Welcome

  • Naked Law is written by technology lawyers from Mills & Reeve. Our team is (mostly) based in Cambridge, England. We write about the latest legal and regulatory developments relating to information and communication technology, e-commerce, and privacy.

    Please send us an email or post a comment if you want to join in the discussions on Naked Law.

Disclaimer

  • The information on this blog is not legal advice. You should not rely on it and we don't accept liability in connection with it. Please read our full disclaimer and let us know if you would like us to advise on any legal issue.

« Google settles click fraud case | Main | GPLv3 gets second wind »

The DoS and Don'ts of computer misuse

Progress seems to be being made on updating the Computer Misuse Act 1990, which has existed without amendment since Apple Macs looked like this. The CMA had avoided legislative "botox" thus far, thanks mainly to the wide-reaching manner in which it was drafted. But an All Party Internet Group inquiry in 2004 called for an increase to sentences for hackers from six months to two years (thereby also making it an extraditable offence), and to make it clear that Denial of Service (DoS) attacks are unlawful.

We have mentioned previously on Naked Law the shortcomings of the CMA in tackling such DoS-type attacks, particularly as shown in the initial acquittal of David Lennon, who was said to have used the mail-bomber program Avalanche to flood the mail server of his ex-employer Domestic & General Insurance with more than 5 million emails. At trial the District Judge accepted the defence argument that each email sent was ‘authorised’ to modify the email server as that is how mail servers work, and that there was no cut-off point at which such volumes of email suddenly became unauthorised, and therefore illegal.  On appeal, this decision was overturned and the case referred back to the magistrates for sentencing.

A Computer Misuse Act (Amendment) Bill was proposed in 2005, but has since been withdrawn, with the amendments now incorporated in a Police and Justice Bill. These are currently being debated in the Lords, with much of the concern focused on proposals to make it an offence to “supply any article for use in offence.... believing that it is likely to be so used”. Fears have been raised that IT professionals who make and distribute hacking tools for legitimate purposes could risk prosecution, as they could be deemed “likely” to be used or modified for criminal purposes. As commented in the Lords, it would be like making the use of a crowbar illegal, as that could be “likely” to be used for burglaries. However the Home Office appear keen to play down such worries, and insist that only the bad guys will be caught by the legislation.

In the meantime many are saying that the real problem is not the CMA at all, but what Simon James, former head of the Computer Crime Unit at Scotland Yard, reportedly called a “woefully” under-resourced police force. Few could argue with this - as the Earl of Northesk points out, prosecutions under the CMA are currently rarer than for murder.

Posted by Peter on August 02, 2006 at 01:06 PM |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341f935853ef00d83566948869e2

Listed below are links to weblogs that reference The DoS and Don'ts of computer misuse:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.