We have posted several times before about the all-too-familiar deficiences in the Computer Misuse Act 1990 - but it finally looks as though there may be light at the end of the tunnel. At the end of January, the UK Government published the Police and Justice Bill, Part 5 of which includes new provisions for dealing with computer crime, and specifically denial of service attacks.
The 15 year old Act has been subjected to criticism from reformers for many years now: its antiquated provisions seem woefully inadequate to cope with the rush to mainstream use of the worldwide web, e-mail and now wireless access. The stark deficiencies of the Act have been cast in relief by a long line of case-law – most recently and notably in November 2005, when a teenage boy launched a denial of service attack against his former employer.
The new reforms look to be far-reaching, introducing purposefully severe sentences to act as a deterrent while aspiring to tackle quickly-evolving menaces, such as denial of service. The key proposals include:
- an increase in the penalty for unauthorised access offences from six months to two years;
- an increase in the penalty for unauthorised modification of computer systems from five to ten years; and
- an attempt to make denial of service attacks illegal by making it an offence to "impair the operation of a computer".
Today, in the UK alone, attacks on IT services are estimated to cost businesses £3bn a year and reforms are badly needed. Elsewhere, Spy Blog has posted an interesting critique of the Bill and Lilian Edwards looks in detail at the wording intended to deal with denial of service.
s.35 of the Police and Justice Bill looks like it will strike an important blow against the developers of tools such as tcpdump, ethereal and gdb.
Posted by: Chris Lightfoot | March 02, 2006 at 11:25 PM