The Computer Misuse Act 1990, which became law in the UK in August 1990, creates three new criminal offences. Two of these are designed to outlaw the gaining of unauthorised access to computer-held programs or data, whether by an outsider acting remotely (‘hacking’), or an insider, such as a company employee, gaining access to computer-held material which they have no permission to see. The third offence is designed to bring the deliberate corruption or erasure of computer programs or data, including the putting into circulation of computer ‘worms’ and ‘viruses’, within the ambit of the criminal law. The Law Commission, Report 1 which promulgated the Computer Misuse Bill, and the Bill itself, were the subject of great interest and scrutiny by various groups, including lawyers and computing professionals. Although originally a private member's Bill, the measure received full government support. The precise content of the new offences has been the subject of detailed discussion elsewher, 2 and so it is not proposed to tread that ground again here. Rather, the purpose of this article is to look at the overall shape of the new legislation in the United Kingdom within the general context of the criminal law's response to the misuse of computers and information technology generally. This topic has been little examined, and what follows can only be regarded as a preliminary exploration of the issues.