UK legal system cannot cope with techno crime

Feature

UK legal system cannot cope with techno crime

Bill Goodwin reports on IT professionals' concerns about cybercrime

IT professionals have expressed serious concerns about the ability of the UK's legal and judicial system to understand and deal with the complexities of computer-related crime.

Feedback from more than 500 IT professionals paints a disturbing picture of police forces that have limited resources and technical knowledge, and judges and lawyers that do not understand the seriousness of computer crime.

Their comments, made in a survey by Computer Weekly and Infosecurity Europe, reveal widespread unease at the leniency with which the courts treat the perpetrators of computer crime.

"It is difficult to put too light a figure on a sentence when some of these people have caused billions of pounds worth of damage to companies and private individuals," said one IT professional.

The ability of the police to deal with computer crime is seen as patchy at best. Many see the formation of the National High-Tech Crime Unit as a step in the right direction, but there are concerns that it is underfunded, and that it can only tackle a small fraction of the crimes reported to it.

Local police forces come in for particular criticism. "I have been to a few police stations with IT-related crimes and the PCs I spoke to did not have a clue as to what or whom I should speak to," said one respondent.

In the courts, there is a strong body of opinion that computer crime should be handled by trained IT-literate judges and lawyers. Often trials are delayed by the need to explain even basic technical terms. "It seems obvious that having people who have never used IT involved in such cases is a waste of everyone's time and money," said one IT professional.

One of the biggest areas of concern is the need for greater international collaboration on computer crime. While hackers are able to launch attacks from anywhere in the world, the police are restricted by national boundaries.

"I don't think the people that commit crimes from overseas will take any notice of the law unless there is total collaboration across the globe," said one respondent.

Sign Computer Weekly's Lock Down the Law petition at www.infosec.co.uk/

IT workers slate UK cybercrime - click here to view graphs >>

What IT staff say about computer crime
Comments made by IT professionals in the Computer Weekly/ Infosecurity Europe survey

On the UK's computer crime law
  • "Common law is still very much based on Victorian ideas of what constitutes property. It does not grasp that information is property because you cannot see it"

  • "There is no co-ordinated response. Jurisdiction issues, court orders etc all conspire to make it almost impossible to stop denial of service or other forms of attack"

  • "The perpetrators of these crimes are almost always under 18, so any new law will be pointless. Network security personnel is the only alternative. However, this is neglected due to sheer managerial laziness. Companies want to shirk their security obligations"


On Sentencing of cyber criminals
  • "A vast body of research exists to support the theory that crime is not reduced by increasing sentence severity but by significantly and publicly increasing the chances of offenders being caught and prosecuted. Most criminals don't think they will be caught"

  • "At this time the whole legal structure needs a rethink - with more effort put into making the punishment fit the crime, rather than smacking wrists"

  • "Cases such as theft of data should be handled in the same way as if someone had actually broken into a building and stolen the information"

  • "There should be guidance for minimum sentencing to aid judges' decisions as they do not necessarily understand what actions cannot be done accidentally"


On international collaboration on computer crime
  • "Judges and lawyers regard computer crime in relation to the existing structure of Roman law (the basis for English law). Computer crime knows no boundaries and can impact multiple levels of society in countries with very different legal structures. Computer crime and punishment should be defined and controlled at an international not a national level"

  • "It is getting much better but is hampered by lack of the right people/knowledge within the law enforcement agencies"

  • "There are still major gaps and, in some cases, overlaps between the various organisations in the UK. Collaboration with agencies outside the UK is even less developed due to different laws in each continent and/or countries"

  • "Collaboration is inadequate, outdated and shows a lack of understanding of both the rapid change in the use of IT and the original intentions"

  • "Without an international set of laws to govern such matters it will be next to impossible to implement a suitable deterrent"


On the Police
  • "Police have little or no understanding of cryptography and how a cracker can break code to steal information"

  • "The police do not have the necessary resources either in time, expertise or manpower to actively combat his type of crime. The Government plays lip service and does not put adequate resources in unless it hurts it directly"

  • "The nature of most offences does not interest the police. Reaction/assistance is very poor"

  • "Apart from specialists, the police do not see this as their area. They have no knowledge, training, inclination or resources to deal with computer crime"

  • "Police are neck-cuffed to a system with regulations and laws that are so antiquated that they stifle any hope of offering a true threat to security violations"


On the Courts
  • "I don't know a single barrister who could talk with authority about items such as cipher key lengths, DES, cryptography, PGP, public key and private key technology"

  • "The courts don't seem to be able to grasp the technical details and consequences"

  • "All cases should be dealt with by computer-literate people. Maybe even the jury should prove they have some basic knowledge"

  • "I have found lawyers specialising in IT law to be very good, even excellent, but there is a huge gap between them and other members of the legal profession - including judges"


Experiences of crime
  • "We have suffered a number of cross-continental attacks"

  • "The incidents were insufficiently serious to qualify for the attention of the National High-Tech Crime Unit, and local forces do not have sufficient expertise"

  • "I have witnessed companies having their trade badly affected by attacks/fraud/extortion. Companies do still need to take greater care of their data, however"

  • "Surrey Police Computer Crime Unit liaised with the FBI and is investigating the spammer (well, the FBI in Billings, Montana, says it is investigating the spammer)"

  • "We have suffered a number of cross-continental attacks"

  • "The incidents were insufficiently serious to qualify for the attention of the National High-Tech Crime Unit, and local forces do not have sufficient expertise"

  • "I have witnessed companies having their trade badly affected by attacks/fraud/extortion. Companies do still need to take greater care of their data, however"

  • "Surrey Police Computer Crime Unit liaised with the FBI and is investigating the spammer (well, the FBI in Billings, Montana, says it is investigating the spammer)"

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in May 2002

 

COMMENTS powered by Disqus  //  Commenting policy