Appoint an e-crime minister to co-ordinate the fight
E-crime, or the perceived threat of e-crime, directly affects confidence in e-commerce and will have an increasingly negative impact on the growth of the UK economy. But there is a lack of consensus as to how to tackle the ever-mutating problem and the role that legislation should play.
There has been much debate about whether existing laws are out of date, but the Computer Misuse Act has stood the test of time. E-crime encompasses any criminal act perpetrated in part
or entirely using a computer – from corporate espionage, fraud and extortion, to sharing illegal pornographic material or co-ordinating terrorism.
But the real point here is that the types of crimes committed remain largely the same. The computer has become just another tool in the criminal toolkit – a digital crowbar for a digital crime.
The All Party Internet Group (APIG) examined a considerable amount of evidence, including industry perspectives on the Computer Misuse Act during a public hearing at the House of Commons last year.
Law has stood the test of time
Its key recommendation, that the act should be updated, not re-written, was criticised by both industry and the press. But much of the criticism has been unfair and unconstructive. The general view of experts closest to this piece of legislation (both law enforcement and legal professionals) is that it has stood the test of time and served the purposes for which it was created. It therefore does not need to be replaced, just fine-tuned.
The APIG has lobbied the Home Office to back its recommendations on the Computer Misuse Act and produced a private members’ bill, but the government has not made e-crime a serious priority to date.
Fine tuning the Computer Misuse Act is not the only legislative requirement. We also need to address the means by which information itself can be protected under the law. As it stands, there is no adequate instrument for protecting against the abuse or theft of electronic information.
Other problems arise from human rights, particularly Article 8 of the Human Rights Act 1998 and the right to privacy. Computer forensic investigations frequently reveal long-since deleted information that may be considered as private. There are many questions yet to be resolved by the courts about the rights of an organisation to examine material held on a company computer that may be private.
Current legislation must be updated to criminalise the misuse of information itself, not just the misuse of a computer. At the same time, we must also consider how any such law can be enforced and the skills and resources needed to do so. One worrying consequence of the government’s relative inaction on e-crime is the under-funding of law enforcement agencies and the lack of computer forensic investigators.
Shortage of skills
Yet, even if more funds were made available, we are facing a growing shortage of qualified and professional computer forensic investigators. Mike Rodd, director of external relations at the British Computer Society, highlighted this at the APIG hearing about the Computer Misuse Act, pointing to a serious shortage of people coming into the profession.
The challenge of encouraging more educational establishments to offer skills training has recently been taken up by the all-party European lobby group Eurim but this initiative may fail without government support.
That leads us ask, do we need an e-crime minister? Certainly it is vital that:
- Legislation on e-crime is made a priority by the government
- The skills shortage is addressed with more investment in specialist training for the police and legal professionals on e-crime and digital evidence, with university courses extended to include e-crime and computer forensic investigation skills
- Communication between interested bodies and business groups and actions and recommendations be championed at the highest level.
Having an e-crime minister would also send out a strong signal to the criminal fraternity, as well as to people who may be tempted to engage in online activities that, if not illegal, are morally wrong.
Simon Janes is international operations manager at Ibas and a former detective with Scotland Yard’s Computer Crime Unit