UK MPs urge cybercrime revisions and tougher sentences

A group of UK MPs has recommended key amendments to the 1990 Computer Misuse Act, which should now include specific reference to crimes such as denial of service attacks and related fraud, they claim.

But the suggestions have not received a universal welcome, with many casting doubt on the value of such parliamentary posturing.

The All Party Internet Group presented a number of recommendations today at a press conference in Westminster. Included in the recommendations was the inclusion of a denial of service offence (DoS), particularly relevant given the recent spate of such attacks.

Also on the agenda was an increase in the sentence available to hand down to hackers - extending it from six months to two years and making it an extraditable offence.

Richard Allan MP, joint vice-chairman of APIG said: "If we are to promote increased use of the internet, then we must ensure it is a safe environment for everyone to use. This means taking firm action to deal with those who maliciously attack systems and compromise data."

This is the recommendation that will probably meet with the most enthusiastic approval.

Simon Janes, international operations manager at computer forensics specialist Ibas and former head of Scotland Yard's Computer Crime Unit, told silicon.com: "I applaud the recommendation to increase this sentence. A six-month sentence sent out a message that this wasn't that serious a crime and yet over the years I've seen enough people get hurt and enough companies virtually ruined by the actions of these criminals. In honesty I'd like to see it increase to five years, but this is still a very positive move."

There is also a recommended provision for companies to carry out private prosecutions against hackers and cybercriminals.

Derek Wyatt MP, chairman of APIG, admitted an updating of the current 14-year-old Act is long overdue. But there is little framework in the recommendations for ensuring changes in the law are made in conjunction with the introduction of resources to enforce them and guarantee prosecutions.

Janes added that the police are currently "woefully" under-resourced and are "a long way from effectively and efficiently investigating and solving computer crimes".

There are many in the industry who believe government posturing around the issue of cybercrime is as much about being seen to be acting as actually striving to make a difference.

For example, APIG believes a specific law concerning DoS attacks will deter criminals who hadn't previously realised they were breaking the law. But while such idealism is to be admired, many will mock such a suggestion - not least of all the DoS attackers themselves.

Keeping a more professional head on criticism, the Butler Group has said the recommendations represent a step in the right direction, "but only a small step".

Alan Lawson, research analyst at Butler Group, said: "Hardened criminals will continue to ignore legislation."

MessageLabs, which provided evidence to APIG during the consultation process on the recommendations, meanwhile has come out and repeated the widely held belief that technology, rather than legislation, will be key to combating cybercrime.

Mark Sunner, CTO of MessageLabs, said in a statement: "The legal framework is ultimately only going to be at best one layer of a total solution. Security threats are inherently a technology problem and the solution must continue to be technology-led."