Security News > 2004 > July > Computer crime laws need updating
http://news.bbc.co.uk/2/hi/technology/3853059.stm 30 June, 2004 The All-Party Internet Group wants to see changes to what it sees as an "outdated" Computer Misuse Act. The report calls for denial-of-service attacks - in which servers are deluged with information from thousands of PCs - to be made a specific crime. It also recommends an increase in the length of jail sentences for hackers. More needed It wants firms to have the right to take out private prosecutions to tackle cases that the police do not regard as priorities. Although a welcome first step, the recommendations do not go far enough says Simon Janes, a former head of Scotland Yard's Computer Crime Unit and now operations director of computer forensic firm ibas. He wants the government to address the chronic shortage of trained computer forensic experts in the UK. He is also concerned, as an ex-cyber cop, that a recommendation for the police to create a checklist on how to preserve electronic evidence could be fraught with danger. "Encouraging anyone to undertake any form of DIY preservation of electronic evidence is inviting potential disaster," he said. "You wouldn't direct a member of the public to erect a 'do not cross' tape around a crime scene and the same should apply in the digital world," he said. Difficult to legislate He is pleased that the report has acknowledged the need to criminalise the theft of data, although worries that the some firms are still not reporting cyber crimes. "Around 93-95% of all cyber crimes go unreported because companies rate unwanted publicity as potentially more damaging than the incident itself," he said. Making court proceedings confidential could help bring more criminals to justice, Mr Janes believes. The amount of cyber crime that is happening in the UK and around the world has been difficult to assess to date. The report calls for the government to find more effective ways of measuring cyber crime. Home Office action It is also immensely difficult to legislate against and not all the issues surrounding cyber crime can be dealt with under the Computer Misuse Act the report finds. Instead, a reform of the fraud laws could prove useful in cases such as illicit software which can be unwittingly downloaded by users when they open pay-per-view porn sites and which charges them at premium rates. The MPs hope that their recommendations will be acted upon by the Home Office. "This report represents the results of the first serious inquiry into computer misuse and denial-of-service attacks in particular," said Brian White, treasurer of APIG. "I hope the government responds positively to our recommendations," he added. -=- APIG'S RECOMMENDATIONS * Increase sentence for hacking from six months to two years * Director of Public Prosecutions to allow private prosecutions * Educational material about CMA on Home Office website * Improve statistical information on cyber crime * Introduce a new fraud bill * Law Commission to criminalise the theft of data _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html