APIG targets update of Computer Misuse Act

A comprehensive inquiry into the Computer Misuse Act conducted by the All-Party Parliamentary Internet Group (APIG) – chaired by Derek Wyatt MP – has concluded that industry and the Home Office must collaborate in updating information contained in the Computer Misuse Act.

In producing their final 26-page report ‘Revision of the Computer Misuse Act’, Wyatt and his joint vice chairmen Richard Allan MP and Michael Fabricant MP held a number of public hearings within the House of Commons, listening to evidence from a host of law enforcement agencies and members of the wider security community. Their subsequent recommendations are wide-ranging.

While the report is a step in the right direction, there are several issues which – in the opinion of digital crime expert Simon Janes – haven’t been adequately addressed. Janes, formerly head of Scotland Yard’s Computer Crime Unit, was the lead expert called upon by MPs in the House and revealed that (typically) UK businesses only report 5-7% of all computer-related crime to the police.

Speaking exclusively to SMT, Janes commented: “The APIG report calls for a ‘checklist’ aimed at preserving electronic evidence for the police, but that’s somewhat unnecessary. ACPO has already issued a Good Practice Guide for computer-based evidence. However, these guidelines, and those published by the National High Tech Crime Unit, still require some specialist or expert application. They’re not intended to provide a risk-free solution for untrained individuals operating in the private sector. There are great risks associated with encouraging anyone to undertake any form of DIY preservation of electronic evidence.”

The UK is currently facing a chronic shortage of trained computer forensic investigators both within the law enforcement and private sectors. “That being the case,” added Janes, “it’s disappointing that the APIG hasn’t offered any solutions as to how resources for specialist law enforcement training might be increased. Failure to address that skills shortage will fundamentally undermine any positive gains made by updating the Act, leaving UK businesses just as vulnerable to cybercrime as they are now.”

On a positive note, Janes believes the report’s recommendation for the Law Commission to expedite the development of frameworks that will effectively criminalise the theft of data is “very welcome”. Electronic corporate espionage is a huge issue for companies across all sectors of industry. UK concerns are losing billions of pounds worth of intellectual property every year as a result of digital theft.

“Another issue the report fails to address is the commercial sensitivity of prosecuting cybercriminals,” continued Janes. “Around 93-95% of all cybercrimes pass by unreported simply because organisations rate unwanted publicity as being potentially more damaging to their business than the incident itself. The APIG’s report should be facilitating and legitimising private cyber investigations.”