A little belatedly, perhaps, but to the relief of many IT security experts, the UK government says it is to review existing computer crime legislation. The all-party Parliamentary Internet Group will open its review on 29 April.
The last time a major law on this subject was passed in the UK, called the Computer Misuse Act, was way back in 1990. Surprisingly, the act’s rules on hacking have stood the test of time reasonably well. But applying old principles to newer dangers, such as viruses, ‘phishing’ and denial of service attacks, has proved an inexact science. Loopholes have been exploited by defence lawyers, say critics.
Closing them in the UK is a start, but some observers say that not enough is being done on an international scale. David Williamson, UK head of operations for Ubizen, a managed security services provider, wants the review to consider what he calls a “global computer crime directive”.
“Computer crime is a global issue. Computer attacks on UK companies can be generated by criminals anywhere in the world, and global collaboration is crucial to combating this wave of illegal activity,” he says.
True enough. But while a global legal framework remains nothing more than an aspiration, at least Europe has a ‘convention’ on cybercrime. In fact, in July 2004, the three-year-old convention will be updated.
The amended version deals with a wider range of offences than its predecessor, including breaches of copyright, computer-related fraud, child pornography and offences connected with network security.
It also covers a series of new procedural powers, such as searches of – and interception of – material held on computer networks.
More controversially, say IT specialists at law firm Masons, the convention includes powers to preserve data, to search and seize, to collect traffic data and to intercept communications.
These powers came in for serious criticism from privacy activists during the drafting process.
Meanwhile, the arrival of the Netsky family of viruses in March reminded everyone of what is at stake.