Secret Crime Bill targets tech criminals but might incriminate the innocent
The UK Government is planning to impose life imprisonment for cyber criminals committing "serious crime", through an amendment to the Computer Misuse Act 1990, the Queen's Speech revealed.
The Computer Misuse Act will be updated to "ensure sentences for attacks on computer systems fully reflect the damage they cause".
The proposal was included in the Secret Crime Bill, which also proposes improvements in recovery of criminal assets, create a new offence of possessing 'paedophilic manuals', and establish new powers to seize, detain and destroy chemical substances.
A document released by the government after the speech said, "The purpose of the (Secret Crime) Bill is to create peace of mind for all that live here by building on current criminal and civil law to ensure we can continue to effectively and relentlessly pursue, disrupt and bring to justice serious and organised criminals, guard against the threat of terrorism and protect vulnerable women and children."
The decision to impose 14-year jail for cyber attacks received mixed responses.
Minister for modern slavery and organised crime Karen Bradley said, "Our reliance on computer systems and the degree to which they are interlinked is ever increasing and a major cyber attack on our critical infrastructure would have grave consequences.
"This Bill would ensure that in the event of such a serious attack those responsible would face the justice they deserve."
There are, however, concerns that experts like penetration testers who work for common good trying to find vulnerabilities may end up as offenders as their nature of work matches that of criminals, wrote The Guardian.
Penetration testing firm Rapid7 global security strategist Trey Ford said that any researchers looking for the recent Heartbleed bug, which left a vast number of websites open to attack, could have been charged under British hacking laws.
"It's concerning that the law designed to protect people from cybercrime also penalises activity designed to identify areas of cyber risk," he added.