- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
The U.K. government is proposing changes to an existing law that it says will bolster the ability to prosecute hackers and put them in prison longer -- but analysts question whether the moves will constrict an explosive growth in costly cybercrime.
The U.K. has sought to tighten the Computer Misuse Act of 1990 to more precisely target denial-of-service attacks, which have been used to extort operators of online gambling sites.
Other legal cases in recent years have also brought into question whether the law, composed of three sections, was keeping up with rapid changes in technology.
In November, a judge threw out a case against David Lennon, who allegedly crashed his former employer's e-mail server in a DOS attack in early 2004 using an automated program to send 5 million messages.
Lennon, who was 16 years old at the time of the attack, told authorities after his arrest he wanted to cause "a bit of a mess up" in the company, court documents said.
The judge said the company's Web site invited users to send e-mail. He ruled the section of the CMA under which Lennon was charged was intended to deal with Trojan horses, worms and viruses that corrupt or change data, not e-mail.
Last month an appeals court judge sent Lennon's case back to trial, ruling the volume of e-mail was unwarranted, even if the Web site solicited e-mail. Lennon's case is pending in Wimbledon Magistrates Court.
The amendments to the CMA are currently being considered in the House of Lords as part of the Police and Justice Bill, a comprehensive law enforcement package.
The changes would increase the maximum penalty for unauthorized modification of a computer, under which DOS attacks could be included, from five to 10 years. The maximum penalty for unauthorized access would be raised to two years, up from six months.
An expanded third section is intended to more thoroughly cover denial-of-service attacks, including new language making it an offense to supply hacking tools knowing the programs might be used to break the law.
But observers view the changes to the CMA as unnecessary. Graham Smith, a partner at law firm Bird and Bird in London and author of "Internet Law and Regulation," said the act is broad enough to cover most breaches. Further, Lennon's case has added clarity to prosecution of denial-of-service attacks, Smith said.
The Leader in Network Knowledge
Comment