Security professionals back tougher laws for hackers

Now let's pass the bill and then police it...
Written by Will Sturgeon, Contributor

Now let's pass the bill and then police it...

The IT security industry has almost unanimously given its backing to government plans to update the Computer Misuse Act (CMA) and introduce more severe custodial sentences for cyber criminals.

And many are urging the government to now 'go the distance' and ensure the bill is passed and the new laws come into effect as soon as possible - and are policed effectively.

Mike Dalton, EMEA president at McAfee, told silicon.com: "It's essential that the CMA is amended to both consider specifically the sheer variety of ways computers can be abused for illicit gain and to impose meaningful penalties on those that operate on the wrong side of the tracks."

He added that the increased jail terms recommended – up to 10 years for some offences - would also create a greater need for police to make arrests as the crimes will effectively be upgraded in terms of their seriousness.

Simon Janes, a former member of the Metropolitan Police Force computer crime unit, now international operations manager at computer forensics expert Ibas, told silicon.com "this is definitely a step in the right direction".

He added the two key components of the bill in his opinion are the greater provision for prosecuting denial of service attacks and also better recognition of the threat posed to companies by data theft.

Soeren Bech, from email security company Tumbleweed, said given that denial of service attacks can potentially cost companies millions of pounds "it's worrying that until now the law hasn't offered British companies protection".

As such, he said it's now vital the CMA is being "brought up to date with the current threat environment".

Simon Perry, VP security strategy at CA, said the bill is a very positive move and expressed hopes that it will be followed up with a commitment to provide greater resources for high-tech crime units once they have more effective laws in place to charge individuals.

He said: "Until now I think a lot of people haven't really realised how serious these crimes are. Hopefully this will get them to open their eyes. And if people stop and think 'hang on, I could do 10 years for this' it may well act as a deterrent."

Graham Cluley, senior technology consultant at Sophos, said: "It's about time the Computer Misuse Act caught up. We welcome any move which will send a strong message to the internet underworld that their activities will not go unpunished."

However, he said while the UK may be getting its house in order, the problems worldwide will only reduce when other governments follow the UK's lead.

Nigel Hawthorne, a director at Blue Coat, told silicon.com: "It is encouraging to see that politicians are now taking this threat seriously."

However, he too sounded a note of caution. "I only hope that the harshest sentences are reserved for those with deep malicious intent," he added.

Ibas' Janes said the only real cloud on the horizon he can envisage is that the government won't back up the bill, if passed, with the appropriate resources to enable police to get out and enforce the new laws.

But support is not universal. Eugene Kaspersky from Kaspersky Labs told silicon.com he fears the new laws will actually make no difference to the problem of internet crime. He said all the legislation in the world won't help as long as major countries, such as China and Latin American nations, remain havens for criminal activity and he doesn't expect that situation to improve.

James Kay, CTO at BlackSpider, is another dissenting voice. "If you're a UK national, then sure, tougher laws are a deterrent – who wants to go to jail just for playing around with spyware? But if you're sitting in Romania and stand to make some money, would you give a monkey's?

"I don't think it will make any real difference, particularly when you consider that most of the problem comes from outside the UK."

However, CA's Simon Perry, who is also on the permanent stakeholder group of the European Network and Information Security Agency, said he doesn't doubt tougher laws in the UK will force individuals elsewhere "but if you look at it from the other side, that shows that tougher laws do act as a deterrent and do force individuals to change their behaviour".

As such, Perry said he hopes a lot of other major countries will follow the UK's lead, so no jurisdiction is seen as a soft touch, and added that a lack of international co-operation would be no excuse for the UK to throw in the towel and also do nothing.

Editorial standards