Police hamstrung by UK's outdated computer laws
- Posted:
- 14:41 05 Mar 2003
- Topics:
- Databases
Police investigations into thefts of company databases
are being hampered by out-of-date computer crime laws, Scotland
Yard's computer crime unit said this week, in a move that will
intensify calls for a review of the UK's Computer Misuse
Act.
The disclosure follows reports from leading law firms that database
theft has increased sharply during the economic slowdown, prompting
businesses to resort to the civil courts to recover company secrets
from former employees.
Detective sergeant Steve Santorelli, a senior investigator at the
computer crime unit, said information theft has become a
multimillion-pound industry, but out-of-date laws are making it
impossible for the police to take action.
"We are talking about a huge amount of money being made by people
stealing networked data. It is just an anachronism that stealing
data is not illegal. The bottom line is that if someone phones up
and says my database has been stolen, I can only refer them to a
civil remedy."
Since February last year, business and IT industry leaders have
backed Computer Weeky's campaign to re-examine the laws designed to
protect companies against computer crime.
Santorelli said companies call his unit every week to report staff
who have walked out with floppy discs containing confidential data.
But short of arresting someone for stealing a 25p floppy disc,
there is little the police can do.
Police have also had difficulty prosecuting those responsible for
denial of service attacks because some forms of attack are not
covered by the Computer Misuse Act 1990, said Santorelli.
In the past, the computer crime unit has been able to prosecute
denial of service attackers by seizing computer equipment and using
the evidence gathered to bring prosecutions for other types of
computer crimes.
"This is not very satisfactory. There will come a time when someone
will have so much encryption on their computer we will not be able
to make a case to prosecute them for other offenses," said
Santorelli.
Dan Morrison, partner at law firm Mishcon De Reya, said some firms
have suffered heavy losses because of database theft and at least
one company has been forced out of business after a rival firm used
a stolen database to undercut its prices.
But he said it would be difficult to develop a criminal law that
would adequately cover the theft of commercial data, which is
difficult to define legally. Attempts by other parliaments in
Europe had failed, he said.
- Hackers and those spreading viruses could be sent to jail for five years under proposals for new laws on cybercrime approved by EU justice ministers last week. Ministers agreed to create a new criminal offence of "illegally accessing an information system". The proposals will be written into national laws after the European Parliament has given its opinion on the text.
