According to the Queen’s speech, the British government decided to hand out life sentences to hackers found guilty of a cyberattack with a catastrophic effect: loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof.

Along with targeting cyberterrorists, the proposed update to the UK Computer Misuse Act (CMS) 1990 also suggests serious sentences for industrial espionage. The updated law would hand over a 14-year sentence for hackers representing a significant risk of severe economic or environmental damage or social disruption. This is a bit longer that the current section of the CMA carries (10-year sentence at the moment).

However, the Open Rights Group believes that the bill in question would be difficult to justify, provided current legislation already carries punishments for terrorism, whether via computers or other means. This point of view is supported by the members of the hacktivist collective LulzSec, convicted under the CMA for participation in cyberattacks.

The UK government didn’t mention any complaints over the application of current computer crime law. The problem is that certain kinds of research could be deemed illegal. For example, the penetration testers (security experts) looking for weaknesses in Internet infrastructure can act as real cybercriminals when trying to improve the security of the Internet – for instance, when scanning for vulnerabilities. And such research is also punishable under UK law, despite it being carried out for altruistic ends. As a result, the potential weaknesses may remain unresolved.

The Unites States faces the same problem, with the researchers having been threatened with indictment for their own security tests. Security experts admit it is good to see the government making attempts to enforce specific law tools before they are needed, but the general opinion is that the government should be careful to not accidentally criminalize good faith efforts. The industry observers worldwide agree that any move towards tougher sentencing for cybercriminals would be a move in the right direction, welcomed by both businesses and individuals, but some problems still remain unresolved, and the government should realize that.