(Via Spy Blog – SpyBlog.org.uk.)
The controversial amendments to the Computer Misuse Act 1990, which were brought onto the statute book by the Police and Justice Act 2006, are finally coming into force this Wednesday 1st October 2008.
The penalties for Section 1 unauthorised computer access offence (‘hacking’) is increased from 6 months to 2 years, making it eligible for Extradition from foreign countries.
The statutory limitation on this Section 1 is abolished (formerly a charge had to be brought no later than 6 months from an arrest, and nothing older than 3 years ago could be considered).
The incitement offences seem to have been taken out of Computer Misuse Act and shoved into the inchoate section of the Serious Crime Act 2007, the relevant amendments and appeals sections of which also come into force on 1st October.
See – SI 2008 No.2504 – The Serious Crime Act 2007 (Commencement No. 3) Order 2008, which brings in the Data Sharing powers, further destroying the Common Law Duty of Confidentiality, with respect to the nominated list of private sector anti-fraud organisations and companies.
See also the other evils of the Serious Crime Act 2007:- Serious Crime Act 2007 – proof of how useless the Opposition is to Labour’s repressive legal fantasies
There is also the ill defined attempt to criminalise Denial of Service Attacks, in one short paragraph, something which even the Private Members Bill in the House of Lords, sponsored by the Earl of Northesk, failed to clarify properly back in 2002. – see the Computer Misuse (Amendment) Bill 2002 (.pdf)
This has world wide scope and a penalty of up to 10 years in prison. With respect to the forthcoming National identity Register centralised database, the Identity Cards Act 2006 section 29 also attempted to define a Denial of Service attack offence, again with worldwide scope and up to 10 years in prison,
However all that does is duplicate the offence under the amended Computer Misuse Act, and in addition make it illegal for Trades Unionists or Computer Consultants etc to take industrial action i.e. to go on trike or work to rule, or to make any kind of mistake through action or omission, e.g. installing a faulty software upgrade, which might make it ‘more difficult or impossible to download information from a computer system run by the Secretary of State’. This applies even to peripheral systems which are only connected to the core Home Office National Identity Register, which could be working ok e.g. any industrial actions or computer errors at private sector financial or airline companies which are linked to the NIR Verification Service.
The other controversial amendment still seems to criminalise computer security research and defence software tools, making it illegal to download , write, amend or modify anything which could be used to commit a computer hacking or denial of service attack, regardless of actual malicious intent, even for exclusive use on your own computer system.
This will do nothing to deter the criminals who use such tools maliciously, but it will drive out law abiding computer security researchers from the UK.
Is the internet and e-commerce and electronic funds transfer and Information technology security generally, not important enough to deserve a proper, full, new Computer Misuse Act, brought up to date for the converging internet, telecomms and broadcast technology ?
Instead we have had a delayed, hodge podge of amendments to schedules ad sub clauses, across three other Acts of Parliament, none of which were the main thrust of those Bills, and which were consequently not debated or scrutinised in any depth, before being rubber stamped through.
(Via Spy Blog – SpyBlog.org.uk.)