UK must lock down the law to stop the hackers

Lock down the law: This week Computer Weekly launches a campaign to get the Government to protect businesses by updating archaic...

Lock down the law: This week Computer Weekly launches a campaign to get the Government to protect businesses by updating archaic UK cybercrime laws

Leading IT user organisations and legal experts have backed Computer Weekly's Lock Down the Law campaign to review and update laws designed to protect businesses from hacking.

Computer Weekly is launching a campaign on cybercrime law following concerns raised by the National High-Tech Crime Unit that the current law - which was devised before widespread use of the Internet - makes it difficult to prosecute hackers that damage businesses' Internet operations.

The National High-Tech Crime Unit is particularly concerned that denial of service attacks, where a Web server is brought down by a flood of messages, may remain legal under UK law.

According to government sources, the Home Office has no plans to change the law during this parliament or even the next.

While the law remains in its current state, businesses could be exposed to attacks from malicious hackers (also known as crackers), young "script kiddies" and protest hackers.

A spokesman for the IBM Computer User Association said, "Unless the law can respond and take the appropriate measures against the perpetrators of denial of service attacks, these things will continue."

The Infrastructure Forum, whose IT manager members have responsibility for a combined IT budget of £25bn, was one of the first to back the Computer Weekly campaign. "One question that we have to answer is, if we are going to change the law, what are we going to change it to?" said a spokesman.

"The answer to this will come only after much discussion and a study of how other countries have legislated against denial of service attacks and similar crimes."

IT legal experts have already started work behind the scenes to get the cybercrime law changed. E-business standards body E.Centre is working with IT lobby group Eurim.

E.Centre's Legal Advisory Group plans to work on a review of the law that will agree a definition of e-crime and review cybercrime laws to see what gaps exist.

A spokesman for the Information Advisory Assurance Council, which represents legal staff involved with IT, said UK law needs to be brought in line with existing European legislation. "The Computer Misuse Act 1990 should be revised in line with the Council of Europe Cybercrime Convention," he said. "Computer crimes tend to be treated more leniently than equivalent crimes in the physical world. This discrepancy needs to be removed."

Roger Loosley, chairman of the Technology Lawyers Consortium, welcomed the Lockdown the Law campaign. "The Computer Misuse Act is over 10 years old and only covers the unauthorised access to and modification of computer material," he said.

"Although it is difficult to keep the law up to date with the fast pace of technological developments, governments should at least try to keep the law in sight of current practices. Those who deliberately cause significant damage to the commercial interests of others should be guilty of an offence."

Read more on IT legislation and regulation