Copy Link
Add to Bookmark
Report
Pure Bollocks Issue 22_014
----------------------------
* F E A T U R E S *
----------------------------
British Computer Society pushes for hacking reforms
Unauthorised attempts to access and damage information held on computer
systems are not covered adequately by the law, according to a group of
senior BCS members and experts in computer security.
They are particularly concerned about the consequences of the House of
Lords' judgement (Regina v Gold, Regina v Schifreen, April 21 1988)
concerning two hackers who broke into the Duke of Edinburgh's mailbox on
British Telecom's Prestel viewdata service.
Stephen Gold and Robert Schifreen had been accused under the forgery and
Counterfieting Act, but the Lords' judgement revolved around the recording
and storage of electronically held information. Becuase no data was
actually copied, the hackers' appeal was upheld.
The security specialists, led by Frank taylor, have asked the Home
Office and the Department of Trade and Industry to put new legislation before
Parliament as soon as possible.
In a letter to the Home Office, the DTI, the Lord Chancellor's Department
and the EEC, the BCS members state that "anyone intending to break
in, or succeeding in breaking into computerised systems, which affect
the lives of every citizen in the country, needs to know he or she faces the
full rigours of the law.
Jim Brookes, cheif executive of the BCS, says, "This is no laughing
matter - it is deadly serious".
"It is a professional ethical matter. All kinds of data are stored on
computers - everything from medical records to financial information,
from scientific research to company commercial material. All of them
could be accessed illegally."
"The hackers' action and the Lords' subsequent decision have brought
the whole question of computer hacking and its implications to the
attention of those in power and everyone in the IT industry," says Taylor.
In this way the hackers have had a positive effect, but their actions
have also shown the way for those of a more criminal nature.
"We are worried that the decision of the Lords won't be any type of
deterrent."
"It could also set a dangerous precedent for future cases," says
Taylor.
Taylor and the scoiety are calling for stricter laws to deal with the
problem. The BCS believes that unauthorised access should be covered by
statute, as a criminal act. It also wants information and data to be
treated as intellectual property which can cen be lost or damaged by chance,
delay, or corruption, and by improper or incorrect exposure resulting from
unauthorised access.
The society has drawn attention to the report of the Scottish Law
Commission in 1987 (See LAW file in this area), which says hacking should
be made a criminal offence with penalties up to five years in prison. The
discrepancy between Scottish law and the judgement of the Law Lords calls for
immediate attention.
"We support the Scottish Law Commission's report", says the BCS group.
"We agree that it should be an offence for any person without authorisation
to inspect such data or program or add to, alter or corrupt any such program.
We think the Scottish report should be the basis on a new law applying to the
whole UK."
New legislation is needed to deal with the entire process of computer
hacking, and not just whether data was copied. According to
Taylor, the act pf overcoming security measures without authority, often
the prelude to hacking, should be treated as a crime itself.
The security specialists also discussed the serious matter of computer
viruses, recently highlighted by the popular press.
The BCS Security committee is worried that the media hype has exacerbated
the situation, becuase it offers an intellectual challenge to
programmers similar to the challenge of breaking into computer systems.
BCS technical co-ordinator Tony Sale says, "The effect of such activities
is to damage the image of computing. It wastes a large amount of
professional time in hunting for viruses which may or may not exist."
The security committee sugests two lines for defence against viruses.
The first is simply to run software of proven pedigree. The second should
be to hash total all program and data files. This process devises a simple
number code for programs or data files on the system. If you have the
original copies of your software locked away in a safe, take them out, copy
them to newly formatted discs and obtain the hash total.
This total will provide a check for the same files already on the
computer system. Any difference in hash total could mean that some code
has been altered.
Other methods suggested by the committee include timing
measurements and decoy programs, but these are not fool proof and require a
lot of time and energy. Sale suggests that "the only long term solution
to the problem of viruses is to change the climate of opinion so that
production of one is deemed socially unacceptable. This can be assisted by
more awareness of the BCS code of ethics and professional responsibility."
Some legal remedies are possible in dealing with viruses. As with
hacking, if electronic representations of information can be established as
real objects, then damages might be obtained.
-----------------------------------------------------------
<See the "OPINIONS" section for an alternative view to those of the BCS.>
