UK Looks To Make Denial Of Service Attacks Illegal -- But Does It Go Too Far?

from the about-time dept

Last year, we noted that denial of service attacks apparently were not illegal in the UK, based on current law. While some have tried to convince the courts that such attacks really were illegal, most seemed to realize that the current computer crimes law was inadequate to cover more modern-day threats. Along come politicians to the rescue, with a new bill designed to make all sorts of new computer crimes illegal. However, as with other times that politicians try to deal with new computer ills, it seems like the new law could go a bit too far. Among the provisions is that it would be illegal to "make or supply hacking tools" which seems a bit broad, as this would appear to include all sorts of legitimate tools that security researchers use to bypass security systems or crack passwords. It's great that updates are being made to the existing law, but politicians should be careful that they don't go too far in the other direction, outlawing plenty of perfectly reasonable activities.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    ShaolinTiger, 6 Mar 2006 @ 11:11pm

    No Subject Given

    A bit scary for any penetration testers in the UK..

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 6 Mar 2006 @ 11:18pm

    is disassembling also hacking?

    "hacking" - what exactly do they mean by "hacking"? Does that also mean disassembling tools? Such as a tool that might be used to modify a program away from it's original design... for example, as how most people customize their current operating system's display using a 3rd-party utility to manipulate the OS code to make it look unlike how it was ever intended to look...

    hmmmm - hacking could also mean that you are disassembling something as simple as a genetic code so you could manipulate it into something better... only if it was a computer though.

    link to this | view in thread ]

  3. identicon
    radioactivity, 7 Mar 2006 @ 1:20am

    damn politicians

    Why do the get invovled with things, they know next to nothing about? They never really listen to any advisors they bring on board.

    link to this | view in thread ]

  4. identicon
    Greg, 7 Mar 2006 @ 1:24am

    No more laws, please

    The issue with this is that over time, technologists find solutions to the emerging problems rather more quickly than the law can keep up. Moreover, parliamentary draftsmen find it hard enough to handle the complexity of company law or land law, never mind the inner working of networks, processors and protocols.

    This is an area best left alone by the politicians. By the time they get a law through, the world has moved on enough to render it obselete. At best it gives us laws that are irrelevant. At worst, we end up having to jump through legal hoops to do legitimate stuff, whilst the bad guys are playing in whole new areas.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 7 Mar 2006 @ 2:23am

    Links

    Police and Justice Bill.
    35 Making, supplying or obtaining articles for use in computer misuse offences

    After section 3 of the 1990 Act insert--
    "3A Making, supplying or obtaining articles for use in offence under section 1 or 3

    (1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article--
    (a) knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3; or
    (b) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3.

    (2) A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.
    (3) In this section "article" includes any program or data held in electronic form.

    link to this | view in thread ]

  6. identicon
    giafly, 7 Mar 2006 @ 2:31am

    Re: Links

    Look closely at 1a (above) as this seems to affect legitimate security work, e.g. testing that a Website is secure against people using "hacker tools", by simulating an attack.

    link to this | view in thread ]

  7. identicon
    J, 7 Mar 2006 @ 5:30am

    Re - Giafly

    No, that isn't what it says. You have to read all of the words in section 1a: "... course of or in connection with an offence"

    A legitimate pen test isn't the same as committing an offense.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 7 Mar 2006 @ 6:31am

    Re: Re - Giafly

    It is in the eyes of the law, if you sent a DoS attack on a network which is not on the internet eg internal before it is hooked up to the outside world, it is still illegal. Soon enough configuring linux will be illegal let along registary editing!

    link to this | view in thread ]

  9. identicon
    Adam, 7 Mar 2006 @ 6:44am

    List of hacking tools

    Heres a short list of some hacking tools:

    Computer
    Keyboard
    Mouse
    Calculator w/Hexidecimal conversion button
    Books about Hacking
    Internet Forums
    Email clients with macro support
    ...

    Pretty much anything could be used as a hacking tool. Lets ban the Earth.

    link to this | view in thread ]

  10. identicon
    Wolfger, 7 Mar 2006 @ 8:00am

    Re: Re - Giafly

    You have to read all of the words in section 1a: "... course of or in connection with an offence" A legitimate pen test isn't the same as committing an offense.
    You get in trouble via incomplete quoting... Your half-quote means exactly what you say it does, but the first half of the sentence, "knowing that it is designed or adapted for use" clearly states that committing the offence is not a requirement. Making, adapting, supplying or offering to supply a tool that the law deems "designed or adapted" for breaking the law would mean that the makers of Ethereal (or your sniffer of choice) is headed for jail, because hackers most definitely have adapted network sniffers for illegal use.

    link to this | view in thread ]

  11. identicon
    Just Me, 7 Mar 2006 @ 8:14am

    Re: Re - Giafly

    You are correct, I should have used another means of highlighting the important portion.

    However, I'll still say that the item requires comission of a crime.

    I am married to someone with legal training, but IANAL myself.

    link to this | view in thread ]

  12. identicon
    Andy, 7 Mar 2006 @ 9:14am

    Re: Re - Giafly

    Yes, it would require the commission of a crime, but this protects no-one from the consequences of such a crime being committed. I use nmap routinely to check the internal and external security of my servers. Fyodor (the creator of nmap) would be as aware as anyone that every penetration testing tool can be used for testing, or as a live tool for use in reconnaissance for malicious purposes.
    Therefore, as this bill appears to be worded, Fyodor is 'guilty' of knowing that some people will use his tool for ill and some for good.
    New Labour insanity, like every half-baked piece of so-called legislation they introduce for the sake of a headline...

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 7 Mar 2006 @ 9:44am

    No Subject Given

    Taking a 'real-world' analogy ... shouldn't it then be illegal to manufacture things like gun-powder, arsenic, nitro-glicerine, knowing that these are tools which can be used to commit murder or terrorism?

    Another question ... should telnet be outlawed because it can be used as a hacker tool?

    It would be like making baseball bats illegal because they can be used to assault people.

    I live in England at the moment, glad to be leaving soon, hoping that this way of thinking doesn't catch on in other parts of the world, especially the one that I am moving to... crazy world

    link to this | view in thread ]

  14. identicon
    Anthony Ball, 22 May 2006 @ 12:37pm

    We produced a program called SpyMon...

    We are aware that people could use our tool for purposes that it was not intended for, stopping them would be impossible.

    We have had no choice but to withdraw our product. Our product is aimed at making sure your children are safe on the internet by allowing you to monitor their activites. But in the wrong hands...

    We cannot afford the possibility of a legal battle against the state, with the possiblilty of directors being imprisoned if we lose.

    But the new law poses interesting questions as to what depth does the new law extend. For example if I wrote a tool to say, crack a password. Are the operating system routines (50% of the tool) also illegal? All a keylogger is a program that sends data from a keyboard hook to another location. 90% is OS software calls. Are Microsofts hooking calls now illegal?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.