Feedback on CMA Inquiry

Dear APIG,
 
I am worried regarding an apparent lack of co-ordination between parties interested and involved in combating illegal computer misuse.

I am currently in dispute with my telecommunications provider regarding payment for premium-rate calls made by a "rogue dialler" installed by a trojan on my home computer, something I consider a criminal act as defined by the CMA 1990.

In discussions with my telecommunications provider regarding what they are doing to combat this growing problem, they insist that they receive no "real-time" information from ICSTIS regarding the initiation of complaints into service providers, suspect numbers and the like, only final reports on upheld complaints. On the contrary, in a copy of a letter kindly provided to me by my MP, Mr. Paul Goggins, Mr. George Kidd, chairman of ICSTIS, stated that ICSTIS was providing telcos with "weekly" updates regarding suspect premium-rate numbers and other information prior to the completion of investigations.
 
Does the APIG have any concrete information that they can offer me regarding this matter?

 
Dear Sir,

Thank you for your email. I am afraid that APIG does not have any further information as regards to ICSTIS's reporting procedure. Our work on the CMA has focused on securing amendments to the Act to specifically outlaw DdoS attacks and to extend the penalty to 2 years imprisonment for offences committed under section one of the Act. We are hopeful that Parliamentary time will be found for a CMA Amendment Bill in the next session.

The members of APIG are aware of the problems with Rogue Diallers and have had meetings with ICTSIS on this topic. In our report on the CMA of June 2004, we recommended that ICSTIS proceed with criminal prosecutions of the companies who are profiting from these scams. ICSTIS have now implemented a pre-registration process to enable them to more effectively regulate this area.
 
I am sorry that we are not able to provide you with any more specific information, but will ensure that the issue is raised with ICSTIS at our next meeting.

Kind regards,

APIG Secretariat

Sirs,

I am Prof. Neil Barrett and I was the prosecution computer expert witness in one of the cases referred to in your report of June 2004. This is the case of R v CAFFREY, which I believe was not represented accurately in your report, particularly regarding the issue of the criminality of denial of service (DoS) attacks under section 3 of the 1990 law. You say in your report that evidence was taken from Clive Gringras to the effect that the defence did not raise the issue of illegality of DoS under section 3 and that it can therefore be taken with confidence that DoS is so covered. In fact, the question of the illegality of DoS was never an issue in the case of CAFFREY. He was charged under section 3 with having made a modification to the computers of the Port of Houston. That modification was so as to carry out a DoS attack against persons unknown, and the effect of the modification was such as to cause the Port of Houston server to crash. However, the evidence that was shown related purely to the modification, not to the result of the modification. It was an accepted point in the case that the modification occurred, that it was unauthorised, that it was so as to impair that computer, and that such impairment was unlawful under section 3 of the 1990 act. As such, I would argue that the status que ante remains; we have not yet had a case of DoS argued under section 3 of the 1990 act.
 
I am aware that this is too late to act as a contribution or in any way to alter the findings of the committee. Nonetheless, as one who was very close to this case for a long period of time, I would be remiss in not attempting to correct such a large misunderstanding in the state of the law.
 
With kind regards
 
Prof Neil Barrett

Main Navigation

• Home
• Membership
• APIG officers
• Current activities
• APIG in the news
• Archive
  • 2005
  • 2004
  • 2003
  • 2002
  • 2001
  • 2000
  • 1999
  • 1998
• Contact