MPs ponder whether 'benign' hacking should be legal

MPs ponder whether 'benign' hacking should be legal

Summary: With Britain's Computer Misuse Act heading for a revision, some MPs want to explore whether ethical hacking should be allowed

TOPICS: Security
Should UK citizens ever should have the right to launch a hack attack against a computer or a network?

A group of tech-savvy MPs are poised to consider this question, as the All-Party Internet Group (APIG) launches an investigation into Britain's cybercrime laws.

APIG has recognised that the Computer Misuse Act (CMA), which came into law in 1990, needs to be updated to cover attacks upon the Internet and on other computer networks. Like many experts, the group is concerned that the existing legislation may not apply to denial-of-service attacks -- where a network is driven offline by a flood of Web traffic.

"As it stands, the Computer Misuse Act suffers from a lack of a network focus. Today, the primary threat from hackers is to the network, rather than to individual computers, and if the network goes down we've got problems," said Richard Allan MP, joint vice-chairman of APIG.

APIG has already received written evidence from interested parties, and is taking further oral evidence at a session in parliament on Thursday. The Home Office has said it is revising the CMA at present, and APIG wants to feed the views of the UK IT industry into this process.

And while Allan is adamant that tough action is needed against denial of service attacks, he's also keen to examine whether ethical hacking should be protected in law. He cited the law on criminal damage, where a defendant can claim that they acted to avoid a worse event taking place.

"If a successor to David Blunkett was going to introduce tough censorship laws on the use of the Internet in the UK, should someone be able to justify a hacking attack against the IT involved because they opposed that censorship," asked Allan, who is the liberal democrat MP for Sheffield Hallam.

The idea of a draconian home secretary smashing our human rights may be far-fetched -- or not, depending on your take on the ID Card issue -- but Allan points out that such suppression is already thriving in other parts of the world.

"When the Chinese government blocked access to the BBC Web site, people very rightly sought to subvert that censorship. As a legislator, am I prepared to support legislation that says benign hacking can result in several years in prison?"

Other issues that should be covered at this Thursday's oral evidence session are whether the CMA should be revised to meet Britain's international treaty obligations with other countries, and whether the level of penalties within the CMA are sufficient to deter today's criminals. The rise in organised e-crime makes these issues increasingly relevant.

E-envoy Andrew Pinder is due to attend this session, as are representatives from the home office and the ISP industry, as well as legal experts and security providers.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Why not licence "ethical hackers" i.e. security people whose job it is to test network security etc.

    There would be a code of conduct, with very strict penalties for breaking these.

    This would make it quite clearcut and make anything outside of what is licensed illegal.

    It could be worded in such a way that it covers UK people and UK sites, but with a reciprocity clause, so that where other countries introduce laws, the most stringent condition of the two applies.

    This would allow the UK to take a lead, but not be in conflict with other countries where the law differs.

    As a side effect, the same law could cover some goverment activities e.g. MI5. They might be allowed a wider range of powers, but they would then become subject to the same laws as the rest of us.