www.tvtc.gov.

sa Ethics and cyber low

01
 Information and communications technology fraud

❑ Basics of English criminal law

Most criminal offences under English law are creatures of legislation. Most are set out in Acts of Parliament.
offence of unauthorized access to computer material under section 1 of the Computer Misuse Act 1990 states:
(1) A person is guilty of an offence if –
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorized; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
The menses of the offence is an intention to secure access to any program or data and concurrent knowledge that the access is
unauthorized. The actus reus is causing a computer to perform
any function and the fact that the intended access is unauthorized.

01
 Information and communications technology fraud

❑ The computer as an unwitting accomplice

A computer system might be used to detect information which assists the criminal in the commission of his crime.
For example, in the case of R v Sunderland (unreported) 20 June 1983, Court of Appeal, an employee of Barclay’s Bank used the
bank’s computer to discover a dormant account and then forged the holder’s signature to withdraw some £2,100.
The employee of the bank used the computer in a very simple way to detect an account which had not been used for a long period of
time but which had some funds in it, a simple but effective way of stealing money although, eventually, the scheme was discovered
when the holder of the dormant account attempted to make a withdrawal and discovered that the account contained less money than it
should have done.
The employee, who was of previous good character, was sentenced to two years’ imprisonment, which was changed on appeal by the
Lord Chief Justice who suspended 18 months of the sentence.
He said: . . . other people like bank clerks and bank officials need very little reminding that if they commit this sort of offence they will
lose their job and go to prison, albeit for a comparatively short time.
This case illustrates the vulnerability of some computer systems to criminal activities.
It also shows that the greatest threat of fraud comes from within an organization and employees are responsible for a great deal of ICT
fraud or attempted ICT fraud, ranging from small amounts of money to very large sums indeed

01
 Information and communications technology fraud

❑ The old deception offences

These included obtaining property by deception (section 15 Theft Act 1968), obtaining a money transfer by deception (section
15A Theft Act 1968), obtaining a pecuniary advantage by deception (section 16 Theft Act 1968), obtaining services by deception
(section 1 Theft Act 1978) and evasion of liability by deception (section 2 Theft Act 1978).
All these offences suffered from the defect that it was generally accepted that the deception had to operate on a human mind.
If false information was submitted to a computer system and processed by that system automatically, without human
intervention, these offences were of no use.
If a person had succeeded in obtaining money, for example, by means of a fraud, the offence of theft under section 1 of the
Theft Act 1968 could be applicable. However, there was no equivalent offence of theft of a service.
These and other deficiencies in relation to fraud were noted by the Law Commission5 and resulted in section 2 of the Computer
Misuse Act 1990 (the ulterior intent offence).
This was not restricted to fraud and was intended to deal with situations such as where a more serious offence was attempted
by means of computer ‘hacking’. It is described in the following chapter.
All the above offences under the Theft Acts of 1968 and 1978 have been repealed by the Fraud Act 2006

01
 Information and communications technology fraud

❑ The Fraud Act 2006

The Fraud Act 2006 fully came into force on 15 January 2007. The Act deals with some of the
deficiencies of the Theft Acts 1968 and 1978, especially when it comes to ICT fraud. It is now
clear that ‘phishing’, obtaining information such as a person’s bank account details by sending an
e-mail purporting to be from that person’s bank, is a criminal offence. This remains the case even
if nothing further has been done with the information thus obtained or even before the e-mail
has been transmitted.
The Act creates three new forms of fraud and an offence of obtaining services dishonestly.
None of these require deception to be proved but all are offences of dishonesty. The Act also provides for some offences related to articles for
use in fraud. Section 1 sets out the basic statement
that a person is guilty of fraud if he is in breach of any of sections 2, 3 or 4. These sections cover:
■ fraud by false representation;
■ fraud by failing to disclose information; and
■ fraud by abuse of position, respectively.
Section 1(3) sets out the penalties for section 1 fraud which are:
■ on summary conviction, imprisonment for a term not exceeding 12 months (six months in
Northern Ireland) and/or a fine not exceeding the statutory maximum;
■ on conviction on indictment, the maximum penalty is imprisonment for a term not exceeding 10 years and/or a fine.
Each of these forms of fraud under section 1 is now examined in detail, followed by the offences
relating to articles for use in frauds and then the offence of obtaining services dishonestly.

01
 Information and communications technology fraud

❑ Conspiracy to defraud

The Law Commission, in its report on Fraud, recommended abolishing the common law offence of conspiracy to defraud.
There were serious objections raised by this proposal and it has been
decided to retain the offence for the time being. If the Fraud Act 2006 proves to be effective in convicting fraudsters, conspiracy to
defraud may well be abolished.
However, it has proved useful in the past and, being common law, has the added advantage of flexibility and the ability to adjust to new
situations, an important aspect of law applicable to ICT crime.
Generally, a conspiracy is an agreement between two or more persons to carry out an unlawful act.
Conspiracy may be statutory or common law. A statutory conspiracy is when a person agrees with another or others to embark upon a
course of conduct which will necessarily amount to or involve a criminal offence by section 1 of the Criminal Law Act 1977, as
amended.
An example is where two persons agree to steal a computer; both will be guilty of a conspiracy to steal the computer even if they do
not go on actually to steal it.
Statutory conspiracy requires that the proposed act is itself a criminal offence and, in the case of the old offence of obtaining by
deception, the difficulties of deceiving a machine remained.

01
 Information and communications technology fraud

❑ Conspiracy to defraud

At common law, the offence of conspiracy to defraud proved useful. It appeared that, in this context, ‘deceit’ is not an essential element of the
offence and in Scott v Commissioner of the Police of the Metropolis [1975] AC 819, Viscount Dilhorne said:
. . . ‘to defraud’ ordinarily means . . . to deprive a person dishonestly of something which is his or of something to which he is or would or
might but for the perpetration of the fraud be entitled.
In other words, it is not necessary to show that a person has been deceived. In the Scott case, the accused made an agreement with cinema
projectionists to make copies of films being shown in
the cinemas and to sell those copies for profit.
The original films were borrowed overnight, copied and then returned the next day.
It was held that it did not matter that no person had been
deceived and the appeal against conviction was dismissed.
The common law offence of conspiracy to defraud is separate and distinct from the fraud offences in the Fraud Act 2006. There is certainly a
massive if not complete overlap where two or more persons are involved. The maximum penalty for conspiracy to defraud is 10 years’
imprisonment and/or a fine under section 12 of the Criminal Justice Act 1987.
The consequence is that if two or more persons agree to dishonestly operate a computer, perhaps entering a password they are not entitled
to use, to transfer funds to their own accounts,
they will be guilty of a conspiracy to defraud even though no human being has been deceived.
Of course, a limitation of the scope of this offence is that it requires an agreement between two or more conspirators and it cannot apply
when only one person is involved. In the past, and particularly before the advent of section 2 of the Computer Misuse Act 1990, the track
record of conspiracy to defraud in terms of dealing with computer fraud was very good. Indeed, even now, it may be preferable to use this
offence because of its inherent flexibility.

01
 Information and communications technology fraud

❑ The law of attempts

To be charged with an attempt to commit a criminal offence, the person involved must have done an act which is ‘more than merely
preparatory to the commission of the offence’ (section 1 of the Criminal Attempts Act 1981).
The scope of the law of attempts was uncertain when it came to computer fraud.
Most of the new offences under the Fraud Act 2006 can be committed without the completion of the relevant gain or loss actually taking
place, making the law of attempts redundant for these offences.
The only exception is the offence of obtaining services dishonestly.
This offence requires that the services in question are obtained.
In respect of that offence, the law of attempts retains a residual value in terms of ICT fraud (submitting someone else’s credit or debit card
details dishonestly to obtain the service should suffice as an attempt).
In any case, Information and communications technology fraud The law of attempts 433 25 INIT_C25.QXP 20/6/07 14:11 Page 433 section 2
of the Computer Misuse Act 1990 will apply.
This creates an ‘ulterior intent’ offence, where someone commits the basic offence of unauthorized access to computer material (‘computer
hacking’) with the intention of committing a further serious offence.
Thus, attempting to gain access to computer data in order to carry out a fraud by dishonestly making a false representation will be an offence
under section 2 of the Computer Misuse Act 1990 (discussed in the following chapter).
If the fraudster gets so far as to actually make the false representation, he will have committed the fraud offence itself, regardless of whether
the false representation was successful in meeting its aim.

01
 Information and communications technology fraud

❑ ICT fraud as theft

If a person carries out a fraud which results in that person obtaining property, including money
or a bank credit, the offence of theft may have been committed. Theft is defined in sections 1–6
of the Theft Act 1968 and section 1(1) states:
A person is guilty of theft if he dishonestly appropriates property belonging to another with the
intention of permanently depriving the other of it . . .
The words ‘dishonestly’, ‘appropriates’, ‘property’ and the phrases ‘belonging to another’ and
‘with the intention of permanently depriving the other of it’ all have special legal meanings which
are set out in sections 2–6 of the Act.

01
 Information and communications technology fraud

❑ ICT fraud as theft

As far as ICT fraud is concerned, there is no real difficulty arising from the meanings of these words and phrases although the following points
should be noted:
(a) the definition of ‘property’ is very wide and will cover most things that can be stolen with the aid of a computer or telecommunications
equipment, but land does not usually come within the meaning of property nor do wild mushrooms or flowers, fruit or foliage on a wild
plant
(b) property is deemed to ‘belong to another’ if that person has control of it or has any proprietary right of interest in it;
(c) ‘appropriation’ is the assumption of the rights of the owner;
(d) the ‘thief’ must intend to permanently deprive the other of the property; usually a mere 'borrowing’ of an article cannot be equated to an
intention to permanently deprive but it can be if,
for example, it is for a very long period of time or if, when it is returned, there is no ‘goodness’ or value left in it.
A case involving the borrowing of cinema films adds weight to an argument that a person who uses transfer funds electronically into his own
account does not commit the offence of theft.
In R v Lloyd [1985] 2 All ER 661, a projectionist at a cinema, in association with two others, removed films from the cinema for a few hours so
that they could be copied and then returned the films so that no one would know what had occurred.
The pirated copies of the films were
then sold, making a considerable profit for the pirates.
A charge of theft (actually a conspiracy to steal in this case) was held to be inappropriate.
As has been seen in the Scott case above, where the facts were very similar, a charge of conspiracy to defraud would have been more likely
to secure a conviction.

01
SUMMARY
■ Criminal offences may be analyzed according to the: – the mental elements (guilty mind); – actus reus, the
prohibited acts or omissions.
■ Most criminal offences are set out in legislation though some common law offences remain.
■ Offences may be classified as: – summary, triable in a magistrates court only; – indictable, triable only in the
Crown Court; and – offences triable either way.
■ In terms of tackling ICT fraud, the old deception offences suffered from the probability that it was not
possible at law to deceive a machine.
■ The Fraud Act 2006 brought in a number of offences appropriate to tackle ICT fraud, including: –
dishonestly transferring funds electronically; – phishing; – using bogus websites to obtain personal details
such as bank account details; – spyware, – dishonest use of telecoms and information society services.
■ Section 1 of the Fraud Act 2006 covers three forms of fraud: – fraud by false representation; – fraud by
failing to disclose information; – fraud by abuse of position.
■ There is also an offence of obtaining services dishonestly.
■ There are two offences relating to articles for use with fraud: – possession or being in control of an article; –
making, adapting, supplying or offering to supply an article.
■ The Ghosh test is likely to be useful in determining whether the accused was dishonest: – would a
reasonable and honest person regard what was done dishonest; and – if so, did the accused realize this?
■ Conspiracy to defraud remains available for the time being. The offence did not require that a person had
been deceived.
■ The law of attempts remains useful in limited cases.
■ If a fraud is completed, a charge of theft may be appropriate