7. Problems

Whilst it is good news that we have this legislation in place, in practice we have seen very few cases actually prosecuted under the Computer Misuse Act. And even when the odd case does go to trial, sentences tend to be lenient.

The main problem seems to be actually proving that there was intent when the offence took place. Many people plead ignorance saying that they weren't aware what they were doing was illegal or that they didn't realise they were in possession of a virus.

Another issue is tracing who was actually responsible for the offence. Many people put the blame on others saying that it wasn't them logged on and that someone must have gotten hold of their password and user name.

Other problems are by the time the offender is actually caught, the damage to the company system has already been done. Data may have been lost or irretrievably damaged or it may have already been sold onto other companies.

2015 update:

The Act is now over 20 years old, which is an age in terms of internet and online life. And so the Act was amended in March 2014 to include a 10 year sentence to the most serious computer related crimes. (see: https://www.legislation.gov.uk/ukpga/1990/18/section/3#section-3-6-b)

But to put it in perspective, there were only two prosecutions using the Computer Misuse Act in England and Wales over the last three years.