The Minister of State, Department of Health (Jane Kennedy): This is a bit of a low blow. It is only because I have a high regard for the hon. Gentleman that I do not simply refer him to the answer I gave my hon. Friend the Member for Stafford (Mr. Kidney) last month.
Sir Nicholas Winterton: What a lovely answer from a most charming Minister. May I ask her, however, why the draft guidance from the National Institute for Clinical Excellence states that those four valuable drugs, which could bring great benefit to those suffering from Alzheimer's disease, should not be prescribed on the national health service?
Two meetings were held here last week, in which the Alzheimer's Society was involved. At both, horror and condemnation of the guidance were expressed. Given that professional psychiatrists were not allowed to sit on the appraisal panel and that the advice of those who sent the panel evidence has been ignored, will the Government intervene immediately and insist that the drugs be prescribed to these vulnerable people on the NHS without delay?
Jane Kennedy: The original assessment of the drugs, issued in 2001, still applies, and patients already receiving them will continue to do so. NICE employs a very transparent process for the appraisal of drugs. It gives stakeholders, including patients' groups such as those that the hon. Gentleman mentioned, an opportunity to make representations on the economic model as well as commenting on the proposals themselves. I would expect NICE to take careful account of all such comments before making its final appraisal.
Mr. Eric Illsley (Barnsley, Central) (Lab): I am grateful to the Minister for that information, but I remind her that last week was Alzheimer's awareness week. Many Members will have visited local Alzheimer's societies, as I did. There is considerable apprehension as they await NICE's decision, which I understand is imminent. May I ask the Minister again to use whatever influence she has to try to ensure that those drugs remain available to Alzheimer's sufferers on the NHS?
Jane Kennedy: As I said last time the subject was raised, NICE has an international reputation. It will decide on the form of its final guidance taking account of all views expressed to it as part of the consultation, and we trust it to make informed, fully considered recommendations on the drugs. I know that there will be intense interest in the matter, and I am sure that we shall return to it in the future.
Sandra Gidley (Romsey)
(LD): When taking into account the health professionals who use these drugs, will the Minister acknowledge that little research that is applicable to daily use has been undertaken since the original guidance was issued, and that it was a complete surprise when a different decision was taken? If, as is
12 Jul 2005 : Column 698
widely expected, the NICE decision is negative, will she allow the drug to be available for an ongoing period, in order to enable an in-depth study that will prove once and for all whether these drugs are effective? Such a study has not yet been undertaken.
Jane Kennedy: I do not accept the premise on which the hon. Lady's question is based. I repeat that the existing guidance, produced in 2001, remains in place until the final guidance has been issued. She should not jump to conclusions about what that final guidance should be. We should wait and allow NICE to take its time, and to reach a decision on the proper advice and guidance that it will issue in due course.
12. Simon Hughes (North Southwark and Bermondsey) (LD): What the difference is between average waiting times of those referred for treatment (a) by their local general practitioner and (b) elsewhere within an NHS trust in (i) London and (ii) England; and if she will make a statement. 
The Parliamentary Under-Secretary of State for Health (Caroline Flint): Waiting times for referrals other than those made by a general practitioner are not collected centrally. Average waiting times for patients waiting for their first out-patient appointment following GP referral have fallen to seven weeks, from 7.7 weeks, in March 2000 nationally, and to 7.5 weeks, from 7.9 weeks, in London. By 2008, no patient will have to wait more than 18 weeks for hospital treatment, starting from referral to point of treatment.
Simon Hughes: Will the Minister consider that those in Southwark who are referred by their GP to the orthopaedic department at Guy's and St. Thomas' have to be treated within 13 weeks, but that there is no time limit for those who are referred from elsewhere in the hospital? In the words of the chief executive, that does not
Caroline Flint: I am pleased to sayperhaps the hon. Gentleman did not listen to my earlier replythat we are doing something about it. We are able to introduce for patients a wait of no longer than 18 weeks from first referral to treatment, which means that we can cut out the hidden waiting lists that often emerge within our health system. Because we have not only reformed the health service but resourced it, we are confident that we can achieve that.
In moving this motion, may I first of all pay tribute to the work undertaken by the all-party group on the internet, which carried out a thorough review of the Computer Misuse Act 1990, and whose recommendations form the basis of the Bill that I present today? I want particularly to thank my hon. Friend the Member for Sittingbourne and Sheppey (Derek Wyatt). He presented a similar Bill to the House in March of this year, but in the end it was defeated by the timetable for the general election.
My Bill will revise the 1990 Act to take account of commitments made in European instruments in respect of combating and effectively punishing attacks against computers, and it will update the Act in other areas. It will amend section 1(3) to increase the term of imprisonment for a related offence from six months to two years. It will amend section 3(7) to increase the term of imprisonment for a further related offence from five years to 10 years. It will amend section 3 in order to clarify that all means of interference with a computer system are criminalised. In particular it will ensure that adequate provision is made to criminalise all forms of denial-of-service attacks. It will also give effect to article 6(l)(a)(i) of the convention on cybercrime, which requires criminalisation of the distribution of, or making available of, a computer password through which a computer system is capable of being accessed, with intent to commit an offence.
This Bill will, I hope, meet with the House's approval. It contains only six clauses, has no financial implications, implements measures that have been approved by Ministers and Parliament and is, I hope, relatively simple. As last year's report by the all-party group on the internet demonstrates, these measures already have cross-party support. I trust this will remain the case after I finish my speech. As the report pointed out and as every Member of this House will doubtless accept, the worldwide web has changed out of all recognition in the past 15 years, as has the nature of cybercrime. The media like to imagine that hacking, virus proliferation and denial-of-service attacks using e-mail are the product of bright but lonely and socially challenged teenagers sitting in their bedrooms. That is an outdated, inaccurate and, I think, dangerous notion. Those who regularly and increasingly hold website operators to ransom are more likely to be members of an organised crime syndicate than the school computer club. It is time that cyber crime was recognised for the serious crime that it is.
Following the recent sentencing of teenager Joseph James McElroy to 200 hours of community service for breaking into a US Government laboratory system, detective chief superintendent Len Hynds, the former head of the national hi-tech crime unit, called on the Government and the courts to reform sentencing policy
12 Jul 2005 : Column 700
to reflect the damage caused by hackers breaking into government and private sector computer systems. He said:
My Bill seeks to specify a new offence of denial of service. A denial-of-service attack occurs when a deliberate attempt is made to stop a computer performing. Examples include attempts to flood a network, thereby preventing legitimate network traffic; attempts to disrupt the connections between two machines, thereby preventing access to a service; attempts to prevent a particular individual from accessing a service; and attempts to disrupt services to a specific system or person.
Denial-of-service attacks can essentially disable one's computer or one's network. Some denial-of-service attacks can be executed with limited resources against a large, sophisticated site. For example, an attacker with an old PC and a slow modem may yet be able to disable much faster and more sophisticated machines or networks. One form of such attack could mean a large number of remote computers being orchestrated to attack a target at the same time. In some cases, the attacks overwhelm the connecting links to a machine rather than the machine itself. That can result in significant collateral damage that extends beyond the machine being attacked. Denial-of-service attacks are extremely common on today's internet. At the lower end of effectiveness, the blips in traffic are hardly noticeable, but we are told of cases at the other end in which large university networks have been made unusable for hours at a time.
The chief constable of Greater Manchester, Michael Todd, was bombarded with thousands of threatening e-mails in a denial-of-service attack shortly before the May Day bank holiday this year. At one point, 2000 e-mails were being sent every hour. The purpose of the attack was to crash the force's computer systems through the volume of e-mails being sent. Cambridgeshire police were subject to a similar denial-of-service attack almost two years ago, when thousands of spam e-mails told recipients that their credit cards were about to be charged for an iPod that they had purchased unless they phoned a customer service number. The customer service number turned out to be the switchboard at Cambridgeshire police, which was deluged by thousands of people who had received the hoax e-mail. Closer to home, a gun control website contacted me two years ago to complain that one of my constituents, a gun enthusiast, had bombarded the site with so many e-mails over a short period of time that their server had crashed.
The Computer Misuse Act 1990 came into force on 29 August 1990 and specifies offences for attacks against computer systems or data. Criminal denial-of-service attacks are regularly made on gambling websites both in the United Kingdom and elsewhere. Such attacks are invariably accompanied by demands for amounts between £10,000 and more than £100,000 in order to make the attacks stop. The impact on gambling businesses has been severe. The national hi-tech crime unit has become involved in the investigations, but the perpetrators are believed to be based abroad, which sets some limits on what can be achieved quickly.
12 Jul 2005 : Column 701
The second part of the Bill deals with the length of sentences. At present, offences under section 1 of the Computer Misuse Act 1990 can be dealt with only in a magistrates court, where the maximum penalty is six months in prison and/or a fine of £5,000. A conviction in a higher court currently applies only to offences defined in sections 2 and 3 of the Computer Misuse Act. In those cases, the maximum penalty is five years in prison or an unlimited fine.
By increasing the tariff on these crimes, the House would be sending a message to the courts and the public prosecution service that these crimes must be taken seriously and that, where appropriate, custodial sentences must be applied. Home Office figures show that, when an offence under the Computer Misuse Act is the principal offence with which someone is charged, only about a third of those found guilty are given custodial sentences. When such an offence is not the principal offence, the proportion is very small indeed.
It is regularly claimed that the cost of cleaning up virus or worm attacks runs into billions of pounds. The current level of sentences does not reflect the seriousness of such offences. This Bill would therefore raise the maximum sentence for a conviction under section 1 of the 1990 Act to two years. That would have a number of indirect benefits. It would make an offender subject to extradition procedures, and also make it possible to prosecute for a criminal attempt, even where such an attempt had not succeeded.
Before I conclude, I wish to draw the House's attention to a recent NOP survey conducted on behalf of the national hi-tech crime unit. It estimates that the minimum cost of the impact of high-tech crime on UK-based companies with more than 1,000 employees is no less than £2.5 billion every year.
As the worldwide web grows both in size and in its influence on all our daily lives, the threats posed to all of us by cybercrime also grow. Although high-profile denial-of-service attacks have been made against e-commerce and, especially, gambling sites, the UK Government and the country's critical infrastructure are also vulnerable. It is essential that we have a law in place to make prosecution possible when offences are committed, because that will send the strong and unambiguous message that e-crime will be treated with the utmost seriousness.
Bill ordered to be brought in by Mr. Tom Harris, Mr. Ian Austin, Mr. John Spellar, Gordon Banks, Michael Gove, Jessica Morden, Ms Emily Thornberry, David Mundell, Derek Wyatt, Charles Hendry, Mr. Alan Reid and Michael Fabricant.