Tuesday 7 October 2008

Who is liable for computer crime? Us, apparently.

I have, in the past, had the good fortune of helping the police with their enquiries. I don’t mean that in the euphemistic sense of “arrested but not yet charged” but in terms of answering technical questions such as “Does this record in this structure mean that the document was once edited on a Macintosh computer?” As computers have become more and more integrated parts of our society, so they have become part and parcel of police work. Of course, some bits of detective work are harder than others. I read with interest that a car thief, specifically a Mr Aarron Evans, had been successfully prosecuted in Bristol after a camera equipped car caught a clear and readable image of his neck. Mr Evans had been kind enough to have his name and date of birth tattooed onto his neck making the investigation a lot easier.

Sadly, most cases are not that easy. The House of Lords Science and Technology Committee will be asking the government to do more against online crime. Some of the proposals from the committee will be a challenge to the industry including holding software developers liable for security flaws in their software. I can see that one getting very expensive very quickly and possibly killing off some shareware providers. A smallish company would struggle under a hefty fine, especially in these difficult days. However, I am talking about policing here and it would be tricky for the police (because where else would crimes be handled) to assess how serious a software flaw was. That recommendation has not (yet) been passed into law but it opens up a whole can of worms for the software industry and the police alike. Imagine a website being hacked to host a malicious download – an everyday thing, really. Is the web developer liable for the damage done to those that downloaded the component? That would seem to be the literal reading.

Ahead of Friday’s session, Lord Broers, chairman of the committee said:

“In our initial report we raised concerns that public confidence in the internet could be undermined if more was not done to prevent and prosecute e-crime. We felt that the Government, the police and the software developers were failing to meet their responsibilities and were quite unreasonably leaving individual users to fend for themselves.

Some of our recommendations, such as the establishment of a specialist e-crime police unit, are now being acted on by Government. But others, such as software developers' liability for damage caused by security flaws and enabling people to report online fraud directly to the police rather than their bank, have either been ignored or are awaiting action.”

The bolding was mine.

Apparently there is going to be a replacement for the e-crimes police force that was disbanded in 2007. In a world where the required skills are rarer than hen’s teeth, there are going to be a lot of people scrabbling around to get things looked at and, where needed, fixed.

The discussion of the committee’s report is at 12 PM (GMT+1) on October 10th – the url for the live webcast is http://www.parliamentlive.tv/

Interesting times, gentle reader

Signing off,

Mark Long, Digital Looking Glass Ltd

No comments: