Drag the law into the 21st century

The prosecution of a 19-year-old hacker in July revealed snags in the very fabric of UK law regarding computer crime.

The prosecution of a 19-year-old hacker in July revealed snags in the very fabric of UK law regarding computer crime.

Even as Raphael Gray was receiving his sentence for 10 charges of computer fraud in Swansea Crown Court, Computer Weekly was calling for a reappraisal of the Computer Misuse Act 1990, which has been made to look outdated and inadequate by the hacker's defence.

Now UK business is following our lead.

In addition to calling for the creation of a UK Centre for Cybercrime Complaints, the CBI's Cybercrime Survey 2001, released this week, recommends that the Computer Misuse Act should be dragged into the 21st century.

In its current guise, the Act makes it an offence for someone to access, modify or delete computer data unless they have authorisation. But it does not take into account the fact that people are now routinely invited into corporate IT infrastructures via Web sites.

Gray claimed that he was able to carry out many of his attacks without using hacking tools, and without having to bypass password screens. It was not clear from the Act whether or not his method of entry would constitute unauthorised access.

The Act also fails to address the problem of denial of service attacks, by which criminals can compromise a site without needing to enter it.

That we should rely upon an act that predates the explosion of the World-Wide Web for our policing of the misuse of IT is wholly unsatisfactory.

This week's call by UK businesses for a package of measures from the Government to tighten up our legal framework for IT is an encouraging step forward in the fight against the cyber criminals.

Read more on Data centre hardware

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close