additional damages if they consider the offence to be particularly flagrant or if exceptional benefits have resulted from the infringement.

The Act also sets out a number of categories of criminal copyright infringement; these are generally reserved for action against cases of deliberate copyright infringement for commercial gain.

The copying or importation of illegal software is punishable by, on summary conviction, i.e. in a magistrate's court, imprisonment for up to six months and a fine of up to £2000, or both. On conviction on indictment, i.e. by a Crown court, the maximum penalties are two years imprisonment and a fine, or both.

The offence of possession of a device designed to copy software can only be tried in a Magistrate's Court and the penalty is up to six months imprisonment or a fine of up to £2000 or both.

When a person is charged with any of the criminal offences then the court may order that the copies or the device for making the copies be delivered up to the court. The Act also provides for a magistrate, if satisfied that an offence has been or is about to be committed and that relevant evidence is in the premises, to 'issue a warrant authorising a constable to enter and search the premises, using such reasonable force as is necessary'. There is also provision that if the offences are committed by a company with the knowledge or consent of a director, manager, secretary or anyone acting in such a capacity then that person is guilty of the offence and can be prosecuted and punished accordingly.

In general, copyright law in other European countries is much weaker than in the UK. Since 1992 there have been seven EU Directives aimed at harmonising copyright legislation. There is still a lot of discussion about the protection of software. Some european authorities claim that the copyright protection of software stifles innovation and competition, and there have been attempts to allow an element of "reverse engineering" or "decompiling" in the interest of open systems. This has been resisted by organisations like FAST, which have made representations to the government calling for the strengthening of the legislation. They are worried about the effective enforcement of the Act and the hazy line between illegal copying and where software adaptation creates a new product.

However, that latest EU Directive which should be implemented in the UK this year will make it a criminal offence to distribute means for circumventing copyright protection, including software. This is becoming of particular interest with the increasing popularity of DVDs.

Some new figures suggest that last year; the activities of hackers cost industry worldwide some £25 billion. It was also reported that, in the UK alone, there were over 20000 successful hacker attacks in January of this year. Evidence suggests that an increasing number of these attacks are politically motivated.

The Computer Misuse Act 1990 is an Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes. An interesting legal point is that no where in this act are the terms "computer", "program" or "data" defined, this was recommended by the Law Commission on the grounds that the pace of technological change would soon render such definitions outdated.

In 1987 the Scottish Law Commission published a Report on Computer Crime, in this report they advocated the creation of a new offence in Scotland of "obtaining unauthorised access to a computer". Following this report and because of public concern over the misuse of computers by unauthorised parties, the English Law Commission set up a committee to investigate Computer Misuse. In October 1989 the Law Commission published Report No. 186 which recommended various changes to the Law. The ruling on the Prestel case that we mentioned previously was given during the Law Commission's deliberations and emphasised the need for action, a Private Member's Bill, sponsored by Mr Michael Colvin, was introduced to give effect to the Law Commission's recommendations.

The most important effect of this Act is that it makes misuse of a computer a criminal offence. The Act creates three new criminal offences: -

This offence is designed to criminalise both the activities of the "remote hacker" and the "insider", such as an employee, who exceeds his authorisation to use a computer.

A person is guilty of this offence if he knowingly causes a computer to perform any function with intent to secure unauthorised access to any program or data on any computer. The proviso that the defendant causes the computer to perform any function excludes such activities as reading confidential computer output, reading data displayed on the screen or "computer eavesdropping". It doesn't require the defendant to succeed in obtaining access or to be successful in breaking any security measures. A remote "hacker" is guilty of an offence if he only causes the computer to display its log-on message. If you have direct access to a computer the offence is committed as soon as you switch it on without permission. The action need not be directed at any particular program or data, this covers the hacker who gains access to a computer without knowing what he will find there. The prosecution must prove that the defendant intended to gain access and that he knew that the access was unauthorised. This is a summary offence and can be heard in a magistrate’s court; it carries a penalty of up to six months in prison, a fine of up to £2000 or both.

The courts also have powers under other legislation to award damages and to confiscate equipment used or intended for use in committing an offence.

This offence is an aggravated form of the first offence; it consists of actions sufficient to commit the first offence but with the intention of committing further more serious offences. It is designed to cover such cases as gaining unauthorised access to a bank's computer in order to commit theft by transferring money to your own account, or gaining access to confidential information held on a computer database to use for blackmail.

A person is guilty if he commits an offence under Section 1 with intent to commit an offence to which this section applies or to make it easier for himself or somebody else to commit such an offence. This section applies to offences the sentence for which is fixed by law or for which a person over 21 could be sentenced to 5 years imprisonment. It doesn't matter whether the offence is to be committed at the same time or later, and a person is guilty even if the further offence is impossible.

This is an indictable offence, if the case is heard in a Magistrates Court, the penalty is up to six months imprisonment or to a fine up to the statutory maximum, or to both. If the offence is heard in a higher court then a sentence of up to 5 years in prison or a fine or both can be passed.

This offence is intended to cover cases of deliberate erasure or corruption of programs or data. It also covers the introduction of a "computer worm" or "computer virus".

A person is guilty under this section if he intentionally causes an unauthorised modification to the contents of any computer, and he knows that it is unauthorised. It must be shown that the defendant intended to impair the operation of the computer, or to prevent access to any program or data, or to impair the reliability of such a program or data. The action need not be directed at any particular computer, or any particular program or data, or any particular modification.

The penalties under this section are the same as under Section 2.

This section was added at a late stage and was the subject of considerable debate in Parliament. If there are reasonable grounds for supposing that an offence under Section 1 has been or is about to be committed in any premises and that evidence of the offence is in the premises, then the police may apply to a circuit judge for a warrant to search the premises. It is unusual for a summary offence to carry the power of search, although a similar provision is included in the Copyright Designs and Patents Act 1988. Offences under Sections 2 and 3 are arrestable offences and the power of search already exists in relation to them.

In 1991, regulations governing University computing facilities were introduced into the University Calendar, any breach of these regulations is thus a University not a Department matter.

You should make a point of studying these regulations, they designate two levels of offence: -

Use or attempted use of a username for any purpose other than that for which it was allocated or use of another person's username. This could lead to suspension or withdrawal of the facilities.

Any attempted or actual breach of security, this constitutes a major offence under the University's Disciplinary Regulations. The penalties which may be imposed include reprimand, fine, suspension from academic privileges, expulsion from the University and in cases involving damage a requirement to make good the damage.

Offences under the heading of security include: -

1. Accessing or attempting to access, copying or using another person's programs or data without their permission, this includes finding out their password.

2. Not taking reasonable precautions to protect your data from unauthorised use. This could include use of an obvious password and careless use of the. rhosts facility.

3. Accessing or attempting to access, the management facilities of the system or any other systems not available for general use.

However, the fact that 'hacking' is now a criminal offence, regardless of whether damage has been done, could remove the matter from the University's hands. In 1991 an article appeared in Computer Weekly reporting a case of students at Coventry University who were suspended from using computer terminals while an internal investigation into suspected offences under this Act took place. The University did not disclose many details, but it appears that the culprits were looking at other student's files and did not cause any damage. The University dealt with the matter by internal disciplinary action; they felt that prosecution could seriously damage the student’s career prospects by effectively barring them from work at financial and other sensitive sites. There was however pressure from Michael Colvin, the MP who introduced the Bill, for the students to be prosecuted under the Act. There seems to be a divergence of opinion amongst police authorities on the correct course of action. The Metropolitan Police's computer crime unit said that any breach of the Act should be reported to the authorities however trivial. The West Midlands Police said that only serious hacking incidents should be reported.

The first major case brought under the Computer Misuse Act was heard at Southwark Crown Court in 1993, 3 men, one of them, Paul Bedworth, a computer science student at Edinburgh University, were accused of hacking into University systems all over the world and into the EC systems in Luxembourg. The student was cleared after his defence argued that he had become addicted to hacking and was not capable of showing the necessary intent to commit the offence. The other two defendants each received six-month jail sentences. The case of Paul Bedworth generated concern that the Act might not work. There were calls for the need to show intent to be removed from the Act. However, it is likely that this was simply a perverse decision by a jury.

A freelance typesetter was fined £1650 and conditionally discharged for two years after altering a client's computer preventing the client from accessing it because he believed he was owed £2000 in fees. The judge said the crime was not particularly serious although the client claimed to have lost £36000 of business.

A nurse was sentenced to 12 months imprisonment after breaking into a hospital computer and altering a patient's prescription to a lethal dose.

In December 1993 under a new interpretation of the act, a man received a six-month sentence for unauthorised access to a computer without even touching a keyboard. He made a telephone call to a contact and asked her to obtain information for him, she received a fine of £300.

A case in 2001 of a defendant named Maxwell-King showed the breadth of cases covered by the Computer Misuse Act. This person manufactured a small number of electronic boxes which allowed cable TV viewers to access all cable channels, not just those for which they had paid. He manufactured and sold 20 such boxes at a price of £30. He was convicted of an offence contrary to section 3 of the Act. The court indicated that, although the defendant was several steps away from the actual offence committed the actual user of the box, imprisonment had been considered. However, in view of the small scale of the manufacture, and the fact that the cable companies could themselves have taken steps to prevent such activities, the court felt that a sentence of imprisonment was wrong, and he was ordered to do community service. He was also ordered to pay some £10,000 in costs.

On April 18 2001 there was another development in the fight against computer crime. A new police unit was established as part of the National Crime Squad. This new unit, known as the National High-Tech Crime Unit, (NHTCU), will take the lead in police investigations of hacking and other Internet or computer based crimes.

The NHTCU is multi-agency and will be based in London. A Detective Chief Superintendent from the National Crime Squad, Len Hynds, has been appointed Head of the Unit and he will work with law enforcement experts selected from the National Crime Squad, the National Criminal Intelligence Service, HM Customs and Excise and police forces. The Unit will also work in close partnership with the IT industry. £25m. of funding over three years as been allocated, just over £10m of which will be used to develop local force computer crime units.

The Appeal Court in 1985 indicated that if person sent a telex from London to divert funds from New York to his account in Geneva, the theft would not have taken place in London and so the English courts would not have had jurisdiction to try the perpetrator.

The Computer Misuse Act corrects this by making it an offence to use a computer to commit a crime in another country and to commit a crime in this country from a computer in another country.

We have seen that the use of existing legislation was not very successful in combating computer crime, but that recent legislation has made the illegal copying of software and such offences as "hacking" criminal offences. There is also evidence that in future institutions, such as the University, may be forced to initiate criminal proceedings when in the past they would have applied internal disciplinary proceedings.

So far we have looked at: -

Data Protection Act 1998

Copyright Designs and Patents Act 1988

Computer Misuse Act 1990

In another lecture we will look at the Regulation of Investigatory Powers Act 2000 and the Freedom of Information Act 2000.