The Government wants to create a safer environment for online trading through legislation and co-operation with research organisations.
The cost of online fraud to UK pIc is huge: the government puts the figure at over £9 billion a year. In the US, analysts estimate the costs at $10 billion (£7.09 million) a year. Almost half of all organisations suffer an information security-related financial loss each year and 41 per cent of companies cite security as the major hurdle to doing business over the Internet.
There is an unmistakable need for better security within e-commerce, and creating a safer environment has been the responsibility of the Minister for Small Business and E-commerce since 1999. To this aim, the Management of Information project was launched. The three-year rolling LINK initiative, which supports partnerships between industry and research projects, has the following aims:
- to encourage the development of new technologies to detect and counter fraud;
- to improve the privacy of individuals and organisations; and
- to encourage development of hi-tech weapons against conventional activities such as forgery, illegal access and theft.
In November, e-commerce minister Douglas Alexander announced another two projects to boost "e-confidence": FIDES - developing software to improve e-trading processes and HI-SPEC - addressing consumer and industry barriers in e-commerce.
FIDES (Fair Integrated Data Exchanged Services) will research the design and implementation of secure e-procurement information-exchange systems over the Internet. HI-SPEC (Human Issues in Security and Privacy for E-Commerce) will explore the development of "rules of trust" for e-consumers and e-tailers, developing software to meet the needs of next-generation privacy-enhancing technologies.
How successful is prosecution?
In the lynchpin case that prompted enactment of the Computer Misuse Act 1990, the defendants were accused of hacking into a computer databank and convicted of making a "false instrument" under the Forgery and Counterfeiting Act 1981. Their appeal on the grounds that they had not actually "made" an instrument was quashed in the Court of Appeal, a decision later upheld by the Crown to the House of Lords.
The Act creates the specific offences available to prosecutors to tackle computer crime. However, it has not been widely used, one reason being that computer crime often involves the use of computers to facilitate more traditional offences such as conspiracy to defraud.
Under the Act, it is an offence to cause a computer to perform any function with intent to secure access to any programme or data held on any computer with the intention to secure unauthorised access, while knowing that such access is unauthorised. In addition, gaining unauthorised access with intent to commit an offence is punishable by five years' imprisonment (on indictment) or more.
It is also an offence to make unauthorised modifications to the contents of any computer with intent to impair its operation, prevent or hinder access to any programme or data held in the computer, or to impair the operation of any such programme or the reliability of any such data. It is necessary to prove knowledge that such modification is unauthorised. The Act allows prosecutions to take in this country, while the scope is similarly wide for inchoate offences such conspiracy and attempt to commit such offences. In particular, the question of which country any person became a party to a conspiracy and whether any act, omission other event occurred in the home country concerned is immaterial to proving guilt.
There is no offence of stealing a service but the Law Commission has recognised the need for a specific offence of dishonestly obtaining a service from a machine because of the Internet and growth of e-commerce.
How will this develop?
The pending European Convention on Cybercrime is the first international treaty on crimes committed over the Internet and other computer networks. Its main objective is to pursue a common criminal policy to protect society against cybercrime, especially by adopting appropriate legislation fostering international co-operation.
A clearer understanding of acceptable online conduct will foster a greater sense of trust, which is essential for Europe to become the e-commerce hub it aspires to be.
First published in Managing Information Strategies in January 2002. Co-written by Lisa Comber.