[ISN] Computer crime laws need updating

InfoSec News isn at c4i.org
Thu Jul 1 07:33:48 EDT 2004 

http://news.bbc.co.uk/2/hi/technology/3853059.stm

30 June, 2004

The All-Party Internet Group wants to see changes to what it sees as 
an "outdated" Computer Misuse Act. 

The report calls for denial-of-service attacks - in which servers are 
deluged with information from thousands of PCs - to be made a specific 
crime. 

It also recommends an increase in the length of jail sentences for 
hackers. 

More needed 

It wants firms to have the right to take out private prosecutions to 
tackle cases that the police do not regard as priorities. 

Although a welcome first step, the recommendations do not go far 
enough says Simon Janes, a former head of Scotland Yard's Computer 
Crime Unit and now operations director of computer forensic firm ibas. 
He wants the government to address the chronic shortage of trained 
computer forensic experts in the UK. 

He is also concerned, as an ex-cyber cop, that a recommendation for 
the police to create a checklist on how to preserve electronic 
evidence could be fraught with danger. 

"Encouraging anyone to undertake any form of DIY preservation of 
electronic evidence is inviting potential disaster," he said. 

"You wouldn't direct a member of the public to erect a 'do not cross' 
tape around a crime scene and the same should apply in the digital 
world," he said. 

Difficult to legislate 

He is pleased that the report has acknowledged the need to criminalise 
the theft of data, although worries that the some firms are still not 
reporting cyber crimes. 
"Around 93-95% of all cyber crimes go unreported because companies 
rate unwanted publicity as potentially more damaging than the incident 
itself," he said. 

Making court proceedings confidential could help bring more criminals 
to justice, Mr Janes believes. 

The amount of cyber crime that is happening in the UK and around the 
world has been difficult to assess to date. 

The report calls for the government to find more effective ways of 
measuring cyber crime. 

Home Office action 

It is also immensely difficult to legislate against and not all the 
issues surrounding cyber crime can be dealt with under the Computer 
Misuse Act the report finds. 

Instead, a reform of the fraud laws could prove useful in cases such 
as illicit software which can be unwittingly downloaded by users when 
they open pay-per-view porn sites and which charges them at premium 
rates. 

The MPs hope that their recommendations will be acted upon by the Home 
Office. 

"This report represents the results of the first serious inquiry into 
computer misuse and denial-of-service attacks in particular," said 
Brian White, treasurer of APIG. 

"I hope the government responds positively to our recommendations," he 
added. 

-=-

APIG'S RECOMMENDATIONS 

* Increase sentence for hacking from six months to two years 

* Director of Public Prosecutions to allow private prosecutions 

* Educational material about CMA on Home Office website 

* Improve statistical information on cyber crime 

* Introduce a new fraud bill 

* Law Commission to criminalise the theft of data

More information about the ISN mailing list