A criminal lack of interest

Cybercrime law needs strengthening. We know what to do, we know how to do it. Why isn't it happening?

The British parliamentary system is a strange animal. Laws that few want are forced through with a fervour that would not disgrace Cromwell, while laws that we need are left to lonely lieutenants such as Derek Wyatt, MP. As head of the All Party Parliamentary Internet Group (APIG), he's been forced to introduce a personal bill to tighten up the e-crime laws — one that has no chance whatsoever of succeeding — just to make a point.

There's no disagreement about these reforms. They've been carefully thought out in the light of local and European concerns, and the problems they address are real. Denial-of-service attacks have been used for extortion and will again; the legal framework to recognise and address the true seriousness of the crime already exists. By any measure, the work of APIG is competent and timely — and in comparison to some lawmaking of late, it is a paragon of good sense and by-the-book cooperation.

Yet we have no new law. In fact, we have nothing. The government has been promising an e-crime strategy for more than eighteen months now, but has not seen fit to produce one. While it is demonstrably capable of producing law in the absence of strategy, in this case it seems more than happy to shy away from the subject. The criminals can continue their work untroubled by official attention, it seems, provided only they have the good sense not to ride to hounds at the same time.

The reality of politics is that good sense and playing by the rules do not guarantee success. Difficult issues with no immediate electoral appeal are the orphans of popular power broking. Derek Wyatt's action is mildly embarrassing to the Home Office: a loyal MP shouldn't have to propose a bill off their own bat for a serious crime issue on which everyone is largely agreed. But it's not the sort of crime which provokes the Daily Mail, and in an election year that's no crime at all.

APIG and the rest of the UK IT industry should take note of those laws, good and bad, that do get through the mill. Government is not a subtle beast. Things get done if the consequences for action are obviously and publicly good, or if those for inaction involve Jeremy Paxman. Without pressure from the top, hard problems get forgotten — and as far as the head of the government is concerned, IT is as difficult to comprehend as Sanskrit poetry and worth somewhat less consideration.

The implications of inaction must be made plain. E-crime has the potential to hit every company, big and small, and everyone at risk has the responsibility to kick their nearest representative as hard as necessary to get this message across. There's a fine line between a responsible heightening of awareness and sensationalist scaremongering: we are nowhere near that line yet, and should not be scared of raising the stakes.