[ISN] Computer crime laws need updating
isn at c4i.org
Thu Jul 1 07:33:48 EDT 2004
30 June, 2004
The All-Party Internet Group wants to see changes to what it sees as
an "outdated" Computer Misuse Act.
The report calls for denial-of-service attacks - in which servers are
deluged with information from thousands of PCs - to be made a specific
It also recommends an increase in the length of jail sentences for
It wants firms to have the right to take out private prosecutions to
tackle cases that the police do not regard as priorities.
Although a welcome first step, the recommendations do not go far
enough says Simon Janes, a former head of Scotland Yard's Computer
Crime Unit and now operations director of computer forensic firm ibas.
He wants the government to address the chronic shortage of trained
computer forensic experts in the UK.
He is also concerned, as an ex-cyber cop, that a recommendation for
the police to create a checklist on how to preserve electronic
evidence could be fraught with danger.
"Encouraging anyone to undertake any form of DIY preservation of
electronic evidence is inviting potential disaster," he said.
"You wouldn't direct a member of the public to erect a 'do not cross'
tape around a crime scene and the same should apply in the digital
world," he said.
Difficult to legislate
He is pleased that the report has acknowledged the need to criminalise
the theft of data, although worries that the some firms are still not
reporting cyber crimes.
"Around 93-95% of all cyber crimes go unreported because companies
rate unwanted publicity as potentially more damaging than the incident
itself," he said.
Making court proceedings confidential could help bring more criminals
to justice, Mr Janes believes.
The amount of cyber crime that is happening in the UK and around the
world has been difficult to assess to date.
The report calls for the government to find more effective ways of
measuring cyber crime.
Home Office action
It is also immensely difficult to legislate against and not all the
issues surrounding cyber crime can be dealt with under the Computer
Misuse Act the report finds.
Instead, a reform of the fraud laws could prove useful in cases such
as illicit software which can be unwittingly downloaded by users when
they open pay-per-view porn sites and which charges them at premium
The MPs hope that their recommendations will be acted upon by the Home
"This report represents the results of the first serious inquiry into
computer misuse and denial-of-service attacks in particular," said
Brian White, treasurer of APIG.
"I hope the government responds positively to our recommendations," he
* Increase sentence for hacking from six months to two years
* Director of Public Prosecutions to allow private prosecutions
* Educational material about CMA on Home Office website
* Improve statistical information on cyber crime
* Introduce a new fraud bill
* Law Commission to criminalise the theft of data
More information about the ISN