E-crime law under review

A public inquiry has been launched into the Computer Misuse Act (CMA), which could spell the end for current loopholes in the law.

The All Party Parliamentary Internet Group (Apig) announced its inquiry in March and invited submissions from IT professionals to determine if the CMA should be revised. The inquiry will be followed by a public hearing on possible revisions to the act, which will take place in the House of Commons at the end of April.

Apig hopes its inquiry will establish if the act in its current form is broad enough to cover current computer crime offences; if it contains loopholes that need to be plugged; and if its generic definitions of computers and data are up to date.

Security experts have raised concerns that the act - introduced over 10 years' ago - has not been revised and is therefore out of date because it does not address current patterns of internet and computer use.

Richard Allan MP, joint vice-chairman of Apig, said some types of malicious attacks are not currently covered by the CMA. "This is largely because when the act was designed, the internet was a private academic network, not the large public network we now see," he added. Allan also said the law needs clarifying to address activities such as denial of service attacks, which do not necessarily give the culprits access to a party's network.

Apig is keen to hear the views of IT professionals on areas where the law might be lacking, according to Allan. "We want informed people to respond, to enable us to get real information from industry," he said.

The inquiry was welcomed by IT security experts. "Not just because of potential changes to the law, but because it's providing a focus on the issue," said Nick Ray, chief executive of intrusion prevention specialist Prevx. "We are concerned that there's simply not enough attention paid to cyber crime."

Ray added that the government should allocate more resources to tackle IT crime. "More money is spent on traffic wardens than on fighting cyber crime. We want to see it move up the political agenda," he said.

Ray also called for the law to be clarified on issues such as installing Trojans and hijacking machines, and for a mechanism to collect meaningful statistics on IT crimes.

Submissions to the inquiry should be emailed to Apig by 9 April at the address below. Apig plans to review responses before the 29 April public hearing and will invite certain individuals and organisations to give evidence at that event.