Security threats Toolkit

MPs ponder whether 'benign' hacking should be legal

Tags:
Apig,
Computer Misuse Act,
Richard Allan,
Cma

Graeme Wearden ZDNet.co.uk

Published: 26 Apr 2004 17:25 BST

Should UK citizens ever should have the right to launch a hack attack against a computer or a network?

A group of tech-savvy MPs are poised to consider this question, as the All-Party Internet Group (APIG) launches an investigation into Britain's cybercrime laws.

APIG has recognised that the Computer Misuse Act (CMA), which came into law in 1990, needs to be updated to cover attacks upon the Internet and on other computer networks. Like many experts, the group is concerned that the existing legislation may not apply to denial-of-service attacks -- where a network is driven offline by a flood of Web traffic.

"As it stands, the Computer Misuse Act suffers from a lack of a network focus. Today, the primary threat from hackers is to the network, rather than to individual computers, and if the network goes down we've got problems," said Richard Allan MP, joint vice-chairman of APIG.

APIG has already received written evidence from interested parties, and is taking further oral evidence at a session in parliament on Thursday. The Home Office has said it is revising the CMA at present, and APIG wants to feed the views of the UK IT industry into this process.

And while Allan is adamant that tough action is needed against denial of service attacks, he's also keen to examine whether ethical hacking should be protected in law. He cited the law on criminal damage, where a defendant can claim that they acted to avoid a worse event taking place.

"If a successor to David Blunkett was going to introduce tough censorship laws on the use of the Internet in the UK, should someone be able to justify a hacking attack against the IT involved because they opposed that censorship," asked Allan, who is the liberal democrat MP for Sheffield Hallam.

The idea of a draconian home secretary smashing our human rights may be far-fetched -- or not, depending on your take on the ID Card issue -- but Allan points out that such suppression is already thriving in other parts of the world.

"When the Chinese government blocked access to the BBC Web site, people very rightly sought to subvert that censorship. As a legislator, am I prepared to support legislation that says benign hacking can result in several years in prison?"

Other issues that should be covered at this Thursday's oral evidence session are whether the CMA should be revised to meet Britain's international treaty obligations with other countries, and whether the level of penalties within the CMA are sufficient to deter today's criminals. The rise in organised e-crime makes these issues increasingly relevant.

E-envoy Andrew Pinder is due to attend this session, as are representatives from the home office and the ISP industry, as well as legal experts and security providers.