Portsmouth FC, Non-Payment, and the Computer Misuse Act
You may have read about the High Court ruling that Portsmouth FC must submit a statement of affairs next week, in advance of a hearing of the case brought by HMRC for winding-up the organisation. This is the latest, and possibly the last, chapter in the club’s recent story of financial hardship, but an earlier event in the saga provoked this blog post.
One consequence of their financial situation has been their inability to pay their website service provider, who responded by removing access to the site temporarily. This kind of incident can have a considerable impact on businesses, especially where their online presence contributes a lot to their marketing and revenue streams, but what other option does a service provider have in the face of non-payment?
The response of the hosting company might seem reasonable to anyone that has had difficulties chasing clients for payment, but this type of action may not always be as legitimate as it seems.
The Computer Misuse Act makes it a criminal offence to intentionally attempt to secure access to any program or data, held in any computer, without authorisation. If this is done with intent to prevent or hinder access to any program or data held in any computer, then the offence is dealt with much more seriously. To clarify the notion of authorisation, the House of Lords, in the case of R v Bow Street Magistrates Court and Allison ex p. USA, explained that the offence should cover a person who causes a computer to perform a function when he should know that particular access is unauthorised.
The potential consequences are not immediately clear, but consider the following: a web design company that provides hosting for its clients, in response to non-payment for the design of a website, decides to suspend access to that site. The company might be authorised to control access to the data on their own systems, notwithstanding certain clauses in their service agreement, but what if they don’t provide the hosting, only the design?
If they have access to their clients web hosting, only in order to upload and manipulate the website, they are not implicitly authorised to control access to the hosted data. So if they block access to the website they are breaching the Act, by intentionally accessing a system to hinder access to data held therein, without authorisation.
To draw an analogy which may be more familiar: say, for example, you as an artist were to sculpt statues for two different clients. It is agreed that the first is intended to be housed in your own gallery, and the second is given to your other client to display on their own premises. On both accounts payment is not received, and so you decide to take action. You remove the first sculpture from your gallery, refusing to keep it on display until your invoice is settled; and to retrieve the second you break into the premises where it is kept and take it.
While you may be within your rights to suspend performance of your contractual obligations, on the second set of facts you commit a criminal offence by entering premises without permission. Similarly, under an agreement to design a website and arrange hosting for it you may be entitled to block access to it in response to non-payment, but if your agreement covers only the design and not the hosting, which is arranged by your client, then your unauthorised exercise of control over access to data on their systems may fall foul of the Computer Misuse Act.
What is important to understand here is that non-payment by a client does not entitle you to take reckless action. There are other options available, for example in the circumstances outlined above you might bring a claim for breach of contract, or copyright infringement. If you find yourself in this sort of dispute it is always advisable to consult a lawyer who, with a proper understanding of your circumstances, can advise you of the best course of action.