UK Looks To Make Denial Of Service Attacks Illegal -- But Does It Go Too Far?

from the about-time dept

Last year, we noted that denial of service attacks apparently were not illegal in the UK, based on current law. While some have tried to convince the courts that such attacks really were illegal, most seemed to realize that the current computer crimes law was inadequate to cover more modern-day threats. Along come politicians to the rescue, with a new bill designed to make all sorts of new computer crimes illegal. However, as with other times that politicians try to deal with new computer ills, it seems like the new law could go a bit too far. Among the provisions is that it would be illegal to "make or supply hacking tools" which seems a bit broad, as this would appear to include all sorts of legitimate tools that security researchers use to bypass security systems or crack passwords. It's great that updates are being made to the existing law, but politicians should be careful that they don't go too far in the other direction, outlawing plenty of perfectly reasonable activities.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    ShaolinTiger, Mar 6th, 2006 @ 11:11pm

    No Subject Given

    A bit scary for any penetration testers in the UK..

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Mar 6th, 2006 @ 11:18pm

    is disassembling also hacking?

    "hacking" - what exactly do they mean by "hacking"? Does that also mean disassembling tools? Such as a tool that might be used to modify a program away from it's original design... for example, as how most people customize their current operating system's display using a 3rd-party utility to manipulate the OS code to make it look unlike how it was ever intended to look...

    hmmmm - hacking could also mean that you are disassembling something as simple as a genetic code so you could manipulate it into something better... only if it was a computer though.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    radioactivity, Mar 7th, 2006 @ 1:20am

    damn politicians

    Why do the get invovled with things, they know next to nothing about? They never really listen to any advisors they bring on board.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Greg, Mar 7th, 2006 @ 1:24am

    No more laws, please

    The issue with this is that over time, technologists find solutions to the emerging problems rather more quickly than the law can keep up. Moreover, parliamentary draftsmen find it hard enough to handle the complexity of company law or land law, never mind the inner working of networks, processors and protocols.

    This is an area best left alone by the politicians. By the time they get a law through, the world has moved on enough to render it obselete. At best it gives us laws that are irrelevant. At worst, we end up having to jump through legal hoops to do legitimate stuff, whilst the bad guys are playing in whole new areas.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Mar 7th, 2006 @ 2:23am

    Links

    Police and Justice Bill.
    35 Making, supplying or obtaining articles for use in computer misuse offences

    After section 3 of the 1990 Act insert--
    "3A Making, supplying or obtaining articles for use in offence under section 1 or 3

    (1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article--
    (a) knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3; or
    (b) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3.

    (2) A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.
    (3) In this section "article" includes any program or data held in electronic form.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    giafly, Mar 7th, 2006 @ 2:31am

    Re: Links

    Look closely at 1a (above) as this seems to affect legitimate security work, e.g. testing that a Website is secure against people using "hacker tools", by simulating an attack.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    J, Mar 7th, 2006 @ 5:30am

    Re - Giafly

    No, that isn't what it says. You have to read all of the words in section 1a: "... course of or in connection with an offence"

    A legitimate pen test isn't the same as committing an offense.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Mar 7th, 2006 @ 6:31am

    Re: Re - Giafly

    It is in the eyes of the law, if you sent a DoS attack on a network which is not on the internet eg internal before it is hooked up to the outside world, it is still illegal. Soon enough configuring linux will be illegal let along registary editing!

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Adam, Mar 7th, 2006 @ 6:44am

    List of hacking tools

    Heres a short list of some hacking tools:

    Computer
    Keyboard
    Mouse
    Calculator w/Hexidecimal conversion button
    Books about Hacking
    Internet Forums
    Email clients with macro support
    ...

    Pretty much anything could be used as a hacking tool. Lets ban the Earth.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Wolfger, Mar 7th, 2006 @ 8:00am

    Re: Re - Giafly

    You have to read all of the words in section 1a: "... course of or in connection with an offence" A legitimate pen test isn't the same as committing an offense.
    You get in trouble via incomplete quoting... Your half-quote means exactly what you say it does, but the first half of the sentence, "knowing that it is designed or adapted for use" clearly states that committing the offence is not a requirement. Making, adapting, supplying or offering to supply a tool that the law deems "designed or adapted" for breaking the law would mean that the makers of Ethereal (or your sniffer of choice) is headed for jail, because hackers most definitely have adapted network sniffers for illegal use.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Just Me, Mar 7th, 2006 @ 8:14am

    Re: Re - Giafly

    You are correct, I should have used another means of highlighting the important portion.

    However, I'll still say that the item requires comission of a crime.

    I am married to someone with legal training, but IANAL myself.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Andy, Mar 7th, 2006 @ 9:14am

    Re: Re - Giafly

    Yes, it would require the commission of a crime, but this protects no-one from the consequences of such a crime being committed. I use nmap routinely to check the internal and external security of my servers. Fyodor (the creator of nmap) would be as aware as anyone that every penetration testing tool can be used for testing, or as a live tool for use in reconnaissance for malicious purposes.
    Therefore, as this bill appears to be worded, Fyodor is 'guilty' of knowing that some people will use his tool for ill and some for good.
    New Labour insanity, like every half-baked piece of so-called legislation they introduce for the sake of a headline...

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Mar 7th, 2006 @ 9:44am

    No Subject Given

    Taking a 'real-world' analogy ... shouldn't it then be illegal to manufacture things like gun-powder, arsenic, nitro-glicerine, knowing that these are tools which can be used to commit murder or terrorism?

    Another question ... should telnet be outlawed because it can be used as a hacker tool?

    It would be like making baseball bats illegal because they can be used to assault people.

    I live in England at the moment, glad to be leaving soon, hoping that this way of thinking doesn't catch on in other parts of the world, especially the one that I am moving to... crazy world

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anthony Ball, May 22nd, 2006 @ 12:37pm

    We produced a program called SpyMon...

    We are aware that people could use our tool for purposes that it was not intended for, stopping them would be impossible.

    We have had no choice but to withdraw our product. Our product is aimed at making sure your children are safe on the internet by allowing you to monitor their activites. But in the wrong hands...

    We cannot afford the possibility of a legal battle against the state, with the possiblilty of directors being imprisoned if we lose.

    But the new law poses interesting questions as to what depth does the new law extend. For example if I wrote a tool to say, crack a password. Are the operating system routines (50% of the tool) also illegal? All a keylogger is a program that sends data from a keyboard hook to another location. 90% is OS software calls. Are Microsofts hooking calls now illegal?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This