Scotland has devolved authority in areas such as computer crime law, so measures such as the clear criminalisation of denial of service attacks entered the statue books north of the border a year ago in October 2007. First up, the maximum penalty for unauthorised access to a computer system (the least serious of three hacking offences covered in the original act) has been raised from six months to two years in prison, making the offence serious enough that an extradition request can be filed.
Requests to introduce changes along these lines were made repeatedly by industry representatives during parliamentary hearings on UK computer crime laws, but are nonetheless controversial in some circles.
Spyblog describes the changes as “ill-defined” and duplicated in the Identity Cards Act 2006 as far as attacks on the planned National Identity Register centralised database are concerned.
Politicians initially suggested an outright ban on so-called hacking tools, which would have made possession of dual-use software package such as Nmap a criminal offence.
Following industry lobbying the measures were modified but still include provisions that criminalise the distribution or creation of “hacking tools” where criminal intent can be established, modifications that have failed to satisfy security experts.
http://www.theregister.co.uk/2008/09/30/uk_cybercrime_overhaul/