House of Commons Hansard Debates for 9 Feb 1990

Column 1147

happened in the software industry, and I expect that it will be an inevitable consequence of the Bill. I hope that my hon. Friend the Minister of State will comment on the international dimension. It may not be appropriate to include the international dimension in the Bill, and certainly I have no proposals to make to the Standing Committee in that regard. Of couse, computer crime is often international crime. It is all very well for us to have an effective law in Britain, but we must ensure that similar laws exist in other major countries. The really serious criminal activities are likely to be netted through international co-operation across frontiers rather than by laws which are limited to activities in Britain. Of course the proof of guilt in British courts will be exactly as it always has been, but cross-border co-operation is becoming increasingly important. Yesterday I received a letter from a constituent who is a leading official in one of the world's leading banks. He asked me to support the Bill, and I am happy to assure him that I do so with enthusiasm. I do not suppose that he would have taken the trouble to write to me unless his bank was being troubled by hacking activities. That illustrates the menace that the Bill seeks to address. My hon. Friend the Member for Torridge and Devon, West, in a seminal article in The Times last April, identified some of the specific activities of hackers and the consequences of their hacking in financial and other terms. But specific evidence of individual cases is hard to come by because of quite understandable reticence about commercial activities and confidentiality. When such an important official troubles to write to a Member of Parliament about a specific piece of legislation, knowing the background of his career I have not the slightest doubt that the menace of hacking and its consequences is widespread. Hacking may be innocent fun for some, but it is burglary. Much of the problem of dealing with computer crime stems from the fact that what would otherwise be perceived to be criminal activity, because it involves computers, is often thought of as being entirely innocent and, in some cases, just good clean fun, which is what the first offence that my hon. Friend proposes seeks to address. But there is malice in so much hacking and it is extremely important to punish the malicious.

Mr. Colvin : I am glad that my hon. Friend has touched on that point, because it has also been suggested that the hacker actually provides a service to society, and we should thank him because he is identifying weak links in the network chain and systems which are insecure. He may well be doing that, but if companies really need that service they can authorise the hacker to access and if he has the authority to test the system he is not committing the crime provided for in the Bill.

Mr. Powell : My hon. Friend makes a valid point. I am unable to accept the argument that the house or warehouse burglar performs a public service by breaking into premises and revealing shortcomings in the security system. The hacker who says that he is performing a public service is doing exactly the same as the burglar who advances by way of mitigation the argument that he is performing a public service. In my time I have advanced many interesting arguments to Her Majesty's judges about why clients should receive prison sentences less severe than

Column 1148

those that they were about to receive, but I have never had the cheek and the gall to suggest that such a line of mitigation would be likely to commend itself to judges.

We must think of hacking as a form of burglary. We must stigmatise such criminal activities for what they are. Because computer buffs use a different vocabulary and have a method of thought different from the conventional method that we all use does not alter the fact that the principles of criminal law are just as clearly at stake. We must also bear in mind that, although some criminals will always stick to the traditional areas of robbery and violence, the more sophisticated ones will move into areas where they will hope to get ahead of the law enforcement agencies who will be unable to catch up with their dishonest activities. The Bill will go a long way towards making it perfectly plain to such people that they will engage in such activities at their peril. If their malice and greed are considerable, they will face the same sort of penalties that are imposed on people engaged in more conventional forms of fraud. This is an excellent Bill, and I congratulate my hon. Friend the Member for Romsey and Waterside on his good luck and judgment. I wish the Bill godspeed and I enthusiastically support it.

10.42 am

Miss Emma Nicholson (Torridge and Devon, West) : I am glad to be able to support the Bill and I am grateful to my hon. Friend the Member for Romsey and Waterside (Mr. Colvin) for including me in his list of sponsors. We have a hefty batch of sponsors with a great deal of knowledge, as has been demonstrated by the hon. Members who have spoken.

This is a Bill of great importance, and in years to come society will thank us for it. I see it as the beginning of a package of computer misuse legislation. It builds on the Copyright (Computer Software) Amendment Act 1985. It also builds on the tremendously influential and important Copyright, Designs and Patents Act 1988 which followed it and which modified and built on the original clauses that were in the original Bill.

A private Member's Bill in the context of computer law has thus already proved its worth. The route is excellent and can lead to good legislation. After all, the Copyright, Designs and Patents Act is now the model for the directive from Brussels on copyright for computer software throughout Europe. People in the British computer industry who worked on the Act advised Brussels on how to frame the directive.

As my hon. Friend the Member for Romsey and Waterside said, it is not easy to translate very technical potential crimes into easily understood legislative words and phrases. We are fortunate that the computer industry speaks English. Hon. Members have said that perhaps it is not a form of English that comes easily to the ear. Hon. Members are highly literate and well versed in the English language, and the very brevity and simplicity of computer language may not fall easily on them. Those of us brought up on duodecimal and binary notation believe that the clarity of methemical thought is infinitely superior to the English tongue and, to us, the simplicity of computer language greatly commends itself. The English language now reigns supreme throughout the world and that is

Column 1149

probably due to the computer and aviation industries rather than to the beauties of Shakespeare, the Bible and the Book of Common Prayer.

Dr. Lewis Moonie (Kirkcaldy) : What about Greek and Hebrew?

Miss Nicholson : My copy of the Old Testament in Hebrew is, sadly, not opened very often.

Through the adoption of the English language as the computer tongue, the computer world has spread so widely that it has become international. That has been mentioned. It is so international that the very beginnings of the computer language in French have long since gone into oblivion. When talking to a French computer specialist no one thinks of a computer as a cerveau electronique. The very idea of an electronic brain makes one feel a little uncomfortable, but the word computer is international.

It is international because computer hardware has tumbled in price. Unlike the prices of so many consumer durables, hardware prices have gone down and down and so has the purchase price of computer software. The marvellous breakthrough is that computers have not just become human friendly, but are used everywhere. However, the very cheapness has brought an enormous problem. The simplicity of use and the widespread investment by companies and individuals in computers means that anybody who wants to can have access to a computer. It is also easy for people to have access to other people's computers. The open-systems interconnection was introduced in 1978 when the great mainframe manufacturers agreed to make computer hardware and software interchangeable for practical purposes so that users could have free competition and free choice. People were able to buy one piece of equipment or software from one manufacturer and compatible equipment from another, whereas in the old days compatible equipment was available only by buying from the same manufacturer.

The introduction of open-systems interconnection has meant free access into other people's systems, and that freedom of access has attracted the criminal fraternity. I do not mean a burglar in an old-fashioned eye mask carrying a jemmy and with a sack over his back who, I hope, will end up in striped pyjamas in Dartmoor. I am talking about some very unpleasant people in the international criminal fraternity.

Mr. Colvin : My hon. Friend is canvassing for more constituents, but there is a point that needs to be made. We all welcome the introduction and development of open systems of which the Unix system is one. Without legislation that is agreed internationally, to the effect that unauthorised access is a crime, there is a real danger that owners of computer network systems will be encouraged to erect ring fences of security around their systems. One has in mind university systems that are useful for sharing information and data. Without the law to convict unauthorised users of those systems, there is a danger that the systems will be less open and less available and that society will suffer as a result.

Miss Nicholson : I fully agree with my hon. Friend. The introduction of Janet, the joint academic network, has led to an enormous exchange of intellectual knowledge between universities, but it has also opened up those

Column 1150

universities to unpleasant intruders. Under excellent Government initiatives, universities and research institutes are now undertaking private contracts. I am thinking of the movement towards near-market research which means that many Government-sponsored institutes take on outside contracts. They may undertake contracts that involve commercially sensitive information and which have wider implications. One professor told me how difficult it was for him to leave his computer on- line in the evening, having used it for some important research, knowing that in the morning he would wake up wondering whether someone had used it overnight to rifle a company's files, or even data about his students or his research. Janet and the open network system make it difficult to maintain confidentiality. The Open university has suffered immense harassment and is being compelled to change the way in which it educates its students about computers. That university's telephone bills have risen dramatically and most unfairly because its computers have been used as a launch pad by hackers wishing to enter other computers internationally. If one thinks of it in ordinary terms, the university's telephones have been used to call computers in the United States and elsewhere in the world. Those of us who also receive large phone bills may sometimes wonder if hackers have not used our numbers through which to make their calls, because current technology makes that possible.

Mr. Colvin : If my hon. Friend will allow me to intervene again, and if you will permit me to do so, Mr. Deputy Speaker, it may remove the necessity for me to catch your eye later to wind up the debate. My hon. Friend's point emphasises the importance of proper audits. She may recall that a book entitled "The Cuckoo's Egg" revealed that a deficit of only 75 cents in the accounts of an American university led to a major investigation into computer hacking, which unearthed an international network of intrigue and espionage that was extremely damaging to the western powers.

Miss Nicholson : It is crucial that proper audits are undertaken, and audit partnerships are in the forefront of those supporting the Bill. My hon. Friend referred also to Clifford Stoll. It is unlikely that we shall ever see as a Member of this House someone having his intelligence quotient. He has been attacking the international hacking problem, with the consequence that a case will soon come before the courts in West Germany. However, proper auditing remains crucial.

My hon. Friend the Member for Romsey and Waterside referred to the somewhat unflattering description of myself that he received through a network. I am pleased that those responsible recognise that the dominant industry in my constituency is not computer hacking but the production of milk. I may tell the House that one farmer in my constituency was overheard remarking to another, "I cannot understand why she is worried about commuter hacking. We don't go to London to work."

My hon. Friend made the point that the Bill will offer protection to bulletin board users. None of us wants to interrupt the free flow of information between bulletin board users, most of whom are private individuals who enjoy using their personal computers for exchanging information and knowledge in a way that has not been possible before. I can cite a particular example illustrating how important it is to encourage and not restrain bulletin

Column 1151

boards. The members of one international club of disabled children use that facility to communicate with each other, gain knowledge and experience, and to make new friends in a way which would otherwise be a physical impossibility for them.

The Bill will protect such users in two ways. First, it will safeguard databases. Hackers are now playing nasty games with bulletin board users, by entering their systems and wiping out databases for no particular reason, but just to be nasty. If one has built up a database in one's spare time in the evening, for example, finding that it has been completely wiped out is a particularly miserable experience. That happened to one club in this country with 20,000 members.

Hackers are also breaking into bulletin board networks with pornography. I was foolish enough--but I have been told that--to ask someone to send me an example. All I can say is that I am very glad that I could not see it moving. It was repugnant. That is a particularly beastly thing to do to private bulletin board users, whose fun and interest is being wrecked by their screens being flooded with unspeakable pornography. Any right hon. or hon. Members or members of the public encountering such pornography should report it to the police.

Mr. Arbuthnot : Does my hon. Friend agree that bulletin boards, like telephone chat lines, are potentially beneficial and useful adjuncts to communication but have the potential for being misused? It is not that misuse that should be controlled, rather than the chat lines themselves?

Miss Nicholson : Of course. At one time, computers were used by only a few professors and very disciplined professionals, to communicate with one another, but the tremendous growth in microcomputing has meant the entry into the arena of the unspeakable. I am confident that the parliamentary draftsman has the fine tuning right, so that bulletin board users will be protected and not squashed out of existence.

There are even nastier implications and even more unpleasant people involved--if there can be people even more unpleasant than those who peddle pornography or force it upon others. The "Electronics and Computing for Peace Newsletter" published last summer shows a bomber and a hand emerging from a computer terminal. It also organised a bulletin board debate on my earlier Bill, even though it had already been withdrawn ; that simple fact did not seem to have got through to those responsible. That newsletter commented that my earlier Bill "would have serious consequences for investigative journalists and campaigning organisations who have to gain information in order to maintain democracy. How is it possible to campaign for decent social justice if you do not know what the Government is doing?" That was matched by a letter that I received from a Green supporter who is fighting the Bill, who said that for their purposes Green supporters had to penetrate the secret files of companies and Government and that stepping outside the law for that purpose was crucial. That gives some insight into the minds of people who believe that they have a right of access to all knowledge and that everything should be out in the open--and should specifically be open to them.

Mr. Ian Bruce (Dorset, South) : Have those who have contacted my hon. Friend and told her that they need

Column 1152

access to electronic data also said that they should be able to commit burglary and other such crimes to gain access to information?

Miss Nicholson : There were comments on burglary in that same "Electronics and Computing for Peace" newsletter and they bear out what my hon. Friend said.

What is happening internationally? Towards the end of last year the Paris publication, L'Express identified much the same sort of movement and referred to the hackers of Hamburg. According to L'Express, in a few months the hackers of Hamburg were in touch with the Red Army through a contact derived from Amsterdam--it is a very international affair. In under a year the group had accessed and gone through a number of highly protected and important networks, including those at NASA and at CERN, the nuclear research institute near Geneva on the borders of France and Switzerland. They had been through Philips of France, and, through INTERNET, they had gained access to 20,000 American and European naval and military computers. In the same period, an active sympathiser of the Red Army had gone into the electronic mail boxes of the German post, which contained sensitive information emanating from officials and Government bodies. The problem has been identified not only in L'Express but in a mass of other publications ; it is no idle worry.

An anarchist magazine called Insurrection --a British publication--gives us the key to the matter :

"Information systems and the data they contain have become the backbone of capital and of the State. They could be compared to the blood circulation. What is certain is that the present economic, political and social information can no longer function without this network which is taking on greater and greater proportions." Pages of fine detail follow, telling supporters how to access Government, military and private computer systems. The understanding implicit in that article matches and surpasses the Law Commission's understanding of viruses and networks, and certainly surpasses all our knowledge, in telling us the physical details on how to break into computer systems. The article concludes :

"Without doubt any revolutionary prospect today also bases inself on the need to destroy the apparatus of dominion through the deepening of a knowledge of the arms which the class enemy has at its disposal."

That may be rather poor English, but the message is clear. The Bill is also important on the domestic scene. Increasingly, the Government have sought to maximise our resources and minimise our expenditure by computerisation. That is especially true in the National Health Service. My hon. Friend the Member for Romsey and Waterside, briefly mentioned medical records. It is crucial that we should consider that question because we have computerised hospital and GP databases and the smart card or care card, a concept launched in Exmouth, whereby a small credit card-type card carries a microchip which can link in to a mainframe containing even more medical information. Computerised medical records bring maximum danger for the security and privacy of the individual.

My hon. Friend the Member for Romsey and Waterside has already said that there is no privacy in the United Kingdom and that no value is placed on information. We are unique among western nations in that respect. Nearly every other country has some sort of protection of the citizen's privacy and of information that is kept about him. I believe strongly that we need to

Column 1153

address that concept before too long. It would be wrong, foolish and shortsighted to try to address it in the Bill, which is not about information but about computer systems security. They are two different concepts, and we should remember that a computer can store worthless or invaluable information.

Following the Law Commission's document No. 110 on information, which was published in 1983, I believe that we should most seriously reconsider the question. In the wake of the Bill--once it has reached the statute book--we must look into the problem of information. I know of cancer victims whose medical records have been accessed. Such patients may not have told their husbands, fathers or employers how bad their cancer is or what their likely expectation of life is and they certainly do not want the information to be given to others without their agreement. They may not--dare I say it--even know themselves ; the doctor may have deemed it better to keep the knowledge from the patient, in which case the decision was probably wrong, although that is another matter. In France there are well-documented cases of the most easily visible problem. AIDS victims can be discovered through their blood details and then they can be blackmailed. That is an extreme example but one can imagine other uncomfortable circumstances in which people's medical records are known by others who do not have their best interests at heart. Extremely unpleasant things have happened in the United States, where people have tried to kill patients in hospital by accessing their drug records and altering their prescriptions on computer. It is important to consider the implications as we rapidly computerise medical records in the United Kingdom. I know that we shall have to look into the matter.

The problem also applies to social security records. We have 22 million records on line--that is the number of social security claimants. Not only are those records on line ; they are local, and it will therefore be difficult to protect them. With the introduction of the community charge, too, much information about individuals will be collected by local treasurers for the first time and held on computer. The only way in which to manage the community charge economically is to place the information on computer. I have heard of cases in Lothian and in other parts of Scotland where it is said that hackers have accessed district treasurers' computers and wiped out records of people over 18 and alive who are eligible to pay the community charge and substituted dead people's details. In my area, a gentleman who now resides in a grave received a demand for the community charge. The vicar who received the form on his behalf filled in the box in which one is asked to identify the head of household with "God".

I use those examples to point out the increasingly important part that computers play in the administration of Government services locally and nationally. The large computerisation programme being undertaken by the Inland Revenue is also crucial. It is most important that the extensive new computer systems are kept properly secure. The Inland Revenue has properly invested in the best possible security systems in terms of both hardware and software, but even so, that does not allow for the fact that, under current legislation, breaking in--I use that term, although we are not talking about physical break-ins--to a computer system, looking at people's records and corrupting those records is a wholly legal activity.

Column 1154

It is no good saying that people must increase their protection, because hackers are very clever. They will find a way round every form of protection that one buys or creates. That is what they are there for. They make a great deal of money out of it and the German hackers, at any rate, support a drug-based lifestyle on their activities. I was about to say, "enjoy", but I should certainly not enjoy a lifestyle based on drugs. Because drugs are expensive, hackers need to make a great deal of money to support their lifestyle.

Government computerisation has made us all a great deal more vulnerable, as has company computerisation. The City of London money markets, Lloyd's and all sorts of financial organisations that have made Britain financially great and far advanced depend upon computers.

I am proud to say that all the main clearing banks support the initiative to outlaw hacking. I have letters from them all--and from the Bank of England and the great financial institutions of the City of London. The banks have been most public spirited. I do not hesitate to name Barclay's bank. Sir John Quinton was the first to say that Barclays had a problem. He was public spirited enough to stand up and be counted. When I carried out my research 18 months ago, everybody was willing to admit privately that there were problems, but nobody was willing to admit that publicly. Other great supporters of the initiative are the mainframe manufacturers, in particular IBM and DEC. Their chief executives have provided great help. A number of membership organisations have come forward, such as the British Computer Society, where John Brookes and his colleagues have been working so hard, and the CBI where John Banham and Judith Vinson have worked tirelessly on the problem and have been incredibly helpful to all of us.

At this point I ought to refer to the amendments that I intend to table in Committee. If the Committee turns them down, that will just be hard luck on me, but at least they will have been given an airing. They will at some point have to be incorporated in legislation. This may not be the right Bill in which to incorporate them. I shall propose that electronic eavesdropping should be outlawed and that computer evidence be receivable in court. I cannot believe that Judge Pickles will be able to understand how a computer crime may have been committed if he does not have in front of him a couple of print outs. I do not know whether he will ask the sort of questions that his colleague asked about Miss Bordes. I despair of our judges. I should prefer some of my colleagues who are computer literate to be the judges in such cases. They are wasting their talents. They ought to be where they would count.

Mr. Colvin : My hon. Friend gave the impression that under section 69 of the Police and Criminal Evidence Act 1984 computer evidence is not admissible in court. It is, in fact, admissible in court. Will she clarify that point?

Miss. Nicholson : I should prefer to clarify it in Committee or I shall have to deal in detail with my amendments. I know that my hon. Friend does not want me to do that today. There is a time and a place for that.

There are ways in which computer evidence receivable in court can properly be strengthened. The Law Commission thought that the ways in which computer evidence could be receivable in court had not been properly explored. I, and others, believe that it would be

Column 1155

sensible to address the problem now and to incorporate a provision covering that aspect in the Bill. That is why it took the form of a clause in the Bill that I introduced.

Apart from the police needing more resources to track down criminals, we shall also have to consider how the police go about that task. When the police investigate, say, a burglary they have to obtain a magistrate's warrant. That is the way in which the police ought to pursue these almost invisible criminals. I shall also table an amendment on electronic picketing.

As this is an international problem, we must fall into line with our international partners. However much we may wish to retain our sovereignty within the European Community, the fact is that there is no electronic sovereignty. Whether we like it or not, this is one world and we are late in introducing legislation to combat computer misuse.

The Netherlands, the Federal Republic of Germany, Iceland, Canada, the United States and France have already introduced legislation. France introduced a law in 1985. It is a very complicated law because the French language is so refined, with the result that they have gone so far with definitions that they have never been tested. Our law, drafted in English by our parliamentary draftsmen will be capable of being used.

The United States legislated in 1984 against hacking. They are now legislating against viruses. Switzerland's constitution contains a clause that relates to the protection of a citizen's reputation. They have used that clause against computer hackers. Switzerland now believes that comprehensive legislation is required.

Britain is a Johnny-come-lately. I do not accept that the Secretary of State could not have included a Bill covering computer misuse in the Queen's Speech. He has seen the light too late. If a Bill can be introduced now, it should have been possible to prepare one in time for Government legislation. That is where it rightly belongs. I give all credit to my hon. Friend the Member for Romsey and Waterside for having recognised the importance of introducing a Bill on computer misuse and for having taken up the matter with great energy and vigour. I am positive that he will ensure that it reaches the statute book. I most warmly congratulate him on introducing the Bill. Legislation that may follow may point in two different directions. We shall have to address the problem of access to information. The second problem relates to the use of computers. This Bill is concerned with computer misuse. Standards vary greatly. The amount of information held on computers affects all our lives. It matters, therefore, that high standards, especially in the public sector, should be maintained. The United States has introduced much legislation to cover that aspect. I hope to introduce similar legislation after the Bill reaches the statute book.

I thank you, Mr. Deputy Speaker, for calling me to speak in the debate. I thank in particular lawyers such as Stephen Saxby, the chairman of the faculty of law at Southampton university, the British and Irish legal education and technological associations and other lawyers who have worked so hard to ensure the introduction of this Bill. I commend it to the House. I shall assist in what I hope will be its speedy passage on to the statute book.

Column 1156

11.17 am

Dr. Lewis Moonie (Kirkcaldy) : I preface my remarks with an apology to hon. Members for the fact that I shall be unable to stay until the end of the debate. I have a pressing family commitment early this afternoon. I apologise to the hon. Member for Romsey and Waterside (Mr. Colvin) and to his hon. Friends and mine for that discourtesy. I have many years of experience of working with computers. In the computer sense, I remain semi- literate. I know a great deal about what they ought to be able to do and what they can do, but I know very little about their methods of operation. I have used them in industry, in a personal capacity, in my work in the National Health Service and in local government. I can testify to the damage, so eloquently described by the hon. Member for Torridge and Devon, West (Miss Nicholson), which can be done to crucial health care systems. The unauthorised tampering with files relating to diabetes cases has had a serious effect on the management of a group of seriously ill patients. I hope that the hon. Member for Romsey and Waterside will forgive me if I direct mild criticism not at him but at his colleagues on the Front Bench.

The Bill is both important and necessary. It is a belated recognition of the growing and serious problem of unauthorised breaches of, and access to, computer files. The problem is compounded in many cases by interference with or destruction of the material in those files. The motive for many of those acts is simple to understand--human greed. We are all familiar with greed--not with personal greed, but as a general principle.

Although we do not condone theft, we can possibly understand the need or personal circumstances which may drive someone to commit that act. That is not the case with the kind of computer misuse that we are discussing. Very often the people involved are educated professional people and they have the wherewithal to afford to carry out such behaviour.

Mr. William Powell : I hope that the hon. Gentleman will not overlook the fact that, while greed is obviously important, so is malice.

Dr. Moonie : I was coming to that. Although we may not accept greed, we can understand it. The motive for malice is more difficult to comprehend. I can understand it thanks to my background in psychiatry. I have seen more examples of the human reasoning behind such apparently senseless and vicious acts which can result in wanton damage to someone's well-being or property.

The motives for malice are very complex. I believe that they are related to the kind of person who promotes pornography through bulletin boards and who then has a secret and nasty chuckle to himself in the security of his own room. They are similar to people who make obscene telephone calls or misuse short-wave radio. There are many kinds of people involved and most, although not exclusively all, are men. Although I have never professed to have espoused the cause of Freud in my psychiatric work, I believe that a profound sexual inadequacy is often related to such behaviour.

Miss Emma Nicholson : Does the hon. Gentleman agree that it is extremely unfair that amateur radio enthusiasts are strictly controlled by law, while amateur computer enthusiasts or professionals are not?

Column 1157

Dr. Moonie : I agree wholeheartedly. The hon. Lady has said that she will introduce amendments in Committee, and the Opposition will look at them with great sympathy and interest to see whether we can support them.

As has already been said, the consequences of computer hacking can be very serious. Information technology, including the storage of data in computer files--which is what we are particularly concerned with today--and the ability to transfer it instantaneously anywhere in the world, plays a crucial role in modern society. Without it, many things that we take for granted would be either inconceivable or, at the least, extremely difficult and time-consuming to perform. I have had wide experience of computer systems, but I have yet to see one that saves money for the organisation that employs it. The system may allow the organisation to do much more with its information, but sadly it will not save it money. Saving money was always the motive that we advanced in local government when requesting greater and better computer systems to operate our financial management and housing. I have yet to see a system which saves money, but they have become indispensable.

In many cases details of records and transactions are held only in electronic form--certainly only in the immediately retrievable sense. As a consequence, there are vast savings in storage space as the former manual records would have taken up a great deal of room. The electronic systems are therefore particularly valuable for small organisations for which space is often at a premium.

The loss of data in electronic form would be a crippling blow for many social and commercial organisations. One of the nastiest cases involving such loss of data occurred last year when a very worthy charitable organisation had its files interfered with by a so-called computer virus and suffered catastrophic loss of data as a result. Every authority recognises that interference with electronically held data is growing. However, the true extent of the problem is still, sadly, difficult to estimate. After all, only the most florid examples hit the headlines--for example, major frauds and the so-called AIDS diskette to which the hon. Member for Romsey and Waterside referred. Those obvious examples hit the headlines while others do not. The evidence suggests that very few of the detectable offences lead to successful prosecutions for fraud.

To summarise the present position, I can possibly do no better than to quote the CBI briefing, possibly a rare occurrence for an Opposition Member. The briefing refers to three principles. It states :

"There is a need for the law to keep pace with changes in modern information and control technology and its uses.

The risks that accompany many forms of computer misuse are considerable.

There is substantial evidence of the damage and losses that computer misuse can cause."

The case for legislation is overwhelming. As the hon. Member for Corby (Mr. Powell) asked, why must we have a private Member's Bill to introduce this worthwhile legislation rather than the Government introducing their own primary legislation? Most hon. Members agree that action is urgent and necessary. I do not accept the defence that there was not enough time to introduce a Bill because of the timing of the Law Commission report. There may not have been time to mention a Bill in the Queen's Speech, but that did not prevent the introduction last year of a Firearms (Amendment) Bill when it proved necessary. Nor did it stop the Government introducing the Football

Column 1158

Spectators Bill, which was not included in the previous year's Queen's Speech. There are ample precedents for the Government to introduce legislation when there is a pressing need for it. I am a representative of the Opposition Trade and Industry team, and I find it bewildering to understand why the legislation is being introduced through the Department of Trade and Industry and not through the Home Office. The Minister for Industry may have had his arm twisted to deal with the Bill, but he is well versed in the operations of the Home Office and perhaps he can bring that slant to our proceedings.

I am concerned that important and necessary legislation should be subjected to the vagaries of the private Member's Bill procedure. Often over the past few years worthwhile measures have bitten the dust because they ran out of time or because someone was not too keen on the following private Member's Bill and decided to use the present Bill as a means of thwarting someone else.

Mr. Ian Bruce : Is not one of the advantages of the private Member's Bill procedure that we hear excellent speeches from Opposition Members? They look at the measure on its merits instead of deciding how to oppose it?

Dr. Moonie : I can assure the hon. Gentleman that the Labour party always considers measures on their merits. The fact that we find very little merit in most of what the Government do, does not preclude us on occasions accepting and even supporting measures. However, I accept that the Bill might have been framed more widely by the Government and we might have found more in it on which to take issue.

Mr. Colvin : Further to the point raised by my hon. Friend the Member for Dorset, South (Mr. Bruce), supporters of a private Member's Bill are encouraged to make useful and constructive interventions in Committee. However, with Government legislation, they often sit in Committee like a lot of tailors' dummies.

Dr. Moonie : That is one way of describing them. That is perhaps an argument for timetabling all Bills and, frankly, that is a measure which I for one would wholeheartedly support in the interests of adequate debate. However, I recognise that there might then be an overwhelming number of very long and boring inconsequential speeches from the Government Benches rather than from the Opposition Benches, as some would say happens at the moment.

Mr. William Powell : Are we to detect a change in Labour party policy? When the matter was discussed and voted on previously, Opposition Front-Bench Members rejected it.

Dr. Moonie : It is an accepted convention that, on Friday mornings when a private Member's Bill is being debated, Front-Bench Members often speak in a personal capacity. I assure the hon. Member for Corby that that is what I am doing. [Interruption.] That was another sedentary intervention by the Minister. I am certain that he will defend his case with his customary vigour. When he defends the Government for allowing the private Member's Bill procedure to be used for this measure, it will be interesting to note by how many decibels his voice rises. I have served on many Committees with the Minister and

Column 1159

I have noted an almost 100 per cent. correlation--the louder the Minister's voice, the more inadequate his case. Opposition Members will listen with great interest.

On initial reading, the Bill is well drafted, and I compliment those who are responsible for it. The notes are excellent and comprehensive. However, the Bill should cover various degrees of offence. I shall not refer to all the clauses in detail, but I disagree with the suggestion that the Bill should not attempt to define a computer. We need to apply more thought to whether a computer can be defined in terms that are broad enough to act as a catch-all for future development.

Mr. Colvin : I thought long and hard about definitions. The problem is that it was six weeks ago when I first defined the word "computer" to my satisfaction. That definition is already out of date. The passage of time and the pace of development within the computer industry mean that any definition of a computer or a computer system would soon be out of date. We would have to write in provisions for secondary legislation so that, every year, a Standing Committee could consider the matter and Ministers could redefine what they meant by a computer system. On balance, the matter is far better left to the courts to decide.

Dr. Moonie : Perhaps that is an over-mechanistic definition of "computer". Computers could adequately be defined by function.

Miss Emma Nicholson : I recommend that the hon. Gentleman, whose acuity I cherish, looks at the French law. It was difficult for the Library to find the French law, but the staff kindly sent for it from France. I was interested to see the definition in French, largely because, when hon. Members were working on the Copyright, Designs and Patents Bill in Committee and I tabled new clause 13 which outlawed hacking for copyright purposes, the French copyright Act was much in my thoughts and reading. The French law against hacking, which was introduced in 1985 and has not yet been tested, amounts to many pages. The French brain, with all its brilliance, loves to define and redefine. The French have ended up with a mammoth Bill that is full of technical definitions which, as far as I can gather, have not been used.

Dr. Moonie : Of course, there are also the inadequacies of the French language to contend with. We cannot really expect the French language to legislate in English.

Mr. Harry Cohen (Leyton) : I was interested to hear the hon. Member for Romsey and Waterside (Mr. Colvin) say that he did not include a definition of a computer because it was difficult to do so. Does my hon. Friend agree that that is a rather poor excuse? Does not the lack of a definition create a great catch-all? The law could be brought into disrepute if people are charged with something that the House presumably does not presently envisage will be a crime but which will become a crime because there is no definition.

Dr. Moonie : My hon. Friend makes a good point. Hon. Members will be interested to hear what he says on the subject. Perhaps we can return to it in Committee.

I am grateful that Scottish circumstances have been properly covered. That is consequent on the Scottish Law

Column 1160

Commission's report. I assume that the relevant clause has been drafted exactly as it proposed it and that, therefore, there will no difficulty with Scots Law.

I may have some difficulty with two clauses. For example, I should like an explanation of why clause 11 does not extend to Scotland. As a layman, I assume that it is because of some difference between the laws of the two countries. I may also have some difficulty with clause 12. I shall need an assurance that full and proper control will be exercised over access to computer files by the police or any other authority. I am not certain whether anomalies will be created by clause 12. Sadly, it is not inconceivable that a police officer will commit an offence under the Bill, and I should not like him to be protected by the wording of the clause. However, I accept that full discussion can take place in Committee. I have no comments to make about the remaining clauses.

The Bill is generally accepted as being worthwhile and necessary, and it will receive substantial support from both sides of the House. Of course, that does not mean that Opposition Members are entirely happy with it or that we shall not seek to amend it in Committee. I am quite certain that the hon. Member for Romsey and Waterside and some of his hon. Friends will attempt to do so.

There remain several fundamental questions that are probably common to criminal legislation. First, will the Bill provide adequate deterrence? It may deter the occasional recreational hacker, but the seriously disturbed person who perpetrates serious offences may not be adequately deterred by it. People will not be deterred if there seems to be little chance of being caught. Will the Bill be practicable and will the police be able to enforce it? The hon. Member for Hampstead and Highgate (Sir G. Finsberg) asked whether adequate training would be available for police officers to carry out proper investigations. It is easy to assume that the passage of a law makes it possible to convict people under it, but we must catch them first. It is not easy to locate someone who is committing a computer offence. With the development of electronic tracing, whereby a number is accessed--most computers are accessed through a modem--the source of the call can be immediately traced. That matter should be looked at carefully. We may need to make provision for it in the Bill in case there are difficulties. Will inventive minds find some way of circumventing the Bill? I hope that its drafting is secure enough to prevent that.

I support the Bill in principle. Its internal structure is sound, but it is a matter of conjecture whether it will do what it is purported to do.

11.38 am

Mr. Gary Waller (Keighley) : I congratulate my hon. Friend the Member for Romsey and Waterside (Mr. Colvin) on bringing forward one of the most important private Member's Bills in recent years and on his extremely comprehensive presentation. My hon. Friend the Member for Torridge and Devon, West (Miss Nicholson) must also be considered to be one of the true begetters of this important legislation. Nobody really knows how widespread computer-linked crime is, both internationally and in this country. I use the phrase

"computer-linked crime" because much of the wrongful activity that one associates with computers is already criminal. A great deal of what one might call "insider abuse" by people who work for a company or who

Column 1161

have been dismissed by that company falls in that category, especially when they damage the company's programs or software. One difficulty is that while we are aware of the tip of the iceberg, we do not know how much lies below the surface. With most crime, people realise that they have had a crime committed against them and it is a matter of detecting who has committed it. However, with a great deal of computer-linked crime, if one is aware that a crime has been committed, it is sometimes possible easily to identify the perpetrator.

There are signs that the activities that have been discussed this morning and other similar activities linked with computers exist on a vast scale. It is interesting to consider the position in Hong Kong because, remarkably, it has been estimated that at least 80 per cent. of the computers in Hong Kong are or have been infected with at least one kind of virus. Indeed, about eight different viruses are doing the rounds. Perhaps one reason for that is that even quite large companies in Hong Kong tend to use pirated software. That is another problem to which the House has devoted its attention and to which we shall doubtless return. That problem is compounded in Hong Kong because the security procedures there are often disregarded. A computer consultant with Price Waterhouse, Mr. Jimmy Mah, has said : "It's quite simple. If I wanted my competitor to go bankrupt I would just anonymously send someone in that company an infected games disk."

That happens on a large scale in Hong Kong. I endorse everything that has been said about the Bill not being a substitute for security, but unless there is reasonable security, backed up by legislative provisions, we could face in Britain the dangers that have been well demonstrated in Hong Kong.

Some would say that the existing provisions in the law are adequate. However, they have been tested only once or twice. Reference might be made to the famous instance in 1987 when the Duke of Edinburgh's Prestel mail box was penetrated. In what has come to be known as the "Gold and Shifreen" case, the House of Lords ruled that falsely persuading a computer that certain information had originated from a specific individual did not amount in law to forgery.

The applicability to computers of other offences such as false pretences and misrepresentation has yet to be tested by the courts. However, the whole area is shrouded in great doubt. It is right that the House should be sufficiently up to date to take account of the changes in technology that necessitate a modification of our existing law.

As has already been said, some people have suggested that some of the low- level activities that are dealt with in clause 1 do not do a great deal of harm. However, that is doubtful. It is worth considering the valuable work that has been carried out by Mr. Tim Hackworth of the British Computer Society, which has drawn attention to the serious harm that may sometimes have been caused unintentionally. Two French hackers, for example, broke into a life-support system in a hospital's intensive care unit and, perhaps unwittingly, turned it off. There are several known instances of people breaking into air traffic control systems. One trembles to think of the dangers of that. I shall refer later to actions that are being taken in respect of such critical systems. In another instance, somebody who was HIV -positive had his medical records penetrated and was subjected to blackmail. In another instance, an

Next Section

Home Page