[ISN] Computer crime laws need updating

From: InfoSec News (isn@private)
Date: Thu Jul 01 2004 - 04:33:48 PDT

  • Next message: InfoSec News: "[ISN] Experts agree on method, not scope of IIS attacks"

    http://news.bbc.co.uk/2/hi/technology/3853059.stm
    
    30 June, 2004
    
    The All-Party Internet Group wants to see changes to what it sees as 
    an "outdated" Computer Misuse Act. 
    
    The report calls for denial-of-service attacks - in which servers are 
    deluged with information from thousands of PCs - to be made a specific 
    crime. 
    
    It also recommends an increase in the length of jail sentences for 
    hackers. 
    
    More needed 
    
    It wants firms to have the right to take out private prosecutions to 
    tackle cases that the police do not regard as priorities. 
    
    Although a welcome first step, the recommendations do not go far 
    enough says Simon Janes, a former head of Scotland Yard's Computer 
    Crime Unit and now operations director of computer forensic firm ibas. 
    He wants the government to address the chronic shortage of trained 
    computer forensic experts in the UK. 
    
    He is also concerned, as an ex-cyber cop, that a recommendation for 
    the police to create a checklist on how to preserve electronic 
    evidence could be fraught with danger. 
    
    "Encouraging anyone to undertake any form of DIY preservation of 
    electronic evidence is inviting potential disaster," he said. 
    
    "You wouldn't direct a member of the public to erect a 'do not cross' 
    tape around a crime scene and the same should apply in the digital 
    world," he said. 
    
    Difficult to legislate 
    
    He is pleased that the report has acknowledged the need to criminalise 
    the theft of data, although worries that the some firms are still not 
    reporting cyber crimes. 
    "Around 93-95% of all cyber crimes go unreported because companies 
    rate unwanted publicity as potentially more damaging than the incident 
    itself," he said. 
    
    Making court proceedings confidential could help bring more criminals 
    to justice, Mr Janes believes. 
    
    The amount of cyber crime that is happening in the UK and around the 
    world has been difficult to assess to date. 
    
    The report calls for the government to find more effective ways of 
    measuring cyber crime. 
    
    Home Office action 
    
    It is also immensely difficult to legislate against and not all the 
    issues surrounding cyber crime can be dealt with under the Computer 
    Misuse Act the report finds. 
    
    Instead, a reform of the fraud laws could prove useful in cases such 
    as illicit software which can be unwittingly downloaded by users when 
    they open pay-per-view porn sites and which charges them at premium 
    rates. 
    
    The MPs hope that their recommendations will be acted upon by the Home 
    Office. 
    
    "This report represents the results of the first serious inquiry into 
    computer misuse and denial-of-service attacks in particular," said 
    Brian White, treasurer of APIG. 
    
    "I hope the government responds positively to our recommendations," he 
    added. 
    
    -=-
    
    APIG'S RECOMMENDATIONS 
    
    * Increase sentence for hacking from six months to two years 
    
    * Director of Public Prosecutions to allow private prosecutions 
    
    * Educational material about CMA on Home Office website 
    
    * Improve statistical information on cyber crime 
    
    * Introduce a new fraud bill 
    
    * Law Commission to criminalise the theft of data 
    
    
    
    _________________________________________
    Help InfoSec News with a donation: http://www.c4i.org/donation.html
    



    This archive was generated by hypermail 2b30 : Thu Jul 01 2004 - 06:16:43 PDT