Lock down the law

We would never dream of dispatching police officers to the scene of a crime with their hands tied behind their backs. Yet this is...

We would never dream of dispatching police officers to the scene of a crime with their hands tied behind their backs. Yet this is exactly the handicap the police and law enforcement agencies carry in their efforts to combat computer and Internet-based crime.

Attempts to investigate and prosecute cybercriminals are hampered because the UK's computer crime laws are outdated and full of gaps.

Although the Government has introduced a raft of new laws that give police the power to monitor

e-mails and Web traffic, it has made little effort to empower either the police or the private sector to take action against computer criminals. Even when criminals are caught, the penalties available to judges often do not reflect the damage that their crimes can cause.

The National High-Tech Crime Unit has urged the Home Office to review UK law and drag it into the 21st century. But the Government remains unlikely to plug the gaps in the law during this, or even the next parliament.

That is why Computer Weekly is this week throwing its weight behind the call for reform, with the launch of its Lock Down the Law campaign.

The aim of our campaign is to persuade the Government to give the police a fighting chance in combating computer crime by prioritising a review of the UK's archaic computer crime laws.

These laws remain riddled with loopholes. Take the Computer Misuse Act, which relies on the old-fashioned concept of trespass to protect computer systems against unlawful access by hackers, and is therefore ill-equipped for a world in which organisations are routinely inviting the public inside their IT networks.

Or consider denial of service attacks, where hackers attempt to halt computer systems by bombarding them with tens of thousands of messages. Under current UK law it is difficult for the police to bring a prosecution following these attacks, despite the fact that they have the power to cripple a corporate Web site and cause huge loss of revenue.

Just as crazy is the fact that it is a criminal offence to steal a computer under current UK law, but not to steal a copy of a confidential document from a computer system.

But why should you care about the idiosyncrasies of the judicial system, or the machinations of Westminster?

The answer is simple: because without any realistic threat of prosecution, hackers remain at liberty to redouble their efforts to compromise global business. Research in the US suggests that there are 4,000 denial of service attacks each week. Next year that number could have doubled or trebled - and your organisation could have joined the ranks of the cyber-victims.

The prime minister Tony Blair has stated that he wants to make the UK the best place in the world to do e-commerce. For this to turn from pipe dream to reality, he will need to make an overhaul of UK cyber law a priority. If he doesn't, we will want to know why.

Read more on IT risk management