LAWS ON NETWORKING

Introduction | JANET Policies | Laws on Networking | Regulated Activities | Other Documents

LAWS ON NETWORKING

Contrary to popular opinion, the Internet is not lawless. National and International Law apply to activities carried out using computers and networks just as they do in any other sphere of life. The UK has a number of laws which apply particularly to computers and networks:

The Computer Misuse Act 1990 creates offences of unathorised access and unauthorised modification of computers and data. Unsuccessful attempts to gain access or modify data without authorisation are also likely to be criminal offences. Following an enquiry in 2004, the Police and Justice Act 2006 amended the "unauthorised modification" offence to become "unauthorised interference" to ensure that denial of service attacks were covered;
The Communications Act 2003 creates offences of improper use of a public communications service (s.127) and dishonestly obtaining electronic communications services (s.125). It should be noted that the latter offence has been used in a number of prosecutions for "war-driving", the practice of using other people's wireless networks without permission. Users should think carefully before connecting to something that may be a private wireless network not intended for public use.
The Regulation of Investigatory Powers Act 2000 controls the interception of traffic on networks, and was introduced to ensure the UK could comply with the Human Rights Act 1998 rules on privacy of comunications. Interception for business purposes, for example the enforcement of acceptable use policies, is covered by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. The Act also creates powers for the police and other investigating authorities to require networks to provide information about their users and their use of networks. Other Statutory Instruments and Codes of Practice relating to this Act may be found on the Home Office web page.
The Data Protection Act 1998 establishes requirements on anyone holding personal data on a computer or any other organised filing system. Detailed restrictions on the use of personal data in electronic communications (for example sending unsolicited e-mails) is contained in the Privacy and Electronic Communications (EC Directive) Regulations 2003. Information on this legislation is available from the Office of the Information Commissioner. The JISC Legal Information Service have published a comprehensive Code of Practice on the application of the Act to HE and FE instutitions.
The Anti-Terrorism, Crime and Security Act 2001 creates a voluntary Code of Practice for retention of communications data by public network providers. As private networks, JANET and its connected organisations are not covered by this code and are recommended to follow the Best Current Practice published by the London Internet Exchange (LINX).

Note that the links above refer to the original texts, as passed by Parliament. Subsequent amendments will not be reflected on those links: a database of amendments has recently become available.

There are also European laws regarding computer misuse, electronic commerce, data protection etc. and other countries may claim jurisdiction over online activities that affect them or their citizens.

The JISC Legal Information Service publishes a great deal of information on the impact of the law on IT in universities and colleges.