The government is to strengthen the Computer Misuse Act
so that it can be used to prosecute the perpetrators of denial of
service attacks, as soon as parliamentary time is
available.
The move follows a 16-month campaign by Computer Weekly and leading
IT groups for a review of the UK's computer crime laws.
E-crime minister Caroline Flint announced the move last week in a
speech to a meeting of industry parliamentary group Eurim.
"The Act is technologically neutral, and its terms are deliberately
undefined to provide flexibility for the courts in interpreting
them widelyÉ This does not mean there is not possible scope for
improvement," she said.
The Home Office will change section three of the Act to make it
clear that denial of service attacks are covered, and it will also
look at whether there is a need to increase sentencing for simple
unauthorised access offences, Flint said.
The move was welcomed by lawyers and industry groups who have been
campaigning with Computer Weekly for the Computer Misuse Act, which
was created before the widespread use of the internet, to be
brought up to date. But some warned that it would be easy for the
government to let the proposals slip, given the pressure on the
parliamentary timetable.
"It would be easy to cry too little too late, but Acts of
Parliament relating to IT issues are really in their infancy. We
must be patient on the one hand and provide constant support on the
other to see the requirements hit the statute books," said David
Roberts, chief executive of the Corporate IT Forum (Tif).
Peter Sommer, security expert at the London School of Economics,
said, "I am really apprehensive about whether there will be enough
parliamentary time for this. There are a large number of Home
Office bills due, many of which look as though they will be
fearfully opposed."
The Home Office is reviewing the effectiveness of the Computer
Misuse Act in the light of the Council of Europe Convention on
Cybercrime and the European Union Framework decision on attacks
against information systems.
Flint said she would welcome any further comments about the
Computer Misuse Act from concerned individuals or from groups who
had experienced problems with it.
Lock Down the Law milestones
February 2002 The National Hi-Tech Crime Unit
voices concerns to the government about the adequacy of the
Computer Misuse Act for dealing with denial of service attacks
February 2002 Computer Weekly launches campaign
for a review of UK IT law. User groups, leading IT lawyers and
politicians lend support
April 2002 Computer Weekly launches online
petition calling for the government to review computer crime
legislation
May 2002 The Internet Crime Forum and Crown
Prosecution Service begin review of the Computer Misuse Act
May 2002 Lord Northesk introduces private
members bill to outlaw all types of denial of service attack
June 2002 A Computer Weekly survey of senior IT
directors reveals that 86% believe that IT crime law is "not very
effective"
June 2002 The government offers to meet the IT
industry to discuss the adequacy of the Computer Misuse Act
June 2003 The Internet Crime Forum calls on the
government to introduce tougher sentences for hackers and to
clarify the law on denial of service attacks
July 2003 Home Office announces plans to update
the Computer Misuse Act