• Naked Law is written by technology lawyers from Mills & Reeve. Our team is (mostly) based in Cambridge, England. We write about the latest legal and regulatory developments relating to information and communication technology, e-commerce, and privacy.

    Please send us an email or post a comment if you want to join in the discussions on Naked Law.


  • The information on this blog is not legal advice. You should not rely on it and we don't accept liability in connection with it. Please read our full disclaimer and let us know if you would like us to advise on any legal issue.

« Googletubed | Main | Will IBM bring Amazon to book? »


Stuart Langridge

What does "making, supplying or obtaining articles" mean? The text of the bill states that you have to know it'll be used to offend or that you intend it to be used to offend; does, for example, a full-disclosure mailing list which posts details of how to exploit a security hole contravene this provision?

Corporate Blawg

Hey Peter,

When I saw the reference to you on Human Law: http://humanlaw.typepad.com/ I had to get in touch.

Check out my blog - a slightly different style, but you may recognise me from the shadows...

All the best,

Corporate Blawg

Chris Lightfoot

The draft linked to is quite an old one, and I believe the text of those clauses has changed quite a bit since January. Irritatingly I can't find a more recent copy on either Parliament's or OPSI's websites. There's a somewhat more recent draft (bill 151, from July), though. The relevant bit is the new s.3A(2) of the Computer Misuse Act which reads,

"A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, [the other CMA offences]"

So, for instance, if I offer up GCC on my website, in the knowledge that some of the people who download it may well be script kiddies who will use it to compile exploit code, am I guilty of the offence? It comes down to how "likely" is interpreted. Tony McNulty, a Home Office minister, wrote in a letter to an MP:

"the mere fact that manufacturers and suppliers know that a small percentage of their software are likely to be used to commit offences, does not mean that they are committing an offence, because in the vast majority of cases the software will not be used for criminal purposes and therefore they could not be said to believe that any individual copy was likely to be so used."

I don't know whether this assurance is worth anything (and in any case I might still be guilty of the offence if for some reason lots of script kiddies used my website but few legitimate users did).

An interesting comparison is with the bits of copyright law that prohibit certain "devices" (including software) which could be used to infringe copyright or remove copy-protection. s.24 of the Copyright, Designs and Patents Act requires such a device to be "specifically designed or adapted" for the infringing purpose, and for its distributor to "[know] or [have] reason to believe" that the recipient would use it in an infringing manner" before the distributor is infringing. s.296 applies only to devices whose "sole intended purpose" is the prohibited use. s.296ZB applies only to devices which are "primarily designed, produced or adapted" for the infringing purpose.

Since the Home Office did not put such a test into the new Act I presume that they in fact intend the new offence to cover "articles" which have substantial legitimate uses. Or they could just be incompetent, I suppose.

The comments to this entry are closed.