The Computer Misuse Act 1990, section 1, says that a person is guilty of an offence if
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured;
(b) the access he intends to secure, or to enable to be secured, is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
My question: How is a Mens Rea for this crime established, and to what extend does "Knowingly" performing unauthorised access have to be proven?
A hypothetical example:
A web developer is sent login details for a website as a volunteer, unpaid. He completes the website, including his watermark, and goes on about his business. He deletes the login details, as he no longer wants access to them. A year later, he and the owner have a disagreement and the owner now claims that the access was unauthorised.
What would have to be proven, in this scenario, either to show the access was unauthorised, or that the access was authorised? What is stopping anyone from giving details to an account, then later claiming they were never sent by deleting the message?
When conducting business and you're given access to an account as part of your work, should you retain proof of them sending credentials to cover your back? Or do you just hope they don't point the finger at you later, which admittedly is unlikely?
