Home Page

Column 1133

House of Commons

Friday 9 February 1990

The House met at half-past Nine o'clock


[Mr. Speaker-- in the Chair ]


Roding Valley

9.34 am

Mr. Paul Channon (Southend, West) : On behalf of my hon. Friend the Member for Brentwood and Ongar (Mr. McCrindle) who, as the House knows, has been ill, and whom we all hope and expect to be back in the House very soon indeed, I beg leave to present a petition from the members of the Roding Valley conservation group signed by several hundred people whose lives and work are severely affected by the proposal of the Amey Roadstone Corporation in the green belt near Chipping Ongar in Essex to extend its clay extraction, clay processing and landfill operations. The proposals would cause severe damage to local people and to the environment until the year 2039 and possibly beyond and they are opposed by local people, three parish councils, two district councils and the county council.

"Wherefore your Petitioners pray that your honourable House will urge the Secretary of State for the Environment to refuse planning permission for ARC's proposals and thus prevent that company from destroying part of the irreplaceable Roding Valley.

And your Petitioners, as in duty bound, will ever pray".

To lie upon the Table.

Student Loans

Sir Russell Johnston (Inverness, Nairn and Lochaber) : I beg leave to present a petition on behalf of, and collected by, the Inverness college students association. The petition demonstrates widespread concern in my constituency and in other parts of the Highlands about the introduction of student loans. The loans are felt to create a significant disincentive to groups whom we should be encouraging to enter higher education. There is also an awareness, not apparently shared by the Government, of the particular problem of four-year courses in Scotland :

"Wherefore your Petitioners pray that your honourable House do reject the proposals for the payment by students of tuition fees or student loans ; furthermore, that access to further and higher education be improved and not be inhibited by inability to pay. And your Petitioners, as in duty bound, will ever pray".

To lie upon the Table.

Column 1134

Orders of the Day

Computer Misuse Bill

Order for Second Reading read.

9.36 am

Mr. Michael Colvin (Romsey and Waterside) : I beg to move, That the Bill be now read a Second time.

As the title of the Bill suggests, it deals with certain forms of computer misuse. Perhaps I had better begin by explaining what I mean by computer misuse.

There are three main categories of computer misuse. The first is unauthorised access to computers and computer systems. The second is unauthorised access with further ulterior intent, such as fraud, and, finally, there is unauthorised modification, which is the computer equivalent of criminal damage.

The Bill would make those three forms of computer misuse criminal offences. The underlying principle is to safeguard the integrity--what I call the trustworthiness--of computers and not to protect the information that computers contain. I do not want the House to be under any misconception about that.

Computer misuse probably costs the United Kingdom between £400 million --the CBI's figure--and perhaps as much as £2 billion a year, in terms of damage to systems. Those figures are based on estimates from industry sources, users of systems and manufacturers of computer hardware and software. I am afraid that there are no reliable statistics, because there is no central recording of incidents. Unfortunately the perception is that there is a very low probability of successfully prosecuting computer misuse under present law. That leads to organisations being reluctant to admit unauthorised access because they see that as a bit of an embarrassment.

It is significant, for example, that of 270 cases that have been verified by the Department of Trade and Industry as involving computer misuse over the past five years, only six were brought to court for prosecution and only three of those were successfully prosecuted for fraud. There must be some inadequacy in the law as it stands.

Costs from misuse arise because any unauthorised access undermines the trustworthiness of a computer. An organisation usually cannot tell precisely what has happened when access has been achieved. As a result, it must spend resources on checking and restoring computer software. When there are several computers in a system that process can be very expensive- -probably costing tens of thousands of pounds. For example, I may hack-- that is the jargon for unauthorised access--into a local hospital's computer. Whether or not I succeed in modifying medical records for some malicious purpose, a computer manager in the hospital, having discovered me, which he can do because I would have left electronic footprints around, must check and verify perhaps all computer records. If I succeed in modifying the system, it could be disastrous, as I am sure hon. Members will appreciate.

Another possibility is that I will render the computer and any others connected with it in the network inoperable, and the cost of cleaning up such a network can amount to hundreds of thousands of pounds. The first conviction for such an activity has just occurred in the United States.

Column 1135

That is occurring when we are in the vanguard of countries seeking to encourage greater use of information technology to create wealth and when we are doing our best to attract inward investment to the United Kingdom, with 1992 and a single Europe in mind. The United Kingdom is one of the few major western industrial countries that have no computer crime laws to deal with a serious problem. There is a real risk that, if nothing is done, the United Kingdom could become an international hackers' haven.

Why is our law unable to deal with computer mischief? It is principally because it simply has not kept pace with the rate of progress and because computer misuse is fairly new. My "Oxford English Dictionary", which was published in 1964, does not even mention the noun "computer". The pace of technological development has been so rapid that, over three or four decades, computers have come into widespread commercial use. In one decade- -the 1980s--the technological revolution has extended to the home, with the use of personal computers. Undoubtedly, in the next decade many further advances will be inevitable. In the 1980s, we witnessed a vast increase in knowledge of computers and the production of easier-to-use machines. Computers are much more user friendly. Prices have tumbled, and computer technology is now available to virtually everybody.

Modern telecommunications enable one to connect with a computer through a modem. Some people think that a modem is an expensive and bulky piece of equipment. I have a modem in my hand. Hon. Members can see that it is rather smaller than a cigarette lighter, and not very costly either. With such a device people can connect into telephone networks. International networks are expanding quickly and are carrying many more messages since the introduction of fibre optics. Anyone with a simple home computer and a modem can access another computer if it is connected to the telephone network. That vastly increases the speed of modern communications and aids the welcome free exchange of information, but it leaves computers vulnerable to misuse.

Security fears block the free flow of information. Scientific and social progress can take place only in the open. The paranoia that hackers leave in their wake stifles work and forces administrators to disconnect their links with network communities. Open systems need trust, but hackers destroy trust. The information technology industry has recognised that risk. Responsible vendors and service organisations have put in place comprehensive development programmes to create secure information products and services--not least Her Majesty's Government, through the work of the Central Computer Telecommunications Agency staff, to whom I spoke only yesterday. However, the fact remains that the lack of appropriate legislation in the United Kingdom provides a loophole for hackers, particularly if legitimate user systems have been outmoded by rapid technological advances. We find ourselves in the 1990s with new, well- defined mischiefs that the law does not address at all or does not address with any certainty.

I have been asked why, as someone who is barely computer literate, although I am learning fast, I should bring forward a Bill on computer misuse. I may not know much about computers, but computers know a great deal

Column 1136

about me, and that is why the Bill is of general interest. I am still counting, but, so far, I have identified 102 computer systems in Britain that contain personal information about me, and the same is probably true of all hon. Members.

Most homes now boast a personal computer of some sort. Certainly, many people sit at computer terminals at work. Most hon. Members have invested in computers or word processors to cope with the flood of constituency mail that we receive. Unfortunately, since the fall in the price of such instruments and the growth in user friendliness, our constituents are also investing in such machines. One computer is now talking to another computer, and hon. Members sit somewhere in betweeen. There are probably as many computers in offices, factories and homes as there are cars outside.

Just as at the beginning of the century, when the first motor cars appeared on our roads, we had to introduce special laws to govern their use and misuse, in spite of existing legislation on horse-drawn carriages, so too are special laws required today to cope with computers. The Bill would provide such laws.

I have closely based the Bill on the excellent and well-reasoned recommendations of the Law Commission of England and Wales in its report No. 186, which was published in October 1989. So that the Bill should apply to Scotland as well, I have drawn on an earlier Scottish Law Commission report, No. 106, which was published in 1987. I offer my thanks to Mr. Richard Buxton QC of the Law Commission of England and Wales. He is a principal member of that commission and has been closely involved in the preparation of the Bill. The Law Commission stated that an adequate deterrent would not be provided against the threat of computer misuse simply by trying to stretch or patch up existing criminal law. It took the view that society needs to say clearly that unauthorised access to any computer system is now so anti-social as to be a criminal offence.

That view is shared by a large majority of the 100-odd organisations and individuals who made submissions to the Law Commission of England and Wales when it conducted its year-long study of the nature and extent of computer misuse, following the publication of its working green paper No. 110. Evidence came from a wide range of organisations--computer users in the public and private sectors, computer software manufacturers, hardware manufacturers, and the law enforcement agencies--to many of whom I have spoken in the past five weeks, and I thank them most sincerely for their help. In carrying out its review, the commission was considerably helped by the report of the Scottish Law Commission. Primarily, the extra evidence that has been provided by the passage of time and the difference between the two legal systems in Scotland and England and Wales led to slightly different recommendations. Since publication of the commission's report, some well-attended public debates have shown a broad consensus of support, if some difference on specific details.

I owe much to the parliamentary information technology committee--PITCOM-- and to the efforts of my hon. Friend the Member for Torridge and Devon, West (Miss Nicholson), who I am pleased to see in her place, and who has probably forgotten more about computers than I will ever learn. But for the luck of the draw, my hon. Friend would almost certainly have been bringing forward an update of her own Bill on this matter.

Column 1137

My hon. Friend has done a great deal to raise public awareness of this issue and I am delighted to have her as a sponsor of my Bill. To show the sort of twisted culture that the Bill is trying to stamp out, I have with me an extract from a bulletin board, which is a sort of electronic newspaper that is used by computer operators. It regards my hon. Friends enthusiasm as extremely unwelcome, stating : "who's seen the news in the Sunday Times' page A5 about hacking and phreaking Mercury they also want restrictions on BBS's it's that stupid cow the devon MP computer expert' don't make me laff could be bad news tho maybe someone should assassinate her?" Did somebody suggest that hacking is a harmless culture? All that I can say is that it is a privilege and I am honoured to join my hon. Friend on the hackers' hit list.

Now to the Bill and the underlying policy--

Sir Geoffrey Finsberg (Hampstead and Highgate) : I heard my hon. Friend's dulcet tones on the radio this morning, but one point about his Bill needs clarification. We all recognise the need for this action, but is he satisfied, first, that the police forces of this country have the professional ability to find out when there is a crime, and secondly--and perhaps more importantly--what about the Crown prosecution service? Will it be able to do an effective job if, as I hope, we give the Bill legislative effect?

Mr. Colvin : I welcome that intervention. I shall be coming to those points later but, briefly, I am satisfied that the police have adequate powers at present to enforce the law, and I am sure that the Crown prosecution service will be careful about assessing evidence before it agrees to proceed with prosecutions. It is clear that what the Bill proposes by way of penalties means that it will be an adequate deterrent to put off a lot of the hacking that is now taking place.

Mr. James Arbuthnot (Wanstead and Woodford) : I am most grateful to my hon. Friend for giving way again. He has just been talking about bulletin boards and I have been following and agreeing with what he has said so far. Obviously, a great deal of action is necessary and the Bill is extremely good. However, I caution my hon. Friend about attacking the idea of bulletin boards because they are a bit like any other form of communication--they can be misused, but perhaps that misuse, rather than the medium through which the misuse is occurring should be controlled. Does my hon. Friend agree that attacking bulletin boards as such is a bit like attacking books?

Mr. Colvin : That would be an extremely dangerous thing to do. The whole essence of my Bill is that I am improving freedom of information, which is fundamental to this country. A bulletin board is like a newspaper, but if I persuaded somebody through a newspaper to commit an offence, I would be guilty of incitement. Bulletin boards must be extremely careful about what they say. My hon. Friend's point is extremely valid.

The Bill has two main elements. Clauses 1 to 5 make provision for the new offences. Clauses 6 to 11 introduce new rules governing the jurisdiction of the courts to try cases. Clauses 12 to 19 are consequential provisions, making technical amendments to the body of criminal law or amplifying the offences themselves.

I shall concentrate first on the main elements--the offences. Clause 1 creates a new offence triable summarily--that is, in a magistrates court-- of unauthorised access

Column 1138

to programs and data held in computers. The maximum penalty is six months in gaol or a £2,000 fine, which is the maximum that a magistrates court can hand out. The objective is to deter deliberate, unauthorised access or attempts to gain access, which is usually referred to as hacking. It is also aimed at insiders who try to get into parts of a system where they know that they should not be. "Intent" is the key element. It would be wrong to seek to catch the person who secures access simply because he or she is inattentive, incompetent, careless or not properly informed about the limits of his or her authority. It puts the onus on employers to ensure that, within contracts of employment or other instructions, employees are left in absolutely no doubt about what they are entitled to do. If they have authority, this law would in no way attempt to penalise them.

Clause 2 creates an offence, triable either summarily or on indictment, of unauthorised access with the intent to commit or to facilitate the commission of a more serious further offence, such as fraud or blackmail. The offence provides substantially greater penalties to deal with those who have distinctly criminal intentions. The maximum penalty would be five years in gaol and, of course, the fines would be unlimited. It is what lawyers call a preliminary offence, because it bites before the further offence is committed or attempted. If I use a computer to get information with which to blackmail someone, I have committed a clause 2 offence even before I have sent the blackmail note.

Clause 3 is the corresponding clause for Scotland. The formulation that is proposed for the rest of the United Kingdom would not work in Scotland because of the differences in the Scottish legal system. The formula that I have adopted is similar to that suggested by the Scottish Law Commission in its report on computer crime, to which I have already referred.

Clause 4 creates an offence, triable summarily or on indictment, to deal with the unauthorised modification of data or programs held in computers or computer storage media. The intention is to remove the current uncertainty that exists in the law concerning damage to intangible property, such as data. It is not intended to cover physical damage to a computer or to disks which would remain within the ambit of the criminal damage laws. It is intended to cover forms of conduct such as erasure, or the putting into circulation of disks that are infected with a computer code--the jargon is "virus"--that is designed to impair the performance of the computer. It is much like the, flu virus that replicates itself in the body and slows one down. Incidentally, it takes a real expert about two hours to write the software for a virus but, on average, about 350 hours to check out a system that is infected and to correct the damage that might have been caused.

There seems to be a whole zoo of malicious software. Since I have been investigating the matter, I have met Trojan horses, logic bombs, viruses, worms, bacteria and even rabbits. I am not sure that I can always tell one from another, but I know that they are all pretty nasty.

Hon. Members may have heard something about this little devil I have here. It is a diskette. The note accompanying it stated that it is an "AIDS introductory diskette". It was mailed to over 20,000 personal computer users in December last year. Those who loaded it into their machines found that it was extremely malicious in that it instructed them to sent money to a Post Office box in Panama or else the program contained on the diskette

Column 1139

would impair the computer's memory after 90 accesses. Many organisations were affected. This one was posted to Kenya from London W1.

Dr. Lewis Popp was arrested last Saturday in Ohio for circulating the disks. He was charged with extorting money with menaces. If he did it, I hope that the police can make the charge stick. If they cannot, the accused will probably get away scot free because circulation of an infected disk, such as this, is not an offence. However, the Bill will make it one.

The prospect of new offences has stimulated considerable debate and interest and a number of views have been expressed about it, most of them in favour. However, there are some dissenters on specific issues and it might help the House if I were to comment on some of the reservations that have been expressed.

It has been argued that the basis of the offences should not be the safeguarding of the computer's trustworthiness, as I propose, but the protection of information, perhaps by conferring a property right on information. That has certain intellectual attraction but the Law Commission rejected that approach. Property rights to information raise complex issues about freedom of information, privacy, confidentiality and how information is valued--which have not been considered in depth. I suspect that it will take a long time to study them properly and to reach a consensus.

We are living in what people call the information society, so it is necessary to consider such issues for the future. We should not let present mischiefs go unchecked for 10 years while we debate freedom of information, privacy and confidentiality.

When pondering issues such as this it is natural to consider whether there is another more suitable and simpler remedy. The Law Commission concluded that there was not. It considered whether users could prevent unauthorised access or modification simply by taking security precautions. In much the same way as we lock our doors to deter burglars, it is possible to protect computers, and many people do.

There is now among users a far greater appreciation of the threat to computer systems and the need to take proper precautions. My research on the Bill certainly proved that. However, there is no complete form of protection for computers. High levels of security can be achieved but they are horrifically expensive, in terms of money, inconvenience or both. Security systems tend to slow up the computer. When speed is the essence, that can be extremely costly. We do not expect householders to turn their homes into Fort Knox. We expect them to take sensible precautions and we add to that the support of sound laws against burglary. That is precisely my approach in the Bill.

Computer owners do not have a statutory duty to protect their computer systems. When I discussed this aspect of the Bill with the Data Protection Registrar, Mr. Eric Howe, he pointed out that the Data Protection Act 1984 requires computer users who process information about individuals to follow certain good practices. These are laid down in the data protection principles. One of those principles is :

Column 1140

"appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction of personal data." I do not accept the argument that, once misuse is made a crime, computer users will pay less attention to their security arrangements.

The House will agree that good security requires constant vigilance and that computer users should be aware that their responsibilities under the Data Protection Act will not be diminished simply because they have legal protection against hacking. I stress to users that I do not see legislation as an alternative to computer security but as a complementary protection.

The response among users has been encouraging and there is clear recognition that legislation does not obviate the need for proper security. It would be wrong to think that all is well and that everyone is acting properly. Not everyone is acting properly. I know that the Government have launched an awareness campaign to do something about that and I look forward to hearing what my hon. Friend the Minister for Industry has to say when he replies to the debate.

The creation of any new offence invites comment on enforcement. My hon. Friend the Member for Hampstead and Highgate (Sir G. Finsberg) has already intervened on that point. This Bill is no exception. I spoke to the police and others, when formulating the provisions on enforcement. I am satisfied that the powers and expertise necessary to enforce the offences are available. I have no doubt that it would be possible to extend the powers currently available to gather and present evidence. I know that the House takes police powers seriously, but we should not change them without a convincing case. I propose no provisions to reform the law on evidence. Under the current law, computer records would, in principle, be admissible. There is no firm evidence that the law is deficient and no consensus about how it should be changed if deficiencies were found. If, following enactment of the Bill, it were thought that the law in respect of evidence needed to be changed, that should be referred back to the Law Commission for further consideration.

The Law Commission recommended against reform of the existing law on evidence and I am prepared to accept its advice. If any hon. Member is still not satisfied on that and if we achieve a Second Reading, we could discuss the matters in depth in Committee. I am not yet convinced that the Bill needs to say anything on evidence. People have expressed anxiety about the Bill because many of the people with the skills to commit the offences are juveniles under the law. I have been asked how my Bill will apply to them. My answer is that it will apply in exactly the same way as the general criminal law. The law lays down rules for the treatment of offenders between the ages of 10 and 20. The law would affect them in the same way, but the manner of trial and the penalties available are different. Nevertheless, I hope that the Bill will be as great a deterrent to them as to everyone else.

The Bill does not aim to cover electronic eavesdropping which is the remote monitoring of electromagnetic emissions from computer equipment. But certain forms of eavesdropping could fall within the meaning of access, as described in clause 18. There is insufficient evidence that eavesdropping is a serious mischief. If I included it in the Bill it would raise wider sensitive issues, outside the scope of the Bill.

Column 1141

Clauses 6 and 7 and 8 to 11 are closely related and cover jurisdiction. Here again, I am indebted to the Law Commission. Its computer misuse report set out the rules that should operate in offences where cross-border activity is a significant feature. Its detailed recommendations are spelt out in "Jurisdiction Over Offences of Fraud and Dishonesty With a Foreign Element"--Law Commission report 180, which was published in April 1989.

Currently the rules provide that United Kingdom courts have jurisdiction only if the offence is regarded as taking place in the United Kingdom. That implies that the last act or event necessary to complete the offence took place here. Those rules are unnecessarily restrictive and are inadequate to deal with computer misuse committed across national boundaries, as happens more and more today. It is intended to make it possible to prosecute for the computer misuse offences if the accused or any affected computer was in the United Kingdom at the relevant time. In doing that, the Bill is trail- blazing. It will be the first piece of legislation to which these new elements on jurisdiction have been added.

I also intend to make parallel changes to the rules on the associated offences of conspiracy, attempt and incitement. I confess that those apparently straightforward provisions appealed to me greatly, so I was staggered when I saw the statutory provisions--the words in the Bill--that are needed to make them work. No doubt hon. Members who turn to the relevant pages in the Bill will be puzzled, too. I am reassured that the complexity of the provisions is necessary to keep the jurisdictional reach within acceptable bounds and to ensure that the provisions will make sense when read with the existing body of law.

The House will know that I am no lawyer, but my advice comes from impeccable sources and I ask the House for its trust on this matter. The detail can be examined in Committee. For the most part this is a Bill which even I can understand on a quick read. The House is indebted to the draftsperson. She has done a remarkable job. Although it is conventional not to mention names, the House should commend her on the way in which the Bill has been drafted. With private Members' legislation it is vital that the drafting is good. Hon. Members will appreciate that the time wasted on redrafting such a Bill can have a serious effect, especially as time is of the essence to get it onto the statute book.

Clause 12 contains "savings" for law enforcement powers under the Police and Criminal Evidence Act 1984, the Finance Acts 1985 and 1988, the Wireless Telegraphy Act 1949 and common law enforcement powers in Scotland. It preserves the authorities' existing powers to access computer records and to enter premises and access computers to obtain data in exercise of their investigatory powers without, committing the offence of unauthorised access which is provided for in clause 1.

Clause 13 provides that proceedings must be brought within six months from the date when the prosecutor decided that a prosecution was justified and not later than three years after the offence was allegedly committed. Clause 14 provides for the courts to convict a person of a clause 1 offence, the basic offence of unauthorised access--the long-stop offence-- even though the court might have acquitted the person of clause 2 or clause 4 offences. Equivalent provisions for Scotland in this respect are set out in clause 15. Clause 16 covers extradition and clause 17

Column 1142

contains certain provisions needed to give proper effect to the Bill in Northern Ireland. Clause 18 covers interpretation. This is a well-thought-out and well-defined Bill. It deals with specific mischiefs that I have no doubt are serious enough to merit the attention of the criminal law. I hope that the debate will dispell any lingering belief that the computer hacker is some sort of Raffles of the microchip, a harmless irritant whose principal damage is to his own telephone bill. It is impossible to draw the line between a mischief-maker and the dangerous nuisance or professional criminal.

It is time for Parliament to say that hacking is always serious, even if the intention is mere mischief. I believe that it is time to give the Bill a Second Reading.

10.11 am

Mr. Norman Hogg (Cumbernauld and Kilsyth) : I find myself in a rather strange position. I used to attend the House every Friday morning when I was the Opposition's deputy Chief Whip. When I was finally paroled from the Whips' Office I said to myself that I would attend the House on every Friday to speak on everything as it offers a wonderful opportunity for hon. Members to do so. The packed Opposition Benches clearly demonstrate that this morning. Everyone will be relieved to learn that I have not spoken every Friday, and that I have reserved myself for this occasion.

I congratulate the hon. Member for Romsey and Waterside (Mr. Colvin). He described himself as being computer illiterate, but he did not come over as such. He made a most competent and authoritative speech which demonstrated that he is thoroughly conversant with every provision of the Bill.

The hon. Gentleman is also to be congratulated on managing to draw a place in the ballot for private Members' Bills. We know that Government Departments are not happy with the private Members' Bill procedure because they always wonder what will happen and Ministers do not know what may be in store for them. On the basis of experience, I believe that such Bills must be short, well focused and clear in their objectives. This Bill fulfils those criteria.

I also congratulate the hon. Gentleman on his broadcast this morning on the "Today" programme on Radio 4. He argued his case concisely against a well- informed and well-organised opposition. That programme has a massive national audience and it was important for the Bill's case to be made on it. The hon. Gentleman succeeded in making that case, and I believe that the Bill will be well received. So often a specific industry or interested parties seek to knock the proposals in a private Members' Bill and to suggest that it does not represent good legislation. They argue that the Government alone should introduce such legislation. The Bill, however, is well drafted--I do not believe that anyone who has read it would disagree-- and I do not expect that it will detain us long in Committee.

Mr. Colvin : Does the hon. Gentleman agree that there are some advantages in this subject being dealt with in a private Member's Bill? We are attempting to maintain the precarious balance between introducing a new criminal law and police powers. If the Government had introduced

Column 1143

such a Bill, it might have been heavier and, therefore, might have provoked a certain amount of opposition. As it is, the Bill has all-party support, which is welcome.

Mr. Hogg : I am aware of that and it is welcome. If its sponsors propose to be members of the Committee, it will be a useful Committee and I am sure that there will be a great deal of interest in it. When the Minister replies, I hope that he will welcome the Bill and that he will say that there is no need for extensive alterations to it. The case for such legislation was first identified in Scotland. It is amazing what comes out of Scotland. I can say with conviction that it is a country where the question of law and the making of law is tackled cautiously. We are properly jealous of what we do with our law. Part of the agreement which led to the Union was that Scottish law would be maintained. I am no lawyer, but the basis of law in Scotland is different from that in England and Wales.

Mr. Colvin : I cannot resist intervening because, as I am three quarters Scottish, I agree entirely with what my hon. Friend has said. It may interest him to know that in a reckless moment I thought of introducing a simple one-clause Bill that would bring all the laws of England and Wales into line with those of Scotland.

Mr. Hogg : The case for the Bill gets stronger and stronger. [Interruption.] The Minister intervenes from a sedentary position and, as a member of the Chairmen's Panel, I must say that that is most improper.

In 1984 the Scottish Law Commission made a report on what changes should be made to the law in this respect. The report was published in 1987, and I am pleased that the hon. Member for Romsey and Waterside saw fit to have regard to the needs of the law in Scotland.

The Bill is wanted by industry, and we have been well briefed by the Confederation of British Industry. I do not always agree with the CBI and I do not know what my hon. Friend the Member for Kirkcaldy (Dr. Moonie) will say, but the briefing paper from the CBI makes it clear that it wants the Bill. I also believe that the computer industry will welcome the Bill because it cannot build into its technology the necessary safeguards to prevent hacking or other offences. At the moment such safeguards are technically impossible and, therefore, the law must fill the gap. That is important. The hon. Gentleman was right when he said that companies throughout the country have branches that are linked by computer. A few years ago the only tool to link them was the telephone, but now computers and information technology provide that communication.

Only a week ago I visited two companies in my constituency, both owned by British Oxygen--Transhield and Storeshield. They control the stock for Marks and Spencer. All Marks and Spencer's goods, as far north as Inverness, as far south as Warrington and west to Belfast in Northern Ireland, come from my constituency where a massive stock is held. Each day, and almost every hour, trucks leave the company for all the Marks and Spencer stores in the huge area of the United Kingdom. The stock control-- filling the trucks and despatching goods--is done by computer.

I do not believe that Marks and Spencer's computers would be broken into or that its competitors would seek to do that--of course not. However, other companies that

Column 1144

control their organisations by computer might be vulnerable to the kind of offence that this measure seeks to regulate. Therefore, the measure is worthwhile.

Miss Emma Nicholson (Torridge and Devon, West) : The hon. Gentleman may already know, or may like to know, that I have just received an answer from Marks and Spencer to a survey that I carried out last year. I have a letter dated 18 January 1990 from Mr. Andrew Steet, the manager for finance and computer auditor, who must be known to the hon. Gentleman. In it, he says that he supports the measure and is happy to be included in any further debates and surveys although, quite properly, as the hon. Gentleman said, Mr. Steet has stated that, to the best of his knowledge, Marks and Spencer has not been affected by computer viruses or hacking. However, the company sees the dangers and warmly commends the measure.

Mr. Hogg : I am grateful to the hon. Lady, whose point serves to underline my own. I did not know that Marks and Spencer had expressed a view about the matter. Clearly what it says underlines the fact that it could face unfair competition due to the use of unlawful means. The Bill will get round that problem.

The hon. Member for Hampstead and Highgate (Sir G. Finsberg) referred to policing. I shall certainly want to know about that in Committee. I thought that the hon. Member for Romsey and Waterside dealt with that, but perhaps we can go into it in greater detail later.

The Bill is a good example of a private Member's Bill and it will reach the statute book, which must please the hon. Member for Romsey and Waterside. We shall have brought the law to a sector where it does not presently exist. It will do a great deal of good, and I am sure that the House will support it.

10.24 am

Mr. William Powell (Corby) : It is always a pleasure to follow the hon. Member for Cumbernauld and Kilsyth (Mr. Hogg) and, on this occasion, reflect on his proud statement about the wonderful things that come out of Scotland. As a Member of Parliament who represents at least as many Scots as most Scottish Members, I heartily concur with his statement that wonderful things and people come out of Scotland, including my hon. Friend the Member for Romsey and Waterside (Mr. Colvin).

I congratulate my hon. Friend on his immense good fortune in securing a leading position in the ballot for private Members' legislation and having the good sense to take up this Bill. It has been made perfectly plain to the House today that this is a necessary measure, and I congratulate my hon. Friend on sponsoring it. I should like to join in the warm tribute that he paid my hon. Friend the Member for Torridge and Devon, West (Miss Nicholson), who has played a most distinguished part in preparing public and parliamentary opinion for the necessary change in the law that we are considering. Without the slightest doubt, without her active and committed sponsorship, those changes could have been delayed for quite a long time, with immense potential damage to the industry and public.

I declare two interests. First, in my misspent youth I was a practising member of the Bar and spent much time dealing with criminal work. The Bill involves the extension of the criminal law into subjects that are imperfectly

Column 1145

covered at present. My interest is indirect because, alas, I no longer practise. However, I hope that at least some of my erstwhile friends will enlarge their knowledge of human behaviour as a result of the Bill.

Secondly, I am vice chairman of the Federation against Software Theft, commonly known as FAST. The House may recall that five years ago I sponsored a change in the copyright law in the Copyright (Computer Software) Amendment Act 1985, which cleared up uncertainties and difficulties for the software industry. Since the passage of that Act, I have remained actively interested in the subject and more recently have been involved in trying to eradicate breaches of the Act and the criminal law by pirates in the software industry. I have a large range of contacts in the industry, and all of them have been immensely impressed not only by the way in which my hon. Friend the Member for Romsey and Waterside has taken up the case, but by the rapid way in which he has mastered what can be a most difficult subject. Through its vocabulary and scientific mechanisms, it is almost designed to deter those of us who had a rather more primitive education than that currently available to our children. I introduce a slightly critical note. I was disappointed, as were so many in the industry, that the Government did not decide to introduce this as a Government Bill. Private Members' legislation has certain advantages, but it has one massive disadvantage : it is the subject of arbitrary processes. It was perfectly plain from the Law Commission and the consultation processes both in Scotland and England that there was a problem that needed to be urgently addressed. My hon. Friend the Member for Torridge and Devon, West addressed the problem when she first brought the subject before the House and has pursued her campaign to change the law in a most determined way. I know that she would have wished to introduce the Bill if she had had the good fortune in the ballot that my hon. Friend the Member for Romsey and Waterside has had. He knows that if I had had the immense good fortune to come top in the ballot I would have sought to introduce the Bill, as would other hon. Friends and even the hon. Member for Cumbernauld and Kilsyth (Mr. Hogg). However, there was always a real chance that the hon. Members who emerged at the top of the ballot might have had other priorities and this measure might have missed the legislative process in this Session and, who knows, in the next Session as well. The best way to deal with openings in the criminal law that emerge as a result of scientific and technological development is for the Government to take the initiative when it becomes plain that that mischief must be quickly eradicated.

Mr. Colvin : My hon. Friend has raised a valid point which I touched on in an earlier intervention. When the Law Commission makes a report it usually attaches to it a draft Bill. In this case the Law Commission report was produced in October and there was no time to attach a draft Bill to it, although to some extent that illustrates the degree of urgency in producing the report. As the House knows, by that time the Government have usually agreed the contents of the Queen's Speech. There is a limit to the amount of legislation which even this Government can force through the House. The extension of the criminal law

Column 1146

requires careful thought. Because it is a private Member's measure, the legislation cannot go too far, and that is always the danger. With respect to my hon. Friend the Member for Torridge and Devon, West (Miss Nicholson), her measure may have gone further than mine, and had she succeeded in getting her earlier measure debated on the Floor of the House it might have been resisted by certain elements within the House. My hon. Friend has raised a valid point, and if the Minister of State catches your eye, Mr. Deputy Speaker, he will probably explain why it was not a Government measure.

Mr. Powell : I am immensely grateful to my hon. Friend for that explanation which may have helped to show people outside why the Government did not include this among the measures outlined in the Queen's Speech as part of their legislative programme for this Session. I propose to leave that point, save to say to my hon. Friend the Minister of State that no one is a more welcome companion than a sinner who has repented. I know that, whatever may be the explanation why it was not in the Government's legislative programme, we can now expect from him the most robust and enthusiastic support for the Bill as it progresses through Parliament.

The main burden of my speech concerns police and enforcement. My hon. Friend the Member for Hampstead and Highgate (Sir G. Finsberg) raised valid points which the hon. Member for Cumbernauld and Kilsyth commented on absolutely correctly. I have some experience in law enforcement in these difficult areas which are rather different from ordinary police activities. Some years ago, when we were dealing with software, it was perfectly obvious that chief constables and members of the police forces regarded it as an unusual area of activity to which they might be reluctant to commit the necessary resources to ensure that those engaging in criminal activities were brought to justice. Then a special unit was established by FAST to collect, collate, analyse and prepare evidence for placing before prosecuting authorities in Britain. That unit, headed by a former chief superintendent in the Metropolitan police, has become the most expert unit not only in Britain but throughout Europe for tracking down computer criminals. That expertise is widely sought within the industry and internationally.

It may be necessary for those people who are affected by computer hacking to group together, just as the software industry did, to ensure that they engage in the collecting, collating and preparing of evidence to place not before the court but before the police and the prosecuting authorities to assist them in carrying out their responsibilities to the public and Parliament. I want to pay tribute to the way in which chief constables, the Crown Prosecution Service, the Director of Public Prosecutions and the Lord Advocate have been extremely helpful in dealing with various software matters which often involve substantial breaches of the criminal law.

By extending the law to cover computer crime the Bill will make the enforcement of a civil law, which is even more important, much easier. There are often hurdles to overcome in the preparation of necessary civil proceedings, but if one can ultimately fall back on the criminal law it is often easier to get the necessary civil admissions to avoid the danger of criminal conviction and so ensure that the civil law works more effectively. That has certainly

Next Section

  Home Page