The United Kingdom has recently passed the Serious Crimes Act, 2015.
Part 2 of the Act makes several amendments to the Computer Misuse Act 1990 (“CMA”), including:
– a new offence of unauthorised acts in relation to a computer that result either directly, or indirectly, in serious damage in any country to the economy, environment, national security or human welfare, or create a significant risk of such things. The offence will carry a maximum sentence of life imprisonment for some categories of cyberattack. A person is guilty of the offence if they, at the time of commission, are aware that it is unauthorised, and intends the act to cause serious damage of a material kind, or is reckless as to whether such damage is caused; and
– an offence for obtaining a tool for use to commit an offence under s1 (unauthorised access to computer material) and s3 (unauthorised acts with intent to impair, or with recklessness as to impairing operation of computer) of the CMA, regardless of an intention to supply that tool; and
– the extra-territorial provisions have been extended to provide for the ability to prosecute a UK national who commits any CMA offence outside of the UK where the conduct has no significant link to the UK (provided that the office is also an offence in the country where it took place).
Would these be appropriate for Canada, or does the ‘mischief to data’ provision of s. 430(1.1) of the Criminal Code cover it sufficiently? The Code provides a maximum penalty of ten years, unless the mischief causes ‘actual danger to life’, in which case the maximum sentence is imprisonment for life. Would increasing the sentence for damage to ‘the economy, environment, national security or human welfare’ likely deter anyone who would not be deterred by the prospect of up to ten years in jail?