« 30 Providing false information | Main | 32 Consequential amendments relating to offences »
May 23, 2004
31 Tampering with Register
(1) In section 3 of the Computer Misuse Act 1990 (c. 18) (unauthorised
modification of computer material).
(a) in paragraph (b) of subsection (7) (penalty for offence on conviction on
indictment), at the beginning insert "subject to subsection (8)"; and
(b) after that subsection insert the subsection set out in subsection (2) of
this section.
(2) The inserted subsection is.
"(8) Where an offence under this section is committed wholly or partly in
relation to any contents of a computer that consist of the National
Identity Register or any part of it, subsection (7)(b) above shall have
effect as if for "five years" there were substituted "ten years"".
Posted by wtwu at May 23, 2004 11:41 PM
Trackback Pings
TrackBack URL for this entry:
http://www.spy.org.uk/cgi-bin/mt316/mt-tb.cgi/145
Comments
Somehow this important comment was missed. Here it is again:
No!
There is a very strong case for re-vamping the Computer Misuse Act 1990 ? this should have been done 10 years ago when the Internet and World Wide Web and email and viruses and Denial of Service attacks started to be commonplace. It is a scandal that the Home Office has ignored alll the technical developments since 1990.
There is a case to be made for registering Critical National Infrastructure (CNI) computer systems c.f. http://www.niscc.gov.uk/cni/index.htm
It is arguable that CNI systems should be protected with harsher than normal criminal penalties, against attackers, provided that there are also mandatory independent computer security audits with criminal penalties aimed against directors of companies or civil servants or Ministers who ignore the advice of such audits and fail to ensure best practice.
However, there is no justification for designating an ?airy fairy? category of ?National Identity Register? computer ? what exactly does this term mean ? Does it cover the electronic chip on the Smart Card, or the Reader or the telecomms ?cloud? which connects it to the central database ? Or everything in between ?
This Bill , despite its astonishing reliance on secondary legislation, does not even bother to provide for a Statutory Instrument or even a mandatory Code of Practice which would define exactly which systems constitute a ?National Identity Register Computer?
What is the justification for increasing the penalty under the Computer Misuse Act for attacks on the NIR, but not on actually life threatening attacks on the Critical National Infrastructure computers e.g. air traffic control, nuclear power station control systems, or hospital life support systems etc ?
Where there is a deliberate attack by terrorists, the existing Terrorism Act 2000 section 1
http://www.legislation.hmso.gov.uk/acts/acts2000/00011--b.htm#1
already has the power to deal with those people who do or threaten an action which
?e) is designed seriously to interfere with or seriously to disrupt an electronic system.?
Clause 31 in the Draft ID card Bill does not mention Denial of Service attacks either directly aimed at the National Identity Register or which affect it as a side effect of shared telecomms infrastructure
RECCOMENDATION:
This whole clause 31 should be removed from the Bill.pending an urgent and overdue revision of the Computer Misuse Act.
Posted by: wtwu at July 21, 2004 10:36 AM