The main change that is recommended to the 1990 Act – drafted at a time before the World Wide Web existed – is the introduction of an offence to deal with denial of service (DoS) attacks, because the consensus is that such attacks would be difficult or impossible to prosecute under the current law.
The APIG Report stops short of suggesting suitable wording for such an amendment to address DoS attacks – wording that is likely to be an issue of heated debate.
This is not the first time that an extension to cover DoS attacks has been proposed. A Private Member's Bill to amend the Act was introduced by the Earl of Northesk in 2002; but like most Private Members' Bills, it failed.
APIG exists to provide a discussion forum between new media industries and Parliamentarians for the mutual benefit of both parties. It informs Parliamentary debate through meetings, informal receptions and reports.
The only other change to the Act that APIG recommended is to increase the maximum sentence for a basic hacking offence from six months to two years. This basic offence is committed where there is unauthorised access to computer material. More serious offences and sentences exist for doing so to modify that material to commit further offences.
Derek Wyatt MP, Chairman of APIG said:
"The 1990 CMA understandably needs reforming. We hope that our suggestions will see a Bill in the Queen's Speech in November and that the Home Office and the National Office of Statistics will start to include all cyber crime activities in their Monthly and quarterly figures for without them we are still guessing at the extent of the crimes committed."
Jon Fell, a partner with Masons, the law firm behind OUT-LAW.COM, commented:
"The Report is a welcome and pragmatic review of the UK's main cybercrime law - and one that is long overdue. The few changes that it recommends to the 1990 Act should not come as a great surprise because the biggest problem in cybercrime is not the lack of laws - it's in catching the criminals."
Much of cybercrime involves traditional crimes, like fraud and theft, being committed in new ways. Phishing is possibly the most topical example. Other computer crimes, like hacking, are already addressed by the 1990 Act. But the main reason we have not seen more cases against hackers is not due to deficiencies in our laws, explained Fell. "It's because our law enforcement agencies do not have the resources to deal with all the breaches," he said.
Some commentators asked APIG to extend the Act to cover problems like spoofing or Digital Rights Management. But the Report concludes that these are better dealt with elsewhere.
Some areas, it reasons, can be addressed in contracts between ISPs and their customers, others in educational campaigns from Government, others as issues that may require amendments to laws other than the Computer Misuse Act. For example, it has called for the Government to push forward necessary changes to Britain's fraud laws.
The Report also suggests steps that could encourage private prosecutions.
Jon Fell said we should not expect to see a raft of criminal cases "because the costs involved in bringing a private prosecution will be significant."
Fell concluded:
"It would be foolish to think that the changes suggested in this Report would have a dramatic impact on the level of cybercrime in this country; but they are a step in the right direction. Given the pace of technological change, periodic reviews of our cybercrime laws are vital. APIG fulfils an important role with its Report, but it's been too long since the issues were last considered. Let's hope it's not too long before they are revisited."
Home Office Minister Caroline Flint said the Home Office will give "full consideration" to all of the recommendations that relate to it.