The government has proposed a new Bill – called the Product Security and Telecommunications Infrastructure Bill – to Parliament. It has been described as a “new world-leading law” and aims to protect consumers from hackers.

Cyber Laws To Be Introduced in the UK

If you have been accused of online fraud or other cyber offences, please contact us at Ashmans Cyber Crime Solicitors. We specialise in criminal defence law. We represent clients across England and Wales. Read more on the Europol Cyber Thin Blue Line Report.

Cyber security

Nowadays, more and more of us have devices that connect to the internet. There are the obvious things, such as computers and laptops. Then there are the not-so-obvious things, like baby monitors, speakers, thermostats, printers, toys, smart TVs and fitness trackers. In fact, each household in the UK has an average of 10 devices that connect to the internet. These are all at risk of cyber-attacks. If this seems implausible, just consider the North American casino whose data was stolen after attackers gained access through an internet-connected fish tank.

Yet UK laws and security measures have largely failed to keep pace with technology. The UK’s National Cyber Security Centre says that it dealt with 777 incidents in the last 12 months, an unprecedent number. An investigation by Which? also found that the average home could be exposed to over 12,000 scanning or hacking attacks in a single week.

What is cyber crime?

Cyber crime is an umbrella term for any offence that takes place online or uses technology to commit an offence. It incorporates a broad range of illegal activities, including:

  • Hacking
  • Identity theft
  • Computer viruses
  • Child sex offences
  • Terrorism
  • Fraud
  • Harassment and stalking
  • Blackmail
  • Sharing indecent images

The Product Security and Telecommunications Infrastructure Bill

In an attempt to better protect consumers, the government has now introduced the Product Security and Telecommunications Infrastructure Bill to Parliament. If passed into law, it would:

  • Ban universal default passwords. All new devices will have a unique password and cannot be restored to a universal factory setting.
  • Force firms to be transparent with customers about the action they are taking to fix security flaws, or tell customers if a product does not come with security updates.
  • Create a system for the public to report any vulnerabilities found in products, including flaws and bugs.
  • Place a duty on in-scope businesses to investigate compliance failures and to produce records and statements of compliance.
  • Create a new regulator who will have the power to impose financial penalties for non-compliance.

The Bill relates to all products that are capable of access to the internet, ranging from smartphones to voice-activated assistants. It also covers devices that connect to other devices but not directly to the internet, such as smart light bulbs. However, the proposed law excludes second-hand products, as well as desktops and laptops which are already served by antivirus software.

Powers of the new regulator

If the Bill is passed into law, a new regulator will be set up to monitor compliance amongst companies. The regulator will have the power to issue notices to companies requiring the recall of products, prevent the sale or supply of products, and implement compliance with security requirements. Non-compliance can lead to financial penalties, with the maximum fine being £10 million or 4% of global turnover, plus up to £20,000 per day in an ongoing contravention.

What happens next?

The Bill is currently making its way through Parliament, meaning it could be subject to amendments. However, it is likely to be enacted in some form, so companies involved in the sale of internet-access products need to pay close attention. The law will place far greater responsibilities on companies, with non-compliance resulting in costly financial penalties.

Proposed legal changes

This relates to the taking of non-consensual photographs and video recordings of breastfeeding mothers. This will become a criminal offence where the motive is to obtain sexual gratification, or to cause humiliation, distress or alarm. It will be punishable by up to two years in prison.

Different pieces of legislation govern each of these offences, such as the Fraud Act 2006, the Computer Misuse Act 1990, the Domestic Abuse Act 2021, and the Counter-Terrorism and Sentencing Act 2021.

What is the Punishment for Cyber Crime?

The punishment for cyber crime varies drastically depending on the nature of the offence. The penalty can range from a fine to up to 10 years’ imprisonment. Crimes with an international element may also lead to an extradition order.

What are the penalties under the Computer Misuse Act 1990?

A large number of cyber crimes fall under the Computer Misuse Act 1990. This makes provisions for ‘securing computer material against unauthorised access or modification; and for connected purposes’. A number of computer misuse offences are listed under the Act, all of which are given a maximum penalty. For example, in England and Wales, someone who is convicted of:

  • Unauthorised access to computer material – could receive a fine and/or up-to 12 months in prison for a summary offence. This increases to a fine and/or up-to two years in prison for a conviction on indictment.
  • Unauthorised access with intent to commit or facilitate the commission of further offences – could receive a fine and/or up-to 12 months in prison for a summary offence. This increases to a fine and/or up-to five years in prison for a conviction on indictment.
  • Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer – could receive a fine and/or up-to 12 months in prison for a summary offence. This increases to a fine and/or up-to 10 years in prison for a conviction on indictment.
  • Unauthorised acts causing, or creating a risk of, serious damage – could receive up to a fine and/or up to 14 years in prison. This increases to life imprisonment if national security and/or human welfare is either harmed or put at risk.
  • Making, supplying or obtaining articles for use in committing an offence – could receive a fine and/or up-to 12 months in prison for a summary offence. This increases to a fine and/or up-to two years in prison for a conviction on indictment.

What are the penalties under the Fraud Act 2006?

Cyber crimes are also regularly prosecuted under the Fraud Act 2006. Fraud is the deliberate use of deceit or dishonesty to create a gain or to cause a loss to someone else. Cyber crimes that could be considered fraudulent include:

  • Obtaining bank data
  • Online identity theft
  • Phishing
  • Dating scams
  • Cryptocurrency-related fraud
  • Possessing, making or supplying articles associated with identity theft, like malware

The maximum punishment under the Fraud Act 2006 is a fine and/or 12 months’ imprisonment if convicted of a summary offence. If convicted on indictment, the maximum penalty is 10 years in prison. This is reduced to five years in prison for the offence of possessing an article used in fraud.

How is a cyber crime sentence decided?

However, it should be noted that the penalties described above are the maximum punishments available to the courts. Just because you are convicted of a cyber crime, does not necessarily mean that you will receive the maximum sentence. The judiciary in England and Wales have sentencing guidelines. These must be followed unless it would be unjust to do so. They help judges/magistrates to decide on appropriate sentences.

The eventual sentence is influenced by various factors, such as the seriousness of the offence and the amount of harm that was caused. A cyber crime that resulted in a £100 loss will be treated much more leniently than one that threatened national security. The judge or magistrates will also consider your level of culpability, which in law means the extent to which you are responsible for your actions. If you are under the age of 18 or you were influenced by someone else, then you may be treated more favourably.

There are also mitigating factors and aggravating factors that must be applied. Mitigating factors should persuade the judge or magistrates to reduce the sentence. They might include good character, co-operating with the authorities and genuine remorse. Aggravating factors could work against you. They might include previous convictions, organised criminal activity and the deliberate targeting of vulnerable victims.

What should I do if I’m accused of cyber crime?

If you are accused of committing a cyber crime, you should waste no time instructing a legal representative. The criminal defence solicitors here at Ashmans can help you. As outlined above, cyber crime can potentially result in very serious penalties. You need a lawyer who can get you the best possible outcome. Otherwise, you could be facing a criminal record – and even a prison sentence and/or a substantial fine.

Understandably, this will be very worrying for you. All kinds of people get mixed up in cyber crime allegations. Some will be completely unaware that they were facilitating illegal activity, as is often the case with companies and commercial enterprises. Others will have been coerced into helping or may have been acting out of revenge, desperation or fear. And of course, some will be entirely innocent, having been wrongly accused of committing a cyber crime.

Whatever the situation, we will apply our legal expertise to limit the consequences to you, your family and your business (if applicable). Ideally, your case will be resolved before court proceedings become necessary. It may be possible to outline your innocence before charges are laid, meaning the case against you is dropped. Or it may be possible to enter a plea bargain.

If your case does proceed to trial, you can rest assured of our advocacy skills and legal knowledge. Cyber crime is a rapidly evolving area of law thanks to the constant progression of technology. The legislation is continually being updated, and you need a solicitor who is at the forefront of their field.

What happens during a cyber crime investigation?

You may be investigated for cyber crimes months – or even years – before you are actually arrested. It is not uncommon for individuals and businesses to be under investigation, without knowing anything about it. You may first become aware of the investigation when you are invited for a police interview, arrested, or your property is searched.

You should contact our solicitors as soon as you realise that you are suspected of committing a cyber crime. We can advise how best to manage the situation. We can also accompany you to police interviews. This is very important – you should not speak to the police until you have sought expert legal advice. Police station representation is free to everyone under the Legal Aid scheme.

Cyber crime investigations can last a very long time. If you are invited for a police interview, you will likely be released under investigation. If there is enough evidence to charge you, then you will be formally arrested and court proceedings initiated. A not guilty plea will result in a trial.

This will either take place at the Magistrates’ Court or the Crown Court, depending on the seriousness of the offence.

Can the police search my home and seize my belongings?

The authorities will often want to seize electronic items during the course of a cyber crime investigation. Once a search warrant has been granted, the police (and other regulatory bodies) are allowed to search your property and your business. They can also keep any items of interest, such as your electronic devices. These can be sent off for analysis, and the findings may be used as evidence against you.

Will my assets be confiscated?

If you are later found guilty of a cyber crime, then you could subsequently be subject to POCA proceedings. This is when the authorities seek to recover the proceeds of crime. This is more likely where substantial financial gains have been made through fraud or organised criminal activity. If so, the authorities will apply to the court for a confiscation order. You should speak to your solicitor about what to do next. You may be able to prevent the confiscation order or negotiate better terms.

Can I get free legal advice about a cyber crime allegation?

If you have been accused of a cyber crime, we strongly advise that you contact us at Ashmans Solicitors now. We offer free legal advice and free police station representation. If you like, we can then represent you throughout the proceedings. We are experienced cyber crime lawyers and know how best to handle your case.

Call us on 0333 009 6275. We are available to take your call 24 hours a day, 7 days a week.

You can also email us on or complete our Free Online Enquiry Form and we’ll be in touch soon.