Legal changes promise hackers more jail time

Proposed changes to the Computer Misuse Act would double the maximum sentence for IT crime

Computer criminals will face up to 10 years in prison under planned amendments to the Computer Misuse Act (CMA) announced last week, which also clarify denial of service (DoS) attacks as an offence.

The proposals, which form part of the Home Office’s Police and Justice Bill, raise the penalty for maliciously impairing a computer from five years to a maximum of 10 years, while unauthorised access to computer material could result in a custodial sentence of up to two years, instead of just six months.

The amendments would also tighten the law against DoS attacks, by clarifying that all attacks intended to interfere with a computer are illegal.

Robin Fry of law firm Beachcroft Wansbroughs said the changes would raise the prospect of firms bringing their own private prosecutions against malicious ex-employees and hackers. He added that the amendments would also make it easier for the police to prosecute criminals.

“The old six-month time limits applying to the investigation – and then issue – of criminal proceedings will not apply,” Fry explained. “Often prosecutors simply run out of time to initiate claims for the less serious offences because of the challenges in uncovering a web of fictitious names and the use of remote servers.”

The proposals were welcomed by Charlotte Walker-Osborn of law firm Eversheds. “Putting [DoS] on a clear statutory footing is a good thing,” she said. “But there is a bigger problem in that many companies don’t report when they have an attack.” She added that even with the amendments, crooks based in other countries may still escape prosecution.

Andy Kellet of analyst firm Butler Group argued that there should be clearer distinctions between different types of offences. “None of the proposals overcome the problem that it is very difficult to get people to court and prove that they actually committed [DoS attacks],” he added.