Eighteen months ago, Computer Weekly launched its Lock
Down the Law campaign to persuade the government to review the UK's
outdated computer crime laws.
The central premise of the campaign was that the Computer Misuse
Act 1990, drafted before mass internet access, was ill-equipped to
regulate computer crime in a world in which organisations routinely
invite the public into their networks. Shortfalls in the law, we
argued, were hampering the police in their investigation and
prosecution of computer criminals.
Happily, the government has heeded our warnings. The Home Office
has agreed to update the Computer Misuse Act. Specifically, it has
committed to clarifying the law's coverage of all types of denial
of service attacks; and to reviewing whether sentences for
unauthorised access of networks need to be increased. In addition,
hacking looks set to be made an extraditable offence - a change
that will make it far easier for international collaboration on
computer crime investigations.
Now, two things must happen. First, the Home Office must ensure
that time is found in a busy Parliamentary schedule to push through
these amendments as soon as possible. Second, users must stop
hiding the attacks they suffer out of fear that divulging them will
harm their business reputation.
The law can be as definitive, watertight and contemporary as you
like, but unless you step forward and report the attacks you
suffer, the police will be no more able to combat computer crime
than they are today.
Faster patching is not the only answer
Another week, another attack on Microsoft systems. This time,
Blaster has been exploiting a known vulnerability in the software.
Microsoft did issue a patch but some users were unable to (or chose
not to) apply it before the virus struck.
Stuart Okin, chief technology officer at Microsoft UK, believes
users need to rethink the way they build IT systems. He points out
that many businesses are unable to patch their systems at the rate
demanded by software suppliers. Okin's answer to the patching
problem is for users to change the way they create IT
infrastructures to make them more dynamic, and thus easier to
patch.
Perhaps a better approach would be for Microsoft to spend more time
and effort ensuring that its software releases are rendered
bug-free at the development stage.
