Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, October 02, 2008

UK cybercrime overhaul finally comes into effect

Modifications to the Computer Misuse Act (CMA) - which was enacted in 1990 before the advent of the interweb - were included in the Police and Justice Act 2006.  DDoS doubly illegal from 1 October.

Scotland has devolved authority in areas such as computer crime law, so measures such as the clear criminalisation of denial of service attacks entered the statue books north of the border a year ago in October 2007.  First up, the maximum penalty for unauthorised access to a computer system (the least serious of three hacking offences covered in the original act) has been raised from six months to two years in prison, making the offence serious enough that an extradition request can be filed.

Requests to introduce changes along these lines were made repeatedly by industry representatives during parliamentary hearings on UK computer crime laws, but are nonetheless controversial in some circles.

Spyblog describes the changes as “ill-defined” and duplicated in the Identity Cards Act 2006 as far as attacks on the planned National Identity Register centralised database are concerned.

Politicians initially suggested an outright ban on so-called hacking tools, which would have made possession of dual-use software package such as Nmap a criminal offence.

Following industry lobbying the measures were modified but still include provisions that criminalise the distribution or creation of “hacking tools” where criminal intent can be established, modifications that have failed to satisfy security experts.

http://www.theregister.co.uk/2008/09/30/uk_cybercrime_overhaul/

Posted on 10/02
RegulationsPermalink