New plan for IT crime law

Home Office looks for ways to update 1990 Act after email case is dismissed

The government is looking for ways to tackle emerging internet crimes without introducing a new Computer Misuse Act (CMA).

Computing has learned that the Home Office is considering how to strengthen laws to protect businesses from internet attacks but, due to parliamentary timetabling restrictions, wants to do so by adding amendments to a different bill.

The government is under increasing pressure to introduce changes to the CMA after a teenager, who allegedly crashed his former employer’s email systems by sending five million emails, walked free from court last week.

District Judge Kenneth Grant accepted defence arguments that since the firm’s email server had been set up specifically to receive emails, the teenager had not broken the law.

A government source told Computing that the case has given added impetus to the addition of a denial of service clause into proposed legislation, possibly the Safer Communities Bill.

‘The government is not going to get a separate slot for a 2006 Computer Misuse Act, so it needs to add it onto another bill that is suitably similar,’ said the source.

Derek Wyatt MP, chairman of the All Party Internet Group, says the current Act, introduced 15 years ago, is outdated.

He has called for the government to criminalise denial of service attacks – which bring down IT systems by deliberating trying to overload them with traffic – through specific legislation.

And Philip Virgo, secretary general of lobby group Eurim, says the case shows why a review of the CMA is urgently needed.

‘If more loopholes turn up we need to close them,’ he said.

The Home Office is also looking to add a denial of service attack clause to the statute books to show its commitment to the Council of Europe’s convention on cyber crime, to which it has signed up.

The convention, which is backed by the UK, the US and other major states, is pushing for a global approach toward prosecuting internet criminals.

A Home Office spokeswoman said: ‘The government is looking for a suitable legislative vehicle to strengthen the CMA, to ratify the Council of Europe cyber crime convention and the European Union framework decision on attacks against IT systems.

‘This includes increasing the maximum penalties, and clarifying that all means of interference with a system are criminalised.’

Glasgow South MP Tom Harris’s 10 Minute Rule Bill, which calls for similar changes to the Computer Misuse Act, is scheduled for a second reading on 17 March 2006.