How Computer Weekly's campaign spurred the Home Office to action

Computer Weekly began its Lock Down the Law Campaign in February last year, when senior police officers raised concerns about...

Computer Weekly began its Lock Down the Law Campaign in February last year, when senior police officers raised concerns about their ability to bring prosecutions against denial of service attackers under existing legislation.

Surveys by Computer Weekly found that IT chiefs felt strongly that the Computer Misuse Act needed to be strengthened and that there were real concerns that hackers were escaping with lenient fines or community service orders - 86% of those questioned described the law as "not very effective."

MP James Arbuthnot raised the matter with Home Office minister Bob Ainsworth and e-commerce minister Douglas Alexander on behalf of Computer Weekly, eliciting sympathetic responses. Groups such as industry parliamentary IT group Eurim and the Information Assurance Advisory Council also voiced their concerns to the government behind the scenes.

The first major breakthrough came in May 2002, when the Internet Crime Forum began an evaluation of the Computer Misuse Act to assess whether it was still fit for purpose after 12 years of changing technology.

Also in May, Lord Northesk introduced a private members' bill which sought to modify the Computer Misuse Act to outlaw denial of service attacks. Although it had no chance of becoming law, the bill succeeded in putting denial of service attacks on the political agenda.

By June 2002, the government had offered businesses an open-ended invitation to meet officials to discuss the difficulties of punishing denial of service attackers and other issues about the Computer Misuse Act.

By April 2003, the Internet Crime Forum had decided tougher sentences for hackers and a clarification of the law to cover denial of service attacks were needed. A report containing these recommendations was presented to the Home Office.

In July, Home Office minister Caroline Flint announced the government's intention to revisit the Computer Misuse Act as soon as Parliamentary time allowed - a major victory for the campaign.

Internet Crime Forum paper on reform of the Computer Misuse Act

Areas that still need to be addressed

Despite the forthcoming amendments to the Computer Misuse Act, some areas of computer crime law remain unclear:   

Database theft  Theft of company data is currently not a criminal offence. Police say they are powerless to act when companies complain that employees have copied sensitive databases onto floppy discs for their own use.   

 Interception  Critics of the Regulation of Investigatory Powers Act 2000 and the Anti-Terrorism Security and Crime Act 2001 are concerned that the Acts, which cover interception of communications, make no distinction between comms data and content. Only communications data should be accessible under law enforcement warrants.   

Fraud and deception  Fraud perpetrated against a computer system, rather than an individual, is not a criminal offence. This has left a loophole that may allow those who fraudulently obtain services over the internet to escape prosecution. In 1999, the Law Commission recommended new offences to cover this gap. But they have never been implemented.


Read more on IT legislation and regulation