17th March 2004 The Computer Misuse Act 1990, the UK’s principle law against hacking and computer crime, is to be investigated by the All Party Parliamentary Internet Group (APIG) on the grounds that it is outdated.

In today’s environment of fast-moving Internet and mobile technology — and increasingly sophisticated ways of attacking it — definitions for computer crimes must be more specific and penalties harsher, said Brian White MP, Treasurer of APIG.

“The Computer Misuse Act has stood the test of time remarkably well. However it was drafted before the revolutionary nature of the Internet and the World Wide Web was fully known,” he said. “It is important to have all the protection we need. A review of the Act is therefore timely.”

Home Office minister Caroline Flint described a public inquiry to revise the law a “priority”.

The inquiry, to be held at the House of Commons from 29 April, will look at the breadth of the current Computer Misuse Act, consider any loopholes that need plugging and set about making the necessary revisions.

These revisions would need to meet Britain’s international treaty obligations, such as the Council of Europe Cybercrime Convention, warned APIG.

Although illegal activities such as hacking are clearly covered by the Computer Misuse Act, said APIG’s joint vice chairman Richard Allen, other areas — such as denial of services attack, ‘phishing’ and virus attacks — fall into grey areas. The difficulty of dealing with attacks across jurisdictional borders is another concern, he added.

“We are talking about network attacks which are difficult to judge and the Computer Misuse Act needs some clarity,” said Allen. “The Home Office had recognised this and we thought it would be helpful to get the technical angle… we also need to make sure we have parallel procedures with other countries’ laws.”

The inquiry’s report will be published in June 2004.