Hackers could face life sentences in the UK
07 Jun 2014
The UK's Computer Misuse Act 1990 would be amended to provide for putting hackers who launch serious attacks, such as those on critical infrastructure behind bars for life, Wired managzine reported.
The Act comes under the Serious Crime Bill and generally outlines offences associated with hacking and associated tools (malware) that allow computer systems to be breached.
Currently, the offences outlined do not in fact account for a type of cyberattack that might be life threatening or threaten national security. Under Section 1 of the act, unauthorised access to computer material or a person's user ID and password is an offence.
A Section 2 offence, which is slightly more serious relates to committing further crimes after gaining unauthorised access to someone's computer, for instance stealing people's money or blackmailing people after gaining access to their information.
Section 3 offences include spreading viruses, deleting files, using Trojans to steal data or mounting a denial of service attack, for which the maximum sentence for these offences is 10 years.
The Serious Crime Bill proposed as announced in the Queen's Speech this week, would include addition of a new offence under the Computer Misuse Act, which is "unauthorised acts causing serious damage".
Meanwhile, companies based outside the EU would need to meet Europe's data protection rules, ministers agreed on Friday, Reuters reported. Governments however remain divided over how these could be enforced on companies operating across the bloc.
The agreement to force internet companies such as Google and Facebook to abide by EU-wide rules comes as a first step in a wider reform package to tighten privacy laws - an issue that had gained prominence following revelations of US spying in Europe.
The disclosure by Vodafone on Friday of the extent of telephone call surveillance in European countries showed the practice was not limited to the US. The world's second-largest mobile phone company, Vodafone, has its headquarters in the UK.
"All companies operating on European soil have to apply the rules," EU justice commissioner Viviane Reding told reporters at a meeting in Luxembourg where ministers agreed on a position also been backed by the Court of Justice of the EU.
Non-European companies having operations in Europe currently comply with data protection laws in the country in which they are based, which, which, according to some, led to "jurisdiction shopping" whereby businesses set up shop in countries with a more relaxed attitude to privacy.
But under the new rules all EU countries will have the same data protection laws, meaning companies will no longer be able to challenge which laws apply to them in court.