Home Office to update Computer Misuse Act to tackle web attacks

The government is to strengthen the Computer Misuse Act so that it can be used to prosecute the perpetrators of denial of service...

The government is to strengthen the Computer Misuse Act so that it can be used to prosecute the perpetrators of denial of service attacks, as soon as parliamentary time is available.

The move follows a 16-month campaign by Computer Weekly and leading IT groups for a review of the UK's computer crime laws.

E-crime minister Caroline Flint announced the move last week in a speech to a meeting of industry parliamentary group Eurim.

"The Act is technologically neutral, and its terms are deliberately undefined to provide flexibility for the courts in interpreting them widelyÉ This does not mean there is not possible scope for improvement," she said.

The Home Office will change section three of the Act to make it clear that denial of service attacks are covered, and it will also look at whether there is a need to increase sentencing for simple unauthorised access offences, Flint said.

The move was welcomed by lawyers and industry groups who have been campaigning with Computer Weekly for the Computer Misuse Act, which was created before the widespread use of the internet, to be brought up to date. But some warned that it would be easy for the government to let the proposals slip, given the pressure on the parliamentary timetable.

"It would be easy to cry too little too late, but Acts of Parliament relating to IT issues are really in their infancy. We must be patient on the one hand and provide constant support on the other to see the requirements hit the statute books," said David Roberts, chief executive of the Corporate IT Forum (Tif).

Peter Sommer, security expert at the London School of Economics, said, "I am really apprehensive about whether there will be enough parliamentary time for this. There are a large number of Home Office bills due, many of which look as though they will be fearfully opposed."

The Home Office is reviewing the effectiveness of the Computer Misuse Act in the light of the Council of Europe Convention on Cybercrime and the European Union Framework decision on attacks against information systems.

Flint said she would welcome any further comments about the Computer Misuse Act from concerned individuals or from groups who had experienced problems with it.

Lock Down the Law milestones       

February 2002 The National Hi-Tech Crime Unit voices concerns to the government about the adequacy of the Computer Misuse Act for dealing with denial of service attacks 

February 2002 Computer Weekly launches campaign for a review of UK IT law. User groups, leading IT lawyers and politicians lend support   

April 2002 Computer Weekly launches online petition calling for the government to review computer crime legislation 

May 2002 The Internet Crime Forum and Crown Prosecution Service begin review of the Computer Misuse Act 

May 2002 Lord Northesk introduces private members bill to outlaw all types of denial of service attack 

June 2002 A Computer Weekly survey of senior IT directors reveals that 86% believe that IT crime law is "not very effective"  

June 2002 The government offers to meet the IT industry to discuss the adequacy of the Computer Misuse Act 

June 2003 The Internet Crime Forum calls on the government to introduce tougher sentences for hackers and to clarify the law on denial of service attacks 

July 2003 Home Office announces plans to update the Computer Misuse Act

Read more on IT for government and public sector