CBI calls for cybercrime laws to be updated

The Confederation of British Industry (CBI) has added its voice to the growing clamour calling for the UK's Computer Misuse Act to be updated.

Jeremy Beale, head of e-business policy at the CBI, told the Broadband Britain Summit 2005 in London on Monday the government is taking a dangerous gamble by attempting to get more people to use the Internet without also taking steps to increase online safety.

"The government is walking towards a political time bomb by trying to get all these excluded groups like the elderly and the unemployed online while just relying on awareness campaigns," said Beale.

"Awareness campaigns are important. But the Government could — as it has been encouraged to — amend the Computer Misuse Act," Beale added.

The Computer Misuse Act was passed in 1990 — years before hacking became the widespread threat it is today, and before Tim Berners-Lee created the Web. In recent years, many experts have warned that the CMA is inadequate, because it does not cover modern threats such as denial-of-service attacks. Also, its penalties are too lenient to allow UK citizens to be extradited abroad in line with the UK's obligations under the Cybercrime Convention, or for foreign suspects to be brought here for trial.

Last month, a UK teenager was cleared of wrongdoing under the CMA after allegedly unleashing a DoS attack on his former employer, because such activity is not covered by the CMA – sparking calls for the law to be revised.

A Home Office spokesperson said at the time that the government was "aware of the issue", but Beale wasn't impressed. "The Home Office has been sitting on it for years," Beale claimed. "The Home Office may say it's waiting for agreement with Europe, but you can wait for Europe forever".

However, Beale cautioned that the government could not bring in laws to compel people to use security protection: "That's a false dichotomy. You can't regulate people to protect themselves."