MPs warned over massive scale of digital crime

By Matt Whipp

Posted on 30 Apr 2004 at 12:51

'There are no votes in this,' lamented Derek Wyatt MP, as politicians met with captains of industry and the software world yesterday to give evidence for the revision of the pre-Internet 1990 Computer Misuse Act (CMA) for today's digital world. 'We're fully aware that there's a lot of work to do to get this on the political agenda,' he added.

Dr Jeremy Beale, Head of eBusiness Group, CBI said the Act 'needs updating to address the network world, and the task of doing this is urgent. Businesses feel vulnerable.'

Edward Andrewes, Committee Member, Association of Remote Gaming Operators, said that incidences of criminal gangs threatening DOS attacks against gambling sites had risen dramatically since January and that it was only a matter of time before these organisations use the same extortion techniques against the next successful online industry.

He said the National Hi Tech Crime Unit knows where these threats are coming from but nothing appears to have been done about bringing them to justice. A number of those giving evidence confirmed that many of these activities, including the flourishing phishing scams, originate from Eastern Europe. And the fact that many of these countries enter the EU tomorrow will probably have little impact.

Beale warned that the legislation needs to be updated to include DOS attacks and other digital crimes and more importantly, increased punishments and provisions to make it easier to extradite people need adding. 'The redress is inadequate,' he said. 'A £5,000 maximum is not enough... With penalties so low it is not much use to prosecute.'

Indeed, Clive Gringas, Chair of the ISPA Legal Forum said he knew of corporations that would spend the money on bringing a private case, but the CMA needs clear steps on how to do this.

However, e-Envoy Andrew Pinder, said the Government is still smarting from the wounds it received trying to push through RIPA. 'We don't want to get into the same sort of debate we got into with RIPA. We must not be too heavy-handed with the legislation. We are a little scarred with the processes around 2000 and 2001...a consultative approach is necessary.'

Representatives from the software security industry said that something has to be done. If the Government knew the scale of digital attacks, it would realise how they dwarfed the numbers for other forms of criminal activity - a heavier handed approach would have some real benefit.

Nick Ray, CEO at Prevx said: 'The scale is massive. But at the moment it seems to be an issue for the software industry - it doesn't seem to be an issue for law enforcement... A lot of attackers would be scared if they thought there was any chance of being caught. I think the law can set a very powerful deterrent.'

There are also powerful reasons why the Government should spend some parliamentary time on these issues. Andrew Cormack, Chief Security Advisor, UKERNA said: 'The government is putting a lot of money into services on the network. If the network isn't protected then end-users won't want to know.'

Colin Whittaker, Head of Security at APACS said that if the Government can't see this, 'it shows a lack of joined up thinking on the Government's part.

'The more Government expects us to use this technology, so they have an obligation to make sure we can do so in a secure way.'

The Government's role? To not only debate these issues, but also embark on campaigns for consumer awareness and international co-operation. Pinder said: 'It is encumbent upon us and the software industry to give clear instruction about what to do.'