Review lame hacker law, says business

Link: Read our hacking special report

This brings the total number of custodial sentences handed out to hackers to just 22 since 1999. Of those jailed in 2001, eight went to jail just for hacking – the others had also committed other crimes.

Industry bodies have expressed concern about the number of hackers successfully prosecuted and jailed, some going as far as calling for the 1990 Computer Misuse Act to be reviewed.

David Roberts, chief executive of the Corportate IT Forum Tif, said: ‘To me this doesn’t seem a fair reflection of the significant concerns as expressed by large corporates. If this number of prosecutions actually reflected the total amount of activity, then you would not see large organisations spending large sums of money on their electronic security.’

But he said that some serious crimes conducted by computer criminals might be prosecuted under other legislation involving fraud or other crimes.

According to the latest available figures from the Home Office, in 2001 there were 25 prosecutions where breaking the Computer Misuse Act of 1990 was the principle offence. In 58 other cases, offences under the Act formed a lesser part of the prosecution.

Where hacking was the principal offence, 21 of the 25 defendants were found guilty, with just eight being handed jail terms. Of the rest, two received absolute or conditional discharges, four were fined and 15 given community service orders.

When cases where hacking was not the principal offence were included, 15 were sent to prison, 29 were given community service, 15 jailed, four given absolute or conditional discharges and ten dealt with ‘in other ways’.

Philip Virgo, stategic advisor to IT professional body IMIS, said: ‘It is quite clear that the time has come to review the working of the Act. We do need to take a look at it, especially in the context of European plans to harmonise laws.’

Virgo said there was still some uncertainty about exactly what the law covered as well, but he added he was pleased that at least some offenders were being prosecuted under the Act: ‘But it is good to know it has been used and used effectively for those who thought it hadn’t been used at all.’

In 1999 and 2000 there were only 33 prosecutions for offences under the Computer Misuse Act. Offenders received sentences in only 26 cases, of which five received community service and one a suspended sentence. Seven were given custodial sentences, and seven were fined.

Many companies fail to report offences. Last month the head of the National Hi-Tech Crime Unit estimated that two-thirds of companies prefered to try and resolve problems in-house.