Lesson video

Hi, I'm Irfan.

And welcome to lesson three on the Freedom of Information Act and the Computer Misuse Act.

In this lesson, you will explain what the freedom of information act is, why it is important and how organisations respond to it.

We'll then go on to learn about the Computer Misuse Act, defining what computer misuse is and the associated offences linked to the Act.

And then you will identify situations that would be classified as an offence using real life case studies.

So let's check it out.

In this first part of the lesson, you will recap on the content from lesson two in this unit.

On the worksheet, answer the following questions.

One, name one benefit of open source software.

Two, name one difference between open source and proprietary software.

Three, what's is the right to be forgotten? Four, named one benefit of the Creative Commons licencing.

And finally five, can a computer programme algorithm be copyrighted? If you haven't already watched lesson two from this unit on the impact of technology, then you may find it helpful to do so before starting this task.

Pause the video now to complete the task.

When you have finished, resume the video.

Let's go through the answers.

Question one was, name one benefit of open source software.

The correct answer was a community of contributors with a range of expertise can contribute to the continuous improvement of the product.

They have the right to copy, modify and share the product.

For question two, name one difference between open source and proprietary.

When using open source, users have access to the source code and have the right to copy, modify and share the products.

Whereas with proprietary software, the users are licensees and cannot copy, modify, or share the product.

They do not have access to the source code.

In open source software, a community of interested users with expertise can contribute to the continuous improvement of the product.

Whereas with proprietary software, the vendor completely controls the update cycle and develops additional features.

Question three was, what is the right to be forgotten? The right to be forgotten parts of the GDPR means that an individual can request that an organisation erases their personal data.

This right only applies in certain circumstances.

For example, the personal data is no longer necessary for the purpose for which an organisation originally collected or processed it.

For question four, name one benefit of Creative Commons licencing.

Creative Common licences help copyright owners share their work while keeping the copyright.

They allow the copyright owner to say exactly what other people can do with their work.

For example, a Creative Commons licence might say that other people can copy and distribute the copyright owner's work if they give them credit.

A community of artists can make interesting changes to work and allow it to be further redistributed and shared.

Finally, for question five, can a computer algorithm be copyrighted? The correct answer is yes, but only once a source code is written.

How many did you get correct? If you did well, that's great.

But if you need to brush up on the law, data protection and copyright, go back and watch lesson two again.

In this next part of the lesson, you will learn about the Freedom of Information Act and why it is important for individuals and the effect it has on organisations.

The Freedom of Information Act was introduced to give any member of the public the right to access any information recorded by public sector organisations, such as those shown below.

Public sector organisations are owned by the government.

They provide goods and services for the benefit of the community.

Therefore the general public ultimately pays for and owns public organisations, and has a right to understand how that money is being spent.

Requests must be made in writing, either by letter or by email.

The organisation then has 20 working days to provide the information.

The minimum requirement for a response is that the request is in writing and the information is already gathered by the organisation.

In addition, there are circumstances under which organisations do not have to provide a response.

Circumstances under which organisations do not have to provide a response include: It would cost too much or take too much staff time to deal with the request.

The request is vexatious, meaning it is designed to create annoyance.

The requests repeats a previous request from the same person.

And in addition, requests cannot be responded to if they contravene data protection or general data protection regulation.

We can see here two different examples of Freedom of Information requests.

MP expenses.

In 2009, a request was made to Parliament for a list of expense monies paid to Members of Parliament.

Some were shown to be excessive and in some cases, even criminal.

Sir Peter Viggers tried to claim 1,645 pounds for a floating duck house in the garden pond at his constituency home.

Knife Amnesty.

In 2006, a widely publicised campaign to encourage people to hand in knives took place and was hailed a success.

A Freedom of Information request showed that after the campaign, the knife crime figures went up back almost immediately.

A metropolitan police statistical evaluation of the amnesty in London concluded that, a few weeks after the operation rates of knife crime were running at pre amnesty levels.

The amnesty appeared to have no longterm impact on reducing this form of violent crime.

A fact which only came to light as a result of a Freedom of Information request for the report.

Although sometimes the Freedom of Information Act is used to make unusual requests, important information has come into the public domain because of this act.

For example, regarding MP's expenses.

So why is the Freedom of Information Act so important? It promotes social justice.

Social justice refers to creating an equal society where everyone is treated fairly and has equal opportunities.

Public organisations act on everyone's behalf and spend money that belongs to everyone.

Therefore, everyone has a right to know how the organisation operates, and what they spend public funds on.

The MP expenses requests was significant as it was public money being spent.

What do you think happened to the MPs who had been dishonest in their expenses claims? The scandal over expenses that erupted in 2009 led to five Labour MPs and two Conservative peers going to prison.

A number of others had to repay money because their claims were borderline fraudulent or unfair.

Other examples of revelations that were in public interest include: Unanswered 101 calls, ambulance delays, and MOT failures.

If a public sector organisation knows that at anytime they may receive a request for information, which must be responded to within 20 days, what might this mean for organisations and how might this affect how the organisation behaves? They are aware that they are fully publicly accountable and many records, and there are some exceptions, could be viewed by any members of the public.

It may encourage some public officials to be more honourable.

It may also make an organisation ensure that records are kept in such a way that they are easily recalled.

It is also important to note that the act does not give people access to their own personal data, such as their health records or credit reference file.

If a member of the public wants to see personal information that a public authority holds on them, they should make a data protection subject access request.

In this final part of the lesson, you will learn about the Computer Misuse Act and find out which act constitutes computer misuse.

Let's start off by watching a quick video.

The year was 1984.

Two journalists and computer enthusiasts called Robert Schifreen and Steve Gold used a personal computer and a modem to connect to British telecoms owned service called Prestel.

They found the login screen and used the combination of social engineering and trial and error to get admin access.

The account ID they used was eight twos and the password was, wait for it.

One, two, three, four.

The pair use these credentials to explore the system.

Prestel was an early showcase of what information technology could do and included an early version of email.

Schifreen and Gold famously managed to get access to the personal email inbox of Prince Phillip.

They reported their to their boss who in turn informed BT.

BT took this information to the police.

And in 1985, the pair of hackers were arrested.

The Computer Misuse Act 1990, introduced three new criminal offences that included hacking, which is the illegal act of gaining unauthorised access to a computer system.

The punishment for breaking this law included: unlimited fines, several years in prison, or both, depending on how severe the offence is.

The three new offences included section one, unauthorised access to computer material.

Section two, unauthorised access with intent to commit or facilitate the commission of further offences.

And three, unauthorised access with intent to impair, or with recklessness as to impairing the operation of a computer.

When categorising offences under the Computer Misuse Act, there are two important distinctions.

One, there has to be intention.

You cannot accidentally fall foul of the Computer Misuse Act.

And two, even if you aren't the person who presses the buttons, you can still be charged under the Computer Misuse Act.

It's time for another task.

On the worksheet, fill in the Computer Misuse Act offence and analysis columns to demonstrate your understanding of the Computer Misuse Act.

Specify whether the following incidents which are based on true events, are offences according to section one, two or three of the Computer Misuse Act, or whether it is not a breach at all.

The first example has been completed for you.

In case one, computer operator Franklin McBride at an accountancy firm, was accused of hacking into the company's computer system with intent to defraud his employers of 1 million pounds.

The attack was discovered before the money was released.

This would be an offence under section two of the Computer Misuse Act.

Mr McBride had intended to defraud his employer, but was discovered before the money was released.

So he avoided Computer Misuse Act section three, but is guilty of intending to commit further offences.

Pause the video now to complete the task.

It should take between 10 and 15 minutes to complete.

Resume the video when you've completed the task.

In case study two, nurse Keith Howell obtained a doctor's password by shoulder surfing and used that user account to modify hospital patient prescription and treatment records.

This would be an offence under section three of the Computer Misuse Act.

Although Mr. Howell did not use the technology to access the account, by shoulder surfing, he's still guilty of unauthorised acts, and modified accounts illegally.

Falling appointments at the first cut hair salon were traced back to an ex employee called Marion Harrington who was continuing to access registrations on the company email account months later.

This would have been an offence under section one of the Computer Misuse Act for gaining unauthorised access to computer material.

By leaving the company, Ms. Harrington was no longer authorised to access personal data of the customers, but there is no evidence that she actually intended to commit any further crime with the data.

Case four now, Georgina Bates, pretending to be a member of staff, installed key logging software to capture passwords and access emails containing personal and financial data with the intention of redirecting funds to her personal account.

This would have been an offence under section two of the Computer Misuse Act.

Ms Bate's actions went further than accessing computer material, as she was collecting the personal data with the intention of stealing.

So this should be categorised under section two.

In case study five, Don Palmer unlawfully accessed the accounts of 4,000 players of online game Moonscape with the intent to steal gaming resources and modified 100 accounts.

This would have been an offence under section three because Mr. Palmer stole and modified accounts.

This should be categorised as section three and not as any other.

Finally case six.

17 year-old Nelson Morgan created a number of fictional social media accounts for a boy that he disliked at school who did not use social media.

He carried on the pretence for some time, communicating with other students and spreading untrue rumours about the student's relationships, past convictions, and personal interests.

Surprisingly though, this is not a breach.

In order to be categorised as a breach of the Computer Misuse Act, some unauthorised access has had to have taken place.

In this case, although it could have been categorised as another crime, ie "defamation," which is any intentional false communication, either written or spoken that harms a person's reputation, it did not involve any unauthorised access to the victim's computer.

Now that you've finished this lesson, don't forget to complete the accompanying quiz.

Also remember to share your work with Oak National.

If you'd like to, please ask your parent or carer to share your work on Instagram, Facebook, or Twitter, tagging @OakNational and #LearningwithOak.