News 

Dr Jeremy Beale, Head of eBusiness Group, CBI said the Act 'needs updating to address the network world, and the task of doing this is urgent. Businesses feel vulnerable.'

Edward Andrewes, Committee Member, Association of Remote Gaming Operators, said that incidences of criminal gangs threatening DOS attacks against gambling sites had risen dramatically since January and that it was only a matter of time before these organisations use the same extortion techniques against the next successful online industry.

He said the National Hi Tech Crime Unit knows where these threats are coming from but nothing appears to have been done about bringing them to justice. A number of those giving evidence confirmed that many of these activities, including the flourishing phishing scams, originate from Eastern Europe. And the fact that many of these countries enter the EU tomorrow will probably have little impact.

Beale warned that the legislation needs to be updated to include DOS attacks and other digital crimes and more importantly, increased punishments and provisions to make it easier to extradite people need adding. 'The redress is inadequate,' he said. 'A £5,000 maximum is not enough... With penalties so low it is not much use to prosecute.'

Indeed, Clive Gringas, Chair of the ISPA Legal Forum said he knew of corporations that would spend the money on bringing a private case, but the CMA needs clear steps on how to do this.

However, e-Envoy Andrew Pinder, said the Government is still smarting from the wounds it received trying to push through RIPA. 'We don't want to get into the same sort of debate we got into with RIPA. We must not be too heavy-handed with the legislation. We are a little scarred with the processes around 2000 and 2001...a consultative approach is necessary.'

Representatives from the software security industry said that something has to be done. If the Government knew the scale of digital attacks, it would realise

ADVERTISEMENT

how they dwarfed the numbers for other forms of criminal activity - a heavier handed approach would have some real benefit.

Nick Ray, CEO at Prevx said: 'The scale is massive. But at the moment it seems to be an issue for the software industry - it doesn't seem to be an issue for law enforcement... A lot of attackers would be scared if they thought there was any chance of being caught. I think the law can set a very powerful deterrent.'

There are also powerful reasons why the Government should spend some parliamentary time on these issues. Andrew Cormack, Chief Security Advisor, UKERNA said: 'The government is putting a lot of money into services on the network. If the network isn't protected then end-users won't want to know.'

Colin Whittaker, Head of Security at APACS said that if the Government can't see this, 'it shows a lack of joined up thinking on the Government's part.

'The more Government expects us to use this technology, so they have an obligation to make sure we can do so in a secure way.'

The Government's role? To not only debate these issues, but also embark on campaigns for consumer awareness and international co-operation. Pinder said: 'It is encumbent upon us and the software industry to give clear instruction about what to do.'

Wyatt suggested: 'We run ads about lock up your car. Should we do the same about lock up your computer?'

Courts and juries also need to be more technologically savvy when cases under the CMA come to trial, and raising awareness of these issues is an important first step, the participants believed.

And any legislation on DOS attacks must step carefully to avoid criminalising attacks made as a political protest or because of popularity - say, the day when Glastonbury tickets are available online.

Similarly, the criminalising the possession of tools to gain unauthorised access to systems would make criminals of many owners of computers infected with viruses and users of Internet Explorer, given the rise in browser-based attacks. And yet, saying that your computer had been hijacked for criminal activities is an easy defence to make.

Indeed, most present agreed that while much of the original CMA has stood the test of time well in terms of application, the lack of cases brought under it means it has rarely been tested as to its real effectiveness as legislation against such crimes.

The Computer Misuse Act inquiry was organised by the All Party Parliamentary Internet Group.