Today’s Queen’s speech at the state opening of Parliament has seen a move to amend the Computer Misuse Act and issue harsher sentences.
Among the 15 bills for revision, the Serious Crime Bill will see an amendment for the Computer Misuse Act 1990 to ensure sentences for attacks on computer systems fully reflect the damage they cause.
Asked if this is a case of the Government taking action too late to try and stop cyber criminals, or punish them, Jonathan Armstrong, partner at Cordery, said: “I think whilst it cannot do any harm – and could have a deterrent effect – we have seen just this week how internet crime is a global phenomenon and needs global co-operation.
“It is rare that there’s a hacking incident by someone in the immediate reach of our courts so we can extend sentences but we also need to be prepared to apply for extradition too to make them serve their sentence. This may be in part about that – to make sure foreign governments know we are serious to try and get greater co-operation across borders. It’s still limited however by being a pact of the willing – too many countries turn a blind eye or shelter cyber criminals and longer sentences won’t address that issue.”
Simon Placks, head of EY cyber crime investigations, said: “It’s good to see cyber security featuring high on the government’s legislative agenda; any move towards tougher sentencing for cyber criminals is a move in the right direction, and will be welcomed by business. It will play an important role in helping to reduce the rates of cyber attacks and deter criminal activity in this space.
“However, attribution continues to be one of the major difficulties when it comes to prosecuting cyber criminals, as it is often extremely difficult to identify the origin of an attack. Therefore, companies should not become complacent around cyber security.”
In an email to IT Security Guru, Troy Gill, senior security analyst of AppRiver, said he felt strongly that bolstering the penalties for those who commit these types of crimes was “certainly a step in the right direction”.
He said: “With hackers targeting businesses and consumers at a staggering rate, this change is certainly overdue, but it is better late than never. Although making penalties harsher may deter some from committing these crimes, it will not make it any easier to find these individuals. It also will not be very effective at rounding up hackers that are committing these crimes from outside the borders of the UK.”
Asked if recent stories showed too much leniency, Gill said that hopefully, this step will make some progress with sentencing that some currently view as too lenient. “It is quite common for cyber criminals (once arrested) to cooperate with the authorities, this helps bring other criminals to justice as we learned recently with the release of the hacker ‘Sabu’,” he said. “Amending the law so that these criminals are facing stiffer penalties should help to improve their willingness to cooperate with authorities.”
President of the National Assocation of Data Protection Officers, barrister and solicitor, Stewart Room, told IT Security Guru that he did not see that as a too-late response: but what was most important was that the law is fit for purpose going forward, n
ot whether there has been delay in the process of law reform. “If the cyber crime problem is as big as we all suspect, then there has to be a stronger deterrent within the criminal law,” he said.
“However, the law also needs to show leniency in appropriate cases and the aim shouldn’t be to lock away every Spotty Herbert who strays into the dark side. But I don’t imagine that this is the real intention of this reform. It’s the industrialisation of cyber crime that’s the biggest challenge and in this area that are some menacing Mr Bigs who need to faced down with greater risks to their personal liberty, even if the chance of capture is low. But, at the end of the day, sentencing will be for the courts and if there is any worry now about proportionality, I have confidence in the judiciary to get the balance right.”