The government has announced legislation to toughen the
Computer Misuse Act by increasing the maximum jail sentence for
hackers and strengthening legal protection against denial of
service attacks.
The reforms, part of the Police and Justice Bill published last
week, follow a long-running campaign by Computer Weekly, backed by
police, lawyers and business, for an update of the UK's crime
laws.
The bill will increase the penalty for unauthorised access
offences from six months to two years, and for unauthorised
modification of computer systems from five to 10 years.
The move will open the way for police to bring extradition
proceedings against hackers suspected of simple unauthorised access
offences.
"The penalties reflect the seriousness of the crime. The
estimated cost to business is thought to be more than £3bn a year
and the sophistication of attacks has grown," said a Home Office
spokesman.
The Home Office plans to modify the Computer Misuse Act to
ensure all forms of denial of service attack are illegal, by
explicitly making it an offence to impair the operation of a
computer.
The move follows police concerns that some forms of denial of
service attack may not have been covered by existing law.
Chris Simpson, head of the Metropolitan Police Computer Crime
Unit, said, "I welcome the proposed increases in maximum
sentencing, as they reflect the potential financial cost of
attacks.ÊThe changes will also assist law enforcement in tackling
the escalating problems of unauthorised accesses for the purpose of
industrial espionage and the deliberate infection of machines for
use as proxies."
Security expert Peter Sommer of the London School of Economics,
said, "The extension of the act is something that is long overdue
and many of us have been campaigning for."
The changing face of police IT
The Police IT Organisation (Pito) is to be disbanded and its
functions incorporated into the new National Police Improvement
Agency.
The move follows an independent Home Office review last year,
which advised creating a new body following concerns that local
forces were not following Pito's direction.
The review said the relationship between Pito and the forces it
served had irretrievably broken down. "The structure and
organisation of police IT in general lacks clear definition of
purpose, results in confused lines of responsibility and is almost
certainly poor value for money," it said.