Cybercrime laws aren't working, says minister

Jim Murphy, e-government minister, has admitted that cybercrime laws are failing, but says the IT industry hasn't communicated its concerns

The UK minister for e-government has admitted that current laws are failing to combat cybercrime, and has called for more international cooperation to fight offenders.

Jim Murphy, the Cabinet Office Minister responsible for e-government, told ZDNet UK on Thusday that present legislation is ineffective, and is not stopping criminals from perpetrating cybercrime. Murphy also suggested that bringing cyberciminals to justice is extremely difficult.

"We aren't going to stop unscrupulous people from doing what they want online — we can pass laws, but the criminals are smart and unconditionally mobile," Murphy said at the launch of Get Safe Online, a consumer protection Web site, in London.

Murphy's comments came just days after the National Hi-Tech Crime Unit (NHTCU) warned that it was struggling to cope with the international nature of e-crime, especially in identifying who actually perpetrates serious cybercrime.

"We don't know who the serious organised criminals are in the virtual world. We know where they are, but not who they are," said Howard Lamb, crime reduction coordinator for the NHCTU, speaking at the Webroot security summit in Westminster last week. "Serious organised crime is not local, it is global."

The explosion in global broadband usage makes it difficult to identify international organised criminals, according to Lamb.

"Broadband allows for greater access. Criminals are exploiting the fact that approximately 36 million people access the Internet daily," said Lamb,

But despite the challenges facing them, the police believe existing legislation — such as the Computer Misuse Act (CMA) — is adequate to combat UK crime.

"The CMA doesn't require any additional powers. There shouldn't be any further regulation of the Internet because it'll stifle development," said Lamb.

The CMA (Computer Misuse Act) was introduced in 1990, and is widely perceived as lacking the necessary powers to deal with today's cybercriminals. As it stands, the CMA does not detail a specific offence of launching a denial-of-service attack, for example.

The Act was also criticised earlier this month after a man was convicted of gaining unauthorised access to a tsunami appeal Web site.

The All-Party Internet Group has repeatedly called for the CMA to be updated. Murphy, though, seemed unaware that there are concerns over the Act.

"Things can always be improved. No-one in industry has made any recommendations or submissions [regarding the Computer Misuse Act]. No-one has made any suggestions to the e-government ministry on how it can be improved," said Murphy.

The minister added that the government would be open to any suggestions from industry for improvements to the existing legislation.

For Murphy, international cooperation between police forces and greater public awareness is what is needed to combat cybercrime. "There's a need for a real international effort to crack cybercrime," said Murphy.

The minister also said that companies and IT managers need to emphasise the dangers of cybercrime to their employees.

"The company security structure may be robust, but people at lunchtime may quite legitimately check their online bank account. The worry is that not everyone will do this securely, especially in SMEs without an IT manager," Murphy warned.