Cheshire DS MacFarlane told Police Oracle that straightforward evidence gathering and strong sentences mean good results can come from bringing charges under The Computer Misuse Act 1990.

The Computer Misuse Act has been in place since 1990 and is designed to prevent unauthorised access to computer material. 

Cheshire’s Cyber Crime team have been using the legislation to strengthen a case where charges have already been brought, and as a possible avenue for prosecution should other lines of enquiry fall through. 

DS David Macfarlane said: “Only yesterday, I was responding to an email from an officer who was looking at a investigation where someone had accessed someone else’s Instagram, and had taken some photos and done something with them.

"So the officer was asking what kind of offences are we looking at? That's a classic example of a a unauthorised access. It may be that you have no other evidence of any other offences and you can use this aspect.

“But where this really can have value is when we move away from cyber-dependent jobs - looking for example at domestic abuse or harassment cases.” 

Pursuing a Computer Misuse charge might add weight to an eventual conviction or provide an alternative option.

DS MacFarlane believes officers are often deterred by not knowing what evidence gathering is involved.

The answer is that there are different options, including individuals being able to access their own data from certain sites such as Facebook.

However, it is also possible to make communications data applications to the relevant social media or tech company that could then identify a time and location of access to an account.

Such routes mean that obtaining the data is not dependent on having access to a victim's device. 

The legislation works on a “sliding scale”; section one encompasses unauthorised access, section two unauthorised access with a view to facilitating a further offence (for example taking photographs for blackmail), and section three unauthorised access with intent to impair the operation of a computer. 

Upon indictment, sentencing for a section one offence starts at two years in custody, while the starting point for those committed under section two and section three stands at five and ten years respectively.

“Something we come across quite a bit as well people asking whether it’s relevant if they have given their password to the alleged perpetrator previously,” DS MacFarlane explained. 

“As long as the access is without authorisation, it's a Computer Misuse offence.

“It’s possible you could get into a situation where the alleged perpetrator argues that they were given permission [...] but if you were in a situation for example where you had a relationship that has broken down and partners with living separately, which is probably where we can utilise this the most, alleged perpetrators would be hard pressed to argue that it was authorised.” 

Since being established in 2019, Cheshire’s Cyber Team has had 12 successful prosecutions with this offence with three more currently ongoing. The team reports positive responses from the CPS on using the legislation. 

To date, they have not had to go to trial and only had guilty pleas. DS MacFarlane thinks while everyone has their own reasons, it's helped by the fact that the evidence in this area is “black and white”. 

“It’s about investigating a bit more widely around what’s actually happened and especially anything where the victim is reporting that their online accounts have been accessed [...] particularly in the context of some of the more vulnerable investigations like stalking. 

“All this is really good evidence that we need to be using and not just overlooking - especially when we might be struggling elsewhere.”