Cyber-crime fight may need new laws

Unclear legislation and a lack of resources may be holding back the fight against cyber-crime, according to experts.

The All Party Internet Group is holding an inquiry into the 14-year-old Computer Misuse Act (CMA), to feed into a Home Office review of the legislation.

At the evidence session for the inquiry, Jeremy Beale, head of the e-business group at the Confederation of British Industry, said its members felt the CMA was "basically good, but basic; and it needs updating to address the network world."

He said there was an "urgent" need to update the Act to cover denial-of-service (DoS) attacks, and warned that the penalties are now inadequate when attacks can cost millions.

"Amendments to the Act will help enormously," he added.

Colin Whittaker, head of security at the Association of Payment Clearing Services, also said the law was not "sufficiently clear" on the issue of DoS attacks.

He added: "The more the government expects us to use this technology, then they have an obligation to help us do it in a secure way."

Others were less convinced that the legislation required change.

Clive Gringras, chair of the Internet Service Providers Association Legal Forum and partner at law firm Olswang, said: "I think it's a pretty elegant and successful Act."

He acknowledged that other countries enjoyed more success against cyber-crime, especially in tracking down computer attacks from abroad, and that other states had better managed extradition procedures.

"I think it's more to do with resources," he said, adding that companies had shown interest in launching private prosecutions.

"There are examples of things that have been put to law enforcement but for whatever reason have not been taken forward. Companies take a slightly less risk-averse [approach]."

The Home Office claims that DoS attacks are covered by Section Three of the existing CMA.

The problem is that there have been few cases where this point of law has been tested, because the nature of the attack means it is very hard to find the individual responsible.

The Home Office is also working with the police to develop a recording system for crimes with a computer element.

e-envoy Andrew Pinder said there was "a willingness to look at the issues", which might mean a mix of awareness raising about security and "perhaps legislation".

But he warned that legislation should not be too heavy handed, and that developers should make security easy to implement in their products.