UK Looks To Make Denial Of Service Attacks Illegal — But Does It Go Too Far?

from the about-time dept

Last year, we noted that denial of service attacks apparently were not illegal in the UK, based on current law. While some have tried to convince the courts that such attacks really were illegal, most seemed to realize that the current computer crimes law was inadequate to cover more modern-day threats. Along come politicians to the rescue, with a new bill designed to make all sorts of new computer crimes illegal. However, as with other times that politicians try to deal with new computer ills, it seems like the new law could go a bit too far. Among the provisions is that it would be illegal to “make or supply hacking tools” which seems a bit broad, as this would appear to include all sorts of legitimate tools that security researchers use to bypass security systems or crack passwords. It’s great that updates are being made to the existing law, but politicians should be careful that they don’t go too far in the other direction, outlawing plenty of perfectly reasonable activities.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “UK Looks To Make Denial Of Service Attacks Illegal — But Does It Go Too Far?”

Subscribe: RSS Leave a comment
Anonymous Coward says:

is disassembling also hacking?

“hacking” – what exactly do they mean by “hacking”? Does that also mean disassembling tools? Such as a tool that might be used to modify a program away from it’s original design… for example, as how most people customize their current operating system’s display using a 3rd-party utility to manipulate the OS code to make it look unlike how it was ever intended to look…

hmmmm – hacking could also mean that you are disassembling something as simple as a genetic code so you could manipulate it into something better… only if it was a computer though.

Greg (user link) says:

No more laws, please

The issue with this is that over time, technologists find solutions to the emerging problems rather more quickly than the law can keep up. Moreover, parliamentary draftsmen find it hard enough to handle the complexity of company law or land law, never mind the inner working of networks, processors and protocols.

This is an area best left alone by the politicians. By the time they get a law through, the world has moved on enough to render it obselete. At best it gives us laws that are irrelevant. At worst, we end up having to jump through legal hoops to do legitimate stuff, whilst the bad guys are playing in whole new areas.

Anonymous Coward says:


Police and Justice Bill.
35 Making, supplying or obtaining articles for use in computer misuse offences

After section 3 of the 1990 Act insert–
“3A Making, supplying or obtaining articles for use in offence under section 1 or 3

(1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article–
(a) knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3; or
(b) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3.

(2) A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.
(3) In this section “article” includes any program or data held in electronic form.

Wolfger (profile) says:

Re: Re - Giafly

You have to read all of the words in section 1a: “… course of or in connection with an offence”

A legitimate pen test isn’t the same as committing an offense.

You get in trouble via incomplete quoting… Your half-quote means exactly what you say it does, but the first half of the sentence, “knowing that it is designed or adapted for use” clearly states that committing the offence is not a requirement. Making, adapting, supplying or offering to supply a tool that the law deems “designed or adapted” for breaking the law would mean that the makers of Ethereal (or your sniffer of choice) is headed for jail, because hackers most definitely have adapted network sniffers for illegal use.

Andy says:

Re: Re: Re: Re - Giafly

Yes, it would require the commission of a crime, but this protects no-one from the consequences of such a crime being committed. I use nmap routinely to check the internal and external security of my servers. Fyodor (the creator of nmap) would be as aware as anyone that every penetration testing tool can be used for testing, or as a live tool for use in reconnaissance for malicious purposes.
Therefore, as this bill appears to be worded, Fyodor is ‘guilty’ of knowing that some people will use his tool for ill and some for good.
New Labour insanity, like every half-baked piece of so-called legislation they introduce for the sake of a headline…

Anonymous Coward says:

No Subject Given

Taking a ‘real-world’ analogy … shouldn’t it then be illegal to manufacture things like gun-powder, arsenic, nitro-glicerine, knowing that these are tools which can be used to commit murder or terrorism?

Another question … should telnet be outlawed because it can be used as a hacker tool?

It would be like making baseball bats illegal because they can be used to assault people.

I live in England at the moment, glad to be leaving soon, hoping that this way of thinking doesn’t catch on in other parts of the world, especially the one that I am moving to… crazy world

Anthony Ball (user link) says:

We produced a program called SpyMon…

We are aware that people could use our tool for purposes that it was not intended for, stopping them would be impossible.

We have had no choice but to withdraw our product. Our product is aimed at making sure your children are safe on the internet by allowing you to monitor their activites. But in the wrong hands…

We cannot afford the possibility of a legal battle against the state, with the possiblilty of directors being imprisoned if we lose.

But the new law poses interesting questions as to what depth does the new law extend. For example if I wrote a tool to say, crack a password. Are the operating system routines (50% of the tool) also illegal? All a keylogger is a program that sends data from a keyboard hook to another location. 90% is OS software calls. Are Microsofts hooking calls now illegal?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...