Today I’ve watched with interest as news reports have come in about the arrests of suspected Anonymous and Lulzsec members. I’ve felt a weird mixture of both disgust and pride that many of these people reside in the UK but I’m left feeling utter and complete shame regarding the laws and legal system to which these people will be held to account.
The Computer Misuse Act (1990) is the law that deals primarily with “hacking” offences. Twenty years ago this was probably fine because groups like Anonymous didn’t exist, probably because the internet wasn’t around in the form we know today. The fact that the law is now 21 years old, and that there has been no legitimate successor, is astonishing.
The most shocking thing is the potential sentence for those offenders in the UK. Here we have people that have maliciously attacked companies costing millions, and potentially billions, of lost revenue. So, what is the maximum sentence that can be given for these offences under CMA90? Well, the law states that the sentence has to be given by a magistrate’s court. This means a maximum sentence of two years imprisonment or a £5,000 fine. Yes, that’s all. The offence is considered so low that a jury isn’t even called.
I have not been able to find a single example of anyone ever having received the maximum sentence for any offence brought under CMA90.
Where’s the deterrent? These people are released, if the magistrates decide to even send them to prison, and typically walk into high-paying security jobs.
Technology moves so quickly and I understand the pressure on politicians to keep up with everything but these people are suspected of causing chaos, disruption and significant financial loss. The limits of this law need to be addressed now.