Baroness Neville-Jones (Con)

- View Speech - Hansard -

Copy Link

-

My Lords, I shall speak in the gap. I was not a member of the committee, and I will be brief in dealing with one point in particular. This is an important report that is extremely thorough in dealing with the alarming rise in the level of fraud in this country. It is no exaggeration to say that hundreds of millions of pounds is involved, both in the economy and in individual financial situations, and misery is caused to those who become victims of it. It is good to hear that the Security Minister is taking the report’s proposals seriously.

The point I want to focus on, which features in the report, is the need to reform the Computer Misuse Act. If it were reformed, that would add effectively to the armoury of measures that we need to deal with the growth in fraud. The Act was an early piece of legislation in the field of cybersecurity—I would say it was one of the foundational pieces—and, not surprisingly, in some respects it is out of date. The report says, in terms, that its review “cannot be delayed further”. It was about a year ago, if not rather longer, that my noble friend, the then Minister of State in the Home Office, indicated to me in response to a question that our hopes that there could be action perhaps would be realised. I have to say that it still has not happened; it certainly has not resulted in any draft legislation.

One may ask why it matters. There are a number of reasons, but the one that is relevant to this report is that we need a statutory defence in this country to protect cybersecurity researchers from prosecution. Those researchers are potentially part of the mechanism that could track criminals down, but our law is unclear on the legality of their being able to do this and engage in the kind of ethical hacking that they would need to in order to get at the roots of the criminal activity. Such hacking is not happening on anything like the scale that could be helpful, and is possible, if the necessary legal cover were given.

The Government said in their response to the report:

“The government is consulting on a number of new powers for law enforcement agencies to enhance their ability to investigate and prevent cybercrime. In addition, further work is needed on the issue of defences, which will be taken forward through engagement with stakeholders”.


That is correct, but this is the situation that prevailed when I last raised the issue, which was, as I said, at least a year ago. The pace of consultation seems to be excessively leisurely. I plead with the Government to get on with modernising that useful but outdated Act. Compared with the scope and complexity of some recent legislation, it is a comparatively simple task—perhaps that is why it is taking a back seat. If the Act were modernised, it really would be capable of making a useful contribution to the reduction of fraud in the UK, which I think this House agrees is an important task which we should be getting on with.