is it illegal??

[ZeroHour]

Aha ... the use of security (or attempt to bypass it) raises the level of packet traffic to the application layer! You are now in breach of CMA! We also need to remember that in law in England and Wales (Scotland and NI do have a few more exceptions but should also conform to this) the attempt to commit a crime is the same as *actually* committing a crime.

This is not in the CMA though, it does not state along the lines of "your allowed to secure access as long as its open before and you dont beat security and you dont actually use the connection"
If we take the act literally I can only see it as meaning one thing, securing access regardless of use or security measures used is a breach of the act. It does not differentiate. If you are not specifically allowed access then you are in breach. I know common sense may apply to parts but the act is fairly clear imho and if it does not differentiate between types etc of securing access then its a cover all rather then a cover common sense. The act does not seem to care about packet technicalities either which tbh I think is better. The more technical an act the more likely people will get off with said technicalities.
The clarity comes from:

A person is guilty of an offence if he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

This implies trying to secure access is the crime. You will inherently see data over the network when you connect (in a receiving state) so its hard to argue connecting would never result in seeing data.

I have to say I am enjoying this thread I just dont want you to think I am nay saying you GD, just passing thoughts.

[GrumbleDook]

Happy to have some discourse about it all.

Another thing to remember is that the laws are statements to which you apply to circumstances and events. In the courts this is expanded to give case law and the rulings on case law give context and meaning to the bare statements.

Having said that, they key point I was making about trying to access things on a secured network is the point where the application layer hits. An attempt to gain access is an attempt to connect to the network and bypass / break the security that has been set. This is a the application layer are requires intent to do it. The device you are connecting to now longer is treated as a network or dumb device (as mentioned when talking about talking about what is a 'connection' under the Communications Act) but as a service. The attempt to use the service is the crime. Remember that a router is a computer ... one designed for a particular task and it runs many programs (units of code). Wireless routers are an example of this and the security features are a program in themselves ... this is one of the reasons why packets at this level are part of the application layer (yes ... gross generalisation and even a slightly patronising comment ... not intended that way.) This is the bit where the cross over between Communications Act and CMA is not clear ... if you connect to a secure network it is CMA, but if you then use the company's PBX to make calls it is Communications Act too. It could look like they *only* use Communications Act when CMA cannot easily be proved. If you can't get them on one thing, hit them with something else.

IIRC a chunk of this has already been discussed and publish on outlaw as well as slashdot ... a hunt through my mail archives will be needed. Strange to think that a bunch of lawyers have explained it all far more eloquently and with a goodly amount of technical specialism too.