Last June I explained that the Computer Misuse Act 1990 would not be amended until April 2008 — because the amendments introduced in the Police and Justice Act 2006 were themselves to be amended by the Serious Crime Act 2007, and that was not expected to come into force until then. Also, right at the end of 2007 the CPS published their guidance on how these new offences might be prosecuted.
Now Clive Feather draws my attention to a rather significant difference in the way that the law stands in Scotland.
Although on the face of it, both Acts do not extend to Scotland (Computer Misuse is a devolved matter) in practice the Scottish Parliament has used a Sewel motion (here for the Police and Justice Act, and here for the Serious Crime Act) to keep the law in both jurisdictions the same…
HOWEVER — as Clive points out — for some currently unknown reason the Scots brought the first version of the amendments into force on 1st October 2007 with this statutory instrument.
So North of the Border the law is currently different: you can prosecuted for denial-of-service attacks and locked up for distributing hacking tools… whereas in the rest of the country, it’s 1990 offences only for a few more weeks.
The changes that arrive in April with the Serious Crime Act won’t make much difference to the people of Scotland, all that happens is that one of the new offences stops being computer-specific and is more broadly drawn instead. Still, it makes you wonder why the denial-of-service offence particularly — which has been widely welcomed — has been delayed for over a year; if the Scots can cope with two law changes rather than one.
BTW: Clive has a marked up copy of the Computer Misuse Act on his website, with pretty colours to show the current form of the Act (it’s been amended a number of times now) and how it will soon look.