The UK government is proposing changes to a fraud law that would mean scammers behind phishing attacks could face up to 10 years in jail.
The Home Office has published the government's Fraud Bill in which it suggests a new offence of fraud to close loop holes in the current law.
Home Office minister Fiona Mactaggart said: "The introduction of a general fraud offence will improve the criminal law in a number of respects. It will simplify the law, making it clearer to juries and the general public as well as making the prosecution process more effective by providing a clear definition of fraud. Our aim is to encompass all forms of fraudulent conduct, with a law that is flexible enough to deal with developing technology, allowing us to bring more offenders to justice."
Under the proposal, the offence could be committed in three ways: by false representation, such as phishing scams; by failing to disclose information for financial gain; or by abuse of position. The Home Office is also planning to criminalise obtaining services dishonestly, possessing articles for use in fraud and participating in fraudulent business.
The Home Office said it was aiming to clarify the definition of current offences, which were allowing some defendants to escape prosecution through ambiguity of wording.
But some security experts are not convinced that the proposals will work. Paul Wood, a chief analyst at security company MessageLabs, said the government needed to focus on technology problems around fraud: "Any measure taken to update the law to address this form of criminal activity is to be welcomed. However, while legislative measures will act as a deterrent, it does not remove the need for technology solutions."
The Fraud Bill was introduced into the House of Lords on Thursday.
Talkback
TECHNO-LEGAL SOLUTION IS THE ULTIMATE SOLUTION
The information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results. These methods, however, may also be used for checking the authenticity, safety and security of one’s technological device, which has been primarily relied upon and trusted for providing the security to a particular organisation. For instance, the creator of the “Sasser worm” has been hired as a “security software programmer” by a German firm, so that he can make firewalls, which will stop suspected files from entering computer systems.
This exercise of hiring those persons who are responsible for causing havoc and nuisance is the recognition of the growing and inevitable need of “self protection”, which is recognised in all the countries of the world. In fact, a society without protection in the form of “self help” cannot be visualised in the present electronic era. The content providers, all over the world, have favoured proposed legislations in their respective countries, which allow them to disable copyright infringers’computers. In some countries the software developers have vehemently supported the legislations which allows them to remotely disable the computer violating the terms and conditions of the license allowing the use of the software. This position has, however, given birth to a debate about the desirability, propriety and the legality of a law providing for a disabling effect to these “malware". The problem is further made complicate due to absence of a uniform law solving the “jurisdictional problem”. The Internet recognises no boundaries, hence the attacker or offender may belong to any part of the world, where the law of the offended country may not be effective. This has strengthened the need for a “techno-legal’ solution rather than a pure legal recourse in the present electronic era.
The action of the government is a good step in the right direction. The need of the hour is to merge it with the concept of "aggressive defence".
Kindly see http://www.naavi.org/praveen_dalal/private_defence_arc_08.htm for more details and Indian position.
The law should be able to trace ghost letters which are from phishers standing in the dark to collect personal data for illegal gains. Once these letters can be traced to the actual sources, I think it may deter the ghost workers a bit,
People watch through the windows into your (living room like thieves) system, and the only way out is to short the front end door on them, trapping them into your house so to say, and then try to get rid of their mess.