In summer 2003, the then e-crime minister Caroline Flint promised to answer growing disquiet about Britain's computer crime laws by strengthening the Computer Misuse Act.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
But if a week is a long time in politics, a year and a half seems like an eternity, and with little sign of progress, businesses are beginning to wonder just how serious the government is.
The acid test will come in March 2006, when the government faces the choice of backing a 10 minute rule bill by Glasgow South MP Tom Harris to update the Computer Misuse Act, or to let it wither, like so many previous attempts at reform.
The arguments for strengthening the Computer Misuse Act have been well rehearsed in the pages of Computer Weekly, which ran a successful 18-month campaign in 2002/2003, with businesses, security professionals, leading trade organisations and MPs calling for the Computer Misuse Act to be put on the political agenda.
At its heart was the need for government to increase the minimum sentences for simple hacking offences. This straightforward move would give police powers of arrest and seizure of computer equipment and, in recognition of the internationalisation of computer crime, make unauthorised access of computer systems an extraditable offence.
Equally importantly, Computer Weekly's campaign called for the government to clarify the Computer Misuse Act to ensure that denial of service attacks, a crime which had not been conceived at the time the act was created, were covered by criminal sanctions.
The need for reform was given fresh impetus this month when a judge at Wimbledon Magistrates Court threw out a case against a teenager accused of crashing his former employer's mail server by bombarding it with five million e-mails.
In a case that could set a legal precedent, district judge Kenneth Grant ruled that the teenager had not committed an unauthorised access offence under the terms of the Computer Misuse Act because members of the public were authorised to send e-mails to the server.
Although the Crown Prosecution Service is considering an appeal, the outcome of the case has angered IT security commentators. The judgement may not open the flood gates for all types of denial of service attack, but it does make it clear than an e-mail bombing attack that brings down a computer system is not illegal under current law.
"There is an issue about giving someone implied permission here. You give the postman implied permission to deliver post to your door. But you do not give him permission to knock on your door 5,000 times a day," one IT security professional told Computer Weekly.
The case for reform of the Computer Misuse Act has already won backing from the Internet Crime Forum, which submitted its report to the Home Office in early 2003, and the All Party Internet Group of MPs, which came out in favour of strengthening the Act in 2004.
For all the sympathetic words of the Home Office, computer crime appears to have fallen off the political agenda. Harris' bill next year will show just how serious the government is about fulfilling its promises.
Three years of slow progress
February 2002 - The National Hi-Tech Crime Unit voices concerns to government about the adequacy of the Computer Misuse Act against denial of service attacks.
February 2002 - Computer Weekly launches a campaign calling for a review of UK computer crime law. It wins support from user groups, lawyers, IT professionals and politicians.
May 2002 - Internet Crime Forum and Crown Prosecution Service begin review of the Computer Misuse Act.
May 2002 - Lord Northesk introduces private members bill to outlaw all types of denial of service attacks. The bill does not reach statute.
June 2002 - The government offers to meet with IT security professionals to discuss the adequacy of the Computer Misuse Act.
June 2003 - The Internet Crime Forum calls for tougher sentences for hackers and clarification of the law on denial of service attacks.
June 2003 - Home Office says it will update the Computer Misuse Act as soon as parliamentary time allows.
June 2004 - A report from the All Party Internet Group supports strengthening of Computer Misuse Act.
June 2005 - First reading of 10 minute rule bill to update the Computer Misuse Act by Glasgow South MP Tom Harris.