ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

Government must update cybercrime laws, say experts

Tom Espiner ZDNet.co.uk

Published: 04 Nov 2005 17:05 GMT

...the loophole, as previous attempts to legislation through private members bills have failed.

"There have been attempts to update the CMA — three Private Members' bills have been introduced. The first two failed; the third is scheduled for a second reading in December. But Private Members' Bills rarely succeed so Government action is necessary to close this apparent loophole," Robertson said.

Another expert called for the government to make good on its pledge.

"We need the government to come forward with its promise to introduce new legislation." said Peter Sommer, a former parliamentary specialist advisor and senior research fellow at the London School of Economics' Information Systems department..

Sommer said that lack of parliamentary time had been a major factor. Updating the CMA may also not be a priority.

"Traditionally the government recognises the need to change the Act, but don't give it parliamentary time. The Home Office may think terrorism is more important than the APIG report," said Sommer.

Sommer said the government could easily amend existing legislation by adding a clause covering DoS attacks to a Home Office bill.

"If a piece of legislation had a clause which dealt specifically with interference with computer systems, it would cover a wider set of circumstances. This doesn't need a specific Bill — it would be possible to add a clause to a general-purpose Criminal Justice Bill," Sommer said.

"In technical parliamentary terms this need not make huge demands on parliamentary time, and wouldn't be particularly controversial — I doubt whether many people would argue that DoS attacks are a good thing," Sommer added. "It's just a question of willpower at the Home Office," said Sommer.

The defence solicitor at this week's email bomber trial believes his client should not have been charged under the CMA.

"In my opinion, and borrowing words from the House of Lords in a previous case, this case was a "procrustean attempt to force the facts... into the language of an Act not designed to fit them," said Jim Meyer, solicitor acting for the defence and partner at Tuckers Solicitors.

Meyer said that had the case gone against the defendant, certain forms of email would have been outlawed.

"An adverse ruling would have led to uncertainty, and in some circumstances outlawing of unsolicited and/or multiple emails. It would have also meant that anyone sending an email in anything else but their own name may have been liable to prosecution. [The outcome of Wednesday's trial] was a good example of sound judicial reasoning and sensible judgement," Meyer said.

Robertson also underlined the need for caution in amending the act, so as not to criminalise mistakes when sending emails.

"Obviously the amendment would have to be balanced so that if I send you a 10MB attachment by mistake and make someone's email server fall over, it wouldn't be a criminal act. Legislation would have to focus on intent," said Robertson.

"Meantime, it is possible that 'plain vanilla' DoS attacks could be prosecuted in England and Wales as an offence under the Criminal Damage Act, although this has never been tested. In Scotland, such an attack could possibly be prosecuted as malicious mischief," Robertson added.