We would never dream of dispatching police officers to the scene of
a crime with their hands tied behind their backs. Yet this is
exactly the handicap the police and law enforcement agencies carry
in their efforts to combat computer and Internet-based crime.
Attempts to investigate and prosecute cybercriminals are hampered
because the UK's computer crime laws are outdated and full of gaps.
Although the Government has introduced a raft of new laws that give
police the power to monitor
e-mails and Web traffic, it has made little effort to empower
either the police or the private sector to take action against
computer criminals. Even when criminals are caught, the penalties
available to judges often do not reflect the damage that their
crimes can cause.
The National High-Tech Crime Unit has urged the Home Office to
review UK law and drag it into the 21st century. But the Government
remains unlikely to plug the gaps in the law during this, or even
the next parliament.
That is why Computer Weekly is this week throwing its weight behind
the call for reform, with the launch of its Lock Down the Law
campaign.
The aim of our campaign is to persuade the Government to give the
police a fighting chance in combating computer crime by
prioritising a review of the UK's archaic computer crime laws.
These laws remain riddled with loopholes. Take the Computer Misuse
Act, which relies on the old-fashioned concept of trespass to
protect computer systems against unlawful access by hackers, and is
therefore ill-equipped for a world in which organisations are
routinely inviting the public inside their IT networks.
Or consider denial of service attacks, where hackers attempt to
halt computer systems by bombarding them with tens of thousands of
messages. Under current UK law it is difficult for the police to
bring a prosecution following these attacks, despite the fact that
they have the power to cripple a corporate Web site and cause huge
loss of revenue.
Just as crazy is the fact that it is a criminal offence to steal a
computer under current UK law, but not to steal a copy of a
confidential document from a computer system.
But why should you care about the idiosyncrasies of the judicial
system, or the machinations of Westminster?
The answer is simple: because without any realistic threat of
prosecution, hackers remain at liberty to redouble their efforts to
compromise global business. Research in the US suggests that there
are 4,000 denial of service attacks each week. Next year that
number could have doubled or trebled - and your organisation could
have joined the ranks of the cyber-victims.
The prime minister Tony Blair has stated that he wants to make the
UK the best place in the world to do e-commerce. For this to turn
from pipe dream to reality, he will need to make an overhaul of UK
cyber law a priority. If he doesn't, we will want to know why.