Eighteen months ago, Computer Weekly launched its Lock Down the Law campaign to persuade the government to review the UK's outdated computer crime laws.
The central premise of the campaign was that the Computer Misuse Act 1990, drafted before mass internet access, was ill-equipped to regulate computer crime in a world in which organisations routinely invite the public into their networks. Shortfalls in the law, we argued, were hampering the police in their investigation and prosecution of computer criminals.
Happily, the government has heeded our warnings. The Home Office has agreed to update the Computer Misuse Act. Specifically, it has committed to clarifying the law's coverage of all types of denial of service attacks; and to reviewing whether sentences for unauthorised access of networks need to be increased. In addition, hacking looks set to be made an extraditable offence - a change that will make it far easier for international collaboration on computer crime investigations.
Now, two things must happen. First, the Home Office must ensure that time is found in a busy Parliamentary schedule to push through these amendments as soon as possible. Second, users must stop hiding the attacks they suffer out of fear that divulging them will harm their business reputation.
The law can be as definitive, watertight and contemporary as you like, but unless you step forward and report the attacks you suffer, the police will be no more able to combat computer crime than they are today.
Faster patching is not the only answer
Another week, another attack on Microsoft systems. This time, Blaster has been exploiting a known vulnerability in the software. Microsoft did issue a patch but some users were unable to (or chose not to) apply it before the virus struck.
Stuart Okin, chief technology officer at Microsoft UK, believes users need to rethink the way they build IT systems. He points out that many businesses are unable to patch their systems at the rate demanded by software suppliers. Okin's answer to the patching problem is for users to change the way they create IT infrastructures to make them more dynamic, and thus easier to patch.
Perhaps a better approach would be for Microsoft to spend more time and effort ensuring that its software releases are rendered bug-free at the development stage.