The Serious Crime Bill referred to in the Queen’s Speech on 4 June has now been published. It contains various measures aimed at tackling serious organised crime, strengthening powers to seize the proceeds of crime and protecting vulnerable women and children. Amongst the serious crime measures, the draft Bill contains amendments to the Computer Misuse Act 1990 (CMA) to:
- ensure sentences for attacks on computer systems fully reflect the damage they cause
- implement Directive 2013/40/EU on attacks against information systems (the "Cybercrime Directive").
This recognises that large-scale cyber attacks can cause substantial economic damage both through the interruption of information systems and communication and through the loss or alteration of commercially important confidential information or other data.
The amendments to the CMA will create a new offence of unauthorised acts in relation to a computer that cause or create a risk of serious damage of a material kind, meaning damage to human welfare, the environment, the economy, or national security. The maximum sentence will be 14 years unless it causes loss of human life, or human illness or injury, or serious damage to national security in which case it could be life.
The Cybercrime Directive will also be implemented by amendments to the CMA. The Directive aims to tackle the increasingly sophisticated and large-scale forms of attacks against information systems and has to be brought in across all Member States by 4 September 2015. The amendments include extending section 3A of the CMA to cover the obtaining of tools for personal use to commit offences under the CMA and extending the existing extra-territorial jurisdiction provisions in the CMA to provide a legal basis to prosecute a UK national who commits an offence whilst outside the UK.