UK Parliament to ban DoS Attacks

Ian Hill writes "It seems that the UK government is not as technologically withdrawn as you may think. This bill is an amendment to the Computer Misuse Act 1990 which bans Denial of Service attacks by name. It states that a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system.'"

Thank God

[Ashcrow]

Now no one will ever do it!

Re:Thank God

no, but maybe now people (read: script kiddies) will be less likely to start a DoS on a particular site, seeing as it could land you in jail, or with a sizeable fine

p2p sharing here I come

[azzy]

I can p2p share as much as I like.. breaching copyright.. and the American's can't get me!!! Yippee!!!!!

First Criminals

[Amazing+Quantum+Man]

And the first two people charged will be:

Ian Hill and CmdrTaco for causing a slashdotting of the UK Parliament server!

Re:First Criminals

if they cause, or intend to cause

You know, the parent poster might be more on par than you think. Since Slashdot has a tendency to push huge amounts of traffic to sites mentioned in articles, could that be taken as a DoS attack? Notice the line above says 'cause or intend to cause', meaning if you cause something like a Denial of Service attack, with or without intent, you could still be prosecuted. Hmmm. This might not be a good thing after all.

Re:First Criminals

[tomhudson]

It states that a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system.'"

So this means that Microsoft can be charged for upgrades that don't work properly, etc.!!!!

Works for me!

Re:First Criminals

[david+duncan+scott]

Maybe, but I think their intent is the reverse in "cause or intend to cause" -- not "caused without intent", but "intended to cause and were foiled". (Curses!)

Re:First Criminals

[ScottKin]

If the upgrades don't work it's not Microsoft's fault - the more likely scenario is that you have a perfectly-good OS from Microsoft that has been tainted by crappy 3rd-party programs, shareware, hacked/cracked warez and who-knows-what-else installed on your system.

It's something I like to call "Responsible Computing"

ScottKin

Re:First Criminals

[tomhudson]

:-) I hope everyone realizes you're being facetious, and not trolling.

After all, "Responsible Computing" and "perfectly-good OS from Microsoft" ...

You are trying to be funny, aren't you???

Re:First Criminals

[Linux+Ate+My+Dog!]

I would damn well hope so, and it is about time.

The first time a link to my site got posted on Slashdot, the onslaught on the first day and subsequent spreading through blogs and mailing lists got me kicked off my hoster for generating an excess of 30 MB of netrowk traffic in 20 days -- they thought I was trading MP3s or warez. When they found out it was just my page, they still invoked their "upsetting normal working of server" clause and kicked me out on Dec 23d.

I found a new hoster, but this one charges me 6 bucks for any extra MB of traffic over my 2MB. That's just the breaks, the rest of the package is good. Of course, since it is hosted I can't actually do neat tricks like change the webserver to block slashdot referrers or anything, I just have what I have. But I wouldn't get slashdotted asgain, would I?

Of course I would, and without warning or consultation Chris posts the link again on the front page. My billing is monthly, the link was put the last day of the month, so I got the bill for this stunt after one day in the May billing: 54 bucks. June, of course, is yet to come in, and Lord knows what that bill is going to be.

All Slashdot editors know this will happen when they post a link. They know. They have known for years now. When I complained, I got a pointer to their standard policy "We don't warn people", as pointing to some webpage somehow mitigates the slashdot effect or precludes them from responsability for what their site does to websites. Further pressing got a "Change your webserver to deny referrals from slashdot (because you should just anticipate that we will Slashdot you some day, so you should have done this already)" and pointer to their FAQ on why they don't use Google cash: "But it's so hard to use it!"

I don't mind at all if a bill comes along somewhere that points out to editors of popular sites that wield this kind of power that there is no difference between them and a DDoS attack from a web-publishers point of view.

Re:First Criminals

[DNS-and-BIND]

This is a real issue. I was involved in a court case recently, where an email server had fallen down after receiving a mere 14,000 emails. The mail server (a 4x450 CPU Sun E4500) had really bad mail processing software. The cluebies who set it up caused sendmail to spawn a shell process and a SQL script for *each incoming email*. That's right, two expensive processes just to get one email injected into the database. Needless to say, after the first 500 mails or so, the system load was above 100 and the machine was not doing anything but processing mail (needless to say, it was an "all-in-one" server, that had Oracle, apache web interface, OAS, DNS running). The FBI prosecuted the guy for "executing a remote command to do damage" and "unauthorized access".

Was he wrong? All he did was send some email. It's not his fault the machine fell down, it was an unscalable design.

Re:First Criminals

[GreyFish]

I second this.

Slashdot editors: You are armed with a loaded weapon, and you show no inclination to use it safely, or to have any respect for your 'victims'.

Perhaps you could mirror sites at slashdot as/when you link to them?

Re:First Criminals

[Alsee]

there is no difference between them and a DDoS attack from a web-publishers point of view.

The difference is that with the slashdot effect the server is saturated by preforming its intended function - showing the information to people who wish to see it, or atleast as many of them as it can manage. When you publish information it is reasonable to assume you want people to see it.

P.S.
6 bucks for any extra MB of traffic
Please tell me that's a typo. $6 per megabyte of data is ludicrous. You need a new host.

P.P.S.
If you don't want so many hits on your webpage perhaps you should drop the "Reload for new image" at the bottom.

-

Re:First Criminals

If you don't want to make content publicly available, don't make it available. If you only want to serve up to X MB of content, then only serve X MB of content. These are all entirely within the control of your server machine. It's not our fault that you have a poor deal with your provider, or poor control of your web server. It's definitely not our fault that /. editors seem to like what you have to say.

Signed, the Internet Community.

Re:First Criminals

[Linux+Ate+My+Dog!]

You are not the Internet Community. The Internet Community I know was about sharing links, about sharing resources in a new structure, of saying you attach your subnet to me and then you can route my mail through you and isn't this WWW thing cool? The Internet Community I know was about taking care of information, of wanting it to be free and to be accessible. If anything, bandwidth and bottleneck issues have been researched by the Internet Community for years -- that's exactly what P2P is all about.

You are that new Internet Community that thinks that just because the word 'Internet' is involved, all notions of reality, responsability, or reasonable, have been thrown out the window. Well, to that I say 'Bullshit', and if you don't get it, the law will, as is evidenced by the bill being discussed in the UK.

As I explained, as a user of a standard webhoster these things are not within my control. You are just blaming the victim because it is easier for you. The Internet luminaries I know would die of shame if their networks were causing their downstream users crashing problems, or throughput problems, or service problems. You are just another version of "gimmie, gimmie, gimmie".

Be reasonable. That is all I ask. The existance of the slashdot effect for the last couple of years now should be a very big pointer that something very unreasonable is happening. It's making content inaccessible while nominally trying to get people to see it. I am sorry, am I the only one that sees the utter, utter, utter ridiculousness of that notion?

Re:First Criminals

[Linux+Ate+My+Dog!]

Sorry, that was 6 per GB. I think I put MB everywhere I should have put GB in that story.

And no, it wasn't my front page that got linked here.

The difference is that with the slashdot effect the server is saturated by preforming its intended function - showing the information to people who wish to see it, or atleast as many of them as it can manage. When you publish information it is reasonable to assume you want people to see it.

Yes, but which people? I just put it up to show it to my friends and their friends. It is also a reasonable assumption that I don't want my server to go down by having hoardes and hoardes of requests from complete strangers I don't care about. To the webserver it doesn't matter whether it is a scriptkiddie running the gazillion resuests or hit-and-run slashdotters, and from my POV, it isn't either.

The whole situation just sucks, and the editors know it is happening, and don't care. That's just really sad.

Re:First Criminals

even though you intended it to be up for your friends, the internet world doesnt see it that way. Search engines pick it up, links are posted etc

I do agree that the editors are wrong in their actions though. if its a corporate website that can handle the effect, a link is okay. If its a nonprofit/personal without extra bandwidth, a cache/mirror or whatever should be done.

You shouldnt have your site taken down due to excessive bandwidth usage.

Re:First Criminals

[loraksus]

what the fuck was he doing sending 14000+ emails?

Re:First Criminals

[Yottabyte84]

Windows works fine untill you try to observe it working, at which point it shits itself.

Re:First Criminals

Simple answer to being Slashdotted, host your site on Geoshitties, they won't charge you for over-usage of bandwidth, just make your page inaccessable for an hour or two. :)

Re:First Criminals

'degradation, failure or other impairment of function of a computerised system.'

Of course not. It will be Bill Gates for installing any of his OSes on a system.

Re:First Criminals

[Alsee]

I understand your headaches, but I still think it's legitimate web activity. You published to the general public. The people who came to the site all had a legitimate interest in seeing it. The system is functioning as designed, though not quite how you'd like. Most people would consider it a pleasant suprize if their site became "too popular".

Yes, but which people?
If you wish to restrict access to the site, that is up to you - and by extension the host you choose to use.

I think the main problem you are having is with the hosting agreements. There are a lot of places out there with many different plans. Perhaps you can find one that is simply throttled to x meg per day. That way an overload would only disrupt the site for a day or two, and no unexpected bills for excessive usage.

-

Re:First Criminals

[gfreeman]

needless to say, it was an "all-in-one" server

Well there's your problem. Business critical mail systems should be on dedicated servers.

Re:First Criminals

[ScottKin]

No, I'm being something that the general population of penguin-fetishists avoid like the plague... ...FACTUAL AND HONEST!!!!

Chew on that for a bit!

ScottKin

Re:First Criminals

[tomhudson]

Maybe it's because I was spoiled by using a multi-tasking os that wouldn't crash before Microsoft even heard of the term 'multi-tasking', but the technology for making a proper os for microcomputers existed long before the crap called Windows, and long before linux, etc.

So, it's not a question of having a penguin-fetish-type view of computing ... quite the contrary. The simple fact is that Microsoft is incapable of creating a proper operating system, becuase of systemic structural defects in their business methods.

Ha anyone told Rep. Howard Berman ?

[drew_kime]

I wonder if this will get passed before this.

Re:Ha anyone told Rep. Howard Berman ?

[DeltaSigma]

One must wonder if this would make effective grounds for a citizen of the U.K. to sue any copyright holder's carrying out a DoS attack on them under the respective acts. Or would that stop short merely giving a P2P server based in the U.K. grounds to sue?

Man, we really need more lawyers on slashdot. People can complain about the slime they'd bring with them but we've already got so many trolls one would hardly notice the difference...

Re:Ha anyone told Rep. Howard Berman ?

[evronm]

Great point! Actually, if both get passed it will make for a very interesting jurisdictional conflict. What if the an RIAA company Dos's a UK based p2p network?

Re:Ha anyone told Rep. Howard Berman ?

[Dalcius]

Wheee

About time for some *sane* international standards.

I doubt this happens since the bill proposed here in the US is a bunch of BS and even congress can realize that (it's letting the law into the hands of the corpers). They're not that dense.

On the other hand, I hope something like this comes to a head soon so gov't will have to agree with each other and someone can make sane international standards.

irony

[s20451]

So we slashdotted them with a link. How ironic. Can I rat out Taco for a reduced sentence?

Slashdot Banned From posting Links to UK?

[EastCoastSurfer]

Wouldn't the slashdot effect be a way of degrading network performance?

Re:Slashdot Banned From posting Links to UK?

[Dalcius]

Hey... see a picture developing?

Microsoft leaves holes in Outlook and IIS...

which lead to virii slowing down the UK network...

*drool* Oh the possibilities!

Re:Slashdot Banned From posting Links to UK?

Wouldn't the slashdot effect be a way of degrading network performance?

... or sexual performance? Iunno -- it's degrading anyway.

Degridation, impairment..

[AntiTuX]

Like installing windows?
(HA HA HA HA!! I Made a Funny!!!)

Re:Degridation, impairment..

[High+Jumbllama]

Yeah, it might have been flamebait, but it is still funny.

Re:Degridation, impairment..

Well, I'm just surprised that I got modded *DOWN* on a pro-linux post. I swore that slashdot was a "L1nuX R0012" kinda mode today. I dunno, I'm not very good at this kharma whoring kinda thing..

Wait until the IFPI gets involved

If the RIAA has any success in the US, then the IFPI can try the same thing with some member of parliament.

they still use DOS in England?

[mr_gerbik]

I knew they were behind the times but man... I bet they still program in QBASIC too.

Re:they still use DOS in England?

[mr_gerbik]

Holy shit, you made a joke about the difference between DoS (denial of service) and DOS (disk operating system). I've never seen a joke like this on Slashdot!

Holy shit, you made a joke about my joke because you waste 50% of your life reading Slashdot and critiquing jokes.

Keep up the creative and original work!

Keep up the not getting laid and using Slashdot to bump up your self esteem.

What if?

[squarefish]

Their site gets /.'d?

Dos'ers should have

[Tri0de]

a hard drive tied to each testicle and tossed in the Thames. Or sat the very least a nice little midnoght visit from the SAS, and some 'questioning'.

Re:Dos'ers should have

[Wingnut64]

Yes, being tortured by sadistic commandos is a fitting punishment for crashing a computer.

Re:Dos'ers should have

Better yet, an old AS/400 tied to each testicle and tossed in the Thames. Far more effective.

Re:Dos'ers should have

[arivanov]

It is easier to organise in the US then in the UK.

Rat them up to the NKVD^WHomeland Security. Works great on spammers (espcecially of the "all capitals nigerian bulshit" or other scam varieties). All you need to do is express your suspicion that the scam money is used to finance terrorism. After that you will never hear from that spammer again once they have disappeared "in and night and fog" to GULAG^WGuantanamo Bay for questioning with no legal representation.

Unfortunately the Yard in the UK systematically drops the ball on these. I wish it did not. And I wish it did what you suggest.

In other news...

[CmdrTaco+(troll)]

Slashdot to ban trolling.

Re:In other news...

[ScottKin]

Slashdot to ban trolling.

Wouldn't that pretty much put all the nails in the coffin for /.?

I'd estimate that at least 50% of the posts on this over-rated, bloated BLOG (That's all what /. really is - a BLOG) are some form of troll posted by anti-Microsoft bigots, another 10% being genuine, intelligent discussion, another 10% falling into the category of "How to keep yourself from getting screwed by The Government when you're doing something illegal", and the remaining 30% just being absolutely clueless.

ScottKin

Re:In other news...

[FunkSoulBrother]

please don't use that term. Feel free to tear into slashdot however you like, but please don't perpetuate the use of the term "blog" for "web log."

Degredation of a computer system?

[restauff]

Every time I download a big movie or file from a fast server, I cause degredation to my connection, and so my computer system. How does one define at what point it is intentional, and at what point serious damage is done to the system?

Re:Degredation of a computer system?

[Boss,+Pointy+Haired]

In the same way that me bumping into you in a crowded street by accident does not constitute an assault, whereas me hitting you does.

How hard I hit you is kind of irrelevant, but is of course a factor in assigning punishment.

Re:Degredation of a computer system?

[Ooblek]

Doing so in the act of self-gratification probably doesn't apply.

Re:Degredation of a computer system?

[SirSlud]

Probably when it can be proven that the act was to intentionally degrade service, not to download a file.

Re:Degredation of a computer system?

[Have+Blue]

If the system cannot recover without human intervention (whether that intervention is by reconfiguration, rebooting, or the script kiddie clicking the "stop ddos" button).

Re:Degredation of a computer system?

[taernim]

It's all a big plot by the MPAA & RIAA to stop the P2P networks! :P

Re:Degredation of a computer system?

[fain]

..except that as cited above, nothing is mentioned about requiring intent. It could in that way actually be seen as corresponding to me bumping into you in a crowded street indeed constituting assault.

Re:Degredation of a computer system?

[Dwonis]

Doesn't the UK still have "common law" that would cover stuff like this?

Slashdot is in trouble...

[dubiousmike]

...now that they have posted a link to the bill.

Watch as the Parliament's website chokes to a halt.

Re:Slashdot is in trouble...

[dubiousmike]

why did I get the one ass that will mod me down for a redudndant post when most threads on Slahdot are FULL of redundant posts.

Oh great, now I'm going to be modded for flaming.

;^(

UK vs US?

[dillon_rinker]

So when the RIAA kills a file-sharing server in Scotland because US law specifically permits it, and when they are indicted because UK law specifically outlaws it, whose national sovereignty will be degraded?

Re:UK vs US?

[huh_]

So when the RIAA kills a file-sharing server in Scotland because US law specifically permits it, and when they are indicted because UK law specifically outlaws it, whose national sovereignty will be degraded?

Thats a stupid question. US law prevails over all others.

Re:UK vs US?

[Martin+Spamer]

So when the RIAA kills a file-sharing server in Scotland because US law specifically permits it

Decriminalisation in not the same as specifically permiting something.

whose national sovereignty will be degraded?

Neither, since crime would be committed in the UK and the USA/UK have a extradiction treaty. The the Individual would be etradited, tried and imprisoned in the UK.

Though the idea of sticking one on the RIAA (or MPA) is appealing. This is not really a good idea. It would be the geek on trial not the people that gave the orders. I'm not so keen on my taxes being used to finance a nice break at some home counties open prison.

Re:UK vs US?

[Catroaster]

The case would be heard in a British court (probably the High Court for an offence of that magnitude), and the RIAA could not claim the US law as a defence. The person who committed the act would probably be extradited to Britain to face trial under the terms of the extradition treaty.

Catroaster.

Re:UK vs US?

[Thud457]

Nah, Bush II would just send in the Marines for an extraction.
(That is, if the alledged DoS'er worked for the RIAA. He probably wouldn't bother for some anti WTO protester.)

Re:UK vs US?

You know, in the U.S. corporations are considered "natural persons". The U.S. Supreme Court came up with that back in the 1800s, so corporations could own property, enter into contracts, etc.

But that implies that corporations can also be extridited, vote, hold public office, and be imprisioned for criminal acts. I'm just waiting for one of these to come up.

Re:UK vs US?

the idea of sticking one on the RIAA (or MPA) is appealing...It would be the geek on trial

I doubt geeks have anything to do with the RIAA. Henchmen maybe, terrorists perhaps, rapists maybe, pirates yes, but geeks? No, geeks just don't mix with the RIAA.

Re:UK vs US?

OK, I might be accused of being hard-hearted here, but if a geek works for the RIAA, they deserve what they get.

Re:UK vs US?

You know, in the U.S. corporations are considered "natural persons".

No, they are considered corporate persons.

Re:UK vs US?

[kfishy]

Not really. Since it is a criminal law, the RIAA can also be charged as an "accessory before the fact" to the actions of that person, even though it has not committed the actual offence.

Re:UK vs US?

[csmiller]

Except you can only get extradited if the crime you commited *is* a crime in the country you are being extradited from, and you will not be punished more severly in the extraditing country. (Or at least extradition can not be refused in these cases, given reasonable evidence)
For example, most of the EU refuses to extradite suspected murders to the US, unless the US says it will not seek the death sentance. (It is a condition of EU membership to renounce the death penalty)
Simce crashing a P2P server is not a crime in the US, then the US authorites can (and probably will) refuse the extradition.

Re:UK vs US?

[Fembot]

and did anyone else notice that new EU arrest warrent which means you can be extradited anywhere in the EU automaticaly even if it isnt a crime where you were arrested.

So does this mean the RIAA can be nailed?

[PeterMiller]

It's ironic that this story was just posted earlier. Quick, move all your P2P servers to the UK, you'll be safe from the RIAA!

Re:So does this mean the RIAA can be nailed?

[Per+Wigren]

...P2P servers...

Duh...

Re:So does this mean the RIAA can be nailed?

[ralphie98]

I don't really understand where everybody is getting this idea that RIAA is trying to launch a DOS on p2p users. From what I could tell from actually READING the article from the Washington Post they don't seem to be launching a DOS attack... just merely throwing a bunch of corrupt files and such. I don't think that doing that is going to be denying anybody any service... just making them search longer to get the latest Eminem cd.
So what I'm trying to say is I don't think that this proposal by Berman would conflict with the UK law, IMHO.

Re:So does this mean the RIAA can be nailed?

[Dalcius]

Putting decoy files denies service to those who are attempting to download real files (even non-copyrighted ones). That, by definition, is a DoS attack.

By common meaning, it probably isn't a DoS, but I'm not an expert on the issue.

However, it does fit the UK bill's "impairment of a function," the function being to download a legit file.

RIAA and MPAA exempted?

[gmhowell]

Are the RIAA and MPAA exempted from this law?

Just curious.

Re:RIAA and MPAA exempted?

[hplasm]

Hell no! The PM supports rave culture and has the biggest P2P server in London - second only to the one Prince Harry is putting together. That's what this Bill is all about ;->

so..

[bo0push3r]

does this mean that RIAA and company will have to back off of this P2P-DoS madness?

Cool I can sue microsoft

[linzeal]

"'degradation, failure or other impairment of function of a computerised system"

Seriously when will software vendors and hardware vendors that sell thei products (not cue cat or linux) be responsible in part for system instabilities?

Re:Cool I can sue microsoft

[Thud457]

I really liked the way you condemned by assoiation "::Que::Cat" and "Linux" as both giving away their products.
And in a totally irrelevant OT comment.

See children, there's how a refined adult trolls it.

Re:Cool I can sue microsoft

Damn, I always thought the Blue Screen O' Death was actually a feature of Windows...

What about Microsoft service packs?

[geophile]

I have nothing else to say on this. Thank you.

(-1 Redundant)

[gmhowell]

Yeah, yeah. Was too slow on the uptake.

slashdotted

[Jacer]

I don't think that counts, because we don't have any malicious intent. We just want to read the news which they have chosen to make available, so what if a bunch of people want to do it at once, with or without slashdot's help. But if some vengeful geek were to post a my website hosted on my cable modem in an effort to kill my connection, then I might get pissy.

Re:slashdotted

[jeffy124]

prior to slashdot's existance, the phrase "flash crowd" was used.

It was the title of a sci-fi short story years ago, in an age where teleportation exists and some major event occurs, causing people from all over teleport themselves to the event, causing a large crowd to appear, only to disappear after the event was over.

In the computing sense, it referred to legit cases of denial-of-service. For example, a "flash crowd" occured on 9/11 when MSNBC.com, CNN.com, etc, were all overloaded with connections from people seeking info on what was going on.

Re:slashdotted

[Graspee_Leemoor]

FYI the author was Larry Niven.

graspee

Re:slashdotted

Ah that day, that was an interesting (in the Chinese sense?) day. cnn.com and other news servers was down, at work I was able to go to an Australian website to see some more pics of what had happened, they were still up because most of Australia (not the keepers of that website, obviously) were probably asleep at that moment.

Blast it all

[The_Shadows]

> It states that a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system.'"

If they changed the wording just a little bit it would make Spammers face charges.

Of course, the whole impairment bit would make Microsoft criminals too. You know, I mean more so. Actually, isn't Windows XP designed to impair system preformance, forcing a hardware upgrade? Hmmmm....

Later.

Re:Blast it all

[Martin+Spamer]

If they changed the wording just a little bit it would make Spammers face charges.

Unsolicited Bulk Email is almost certainly illegal (though untested) under the Section 1 of the Computer Misuse Act 1990 if sending or receipt of UCE is against your AUP/TOS. Any unauthorised access to a computer is illegal under the Computer Misuse Act Section 1.

The problem is enforcement, the Police seem to have neither the inclination nor ability to enforce it.

---
1.--(1) A person is guilty of an offence if--
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that is the case.
(2) The intent a person has to have to commit an offence under this section need not be directed at--
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
---

http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900 01 8_en_1.htm

Re:English law

[z_gringo]

Has anything technologically(sp?) come out of the UK since WWII? Perhaps so, but its difficult to recall.

Should read: Has anything technologically(sp?) signifcant come out of the UK since WWII? Perhaps so, but its difficult to recall.

And what about unwanted DoS?

[SavingPrivateNawak]

For instance, if I send an email with my beta 133t mailer program to a buggy server (let's say a Lotus server) that crashes upon receiving my mail, am I liable for the DoS that other users will perceive?

So by this...

[MarvinMouse]

Will the slashdot effect be officially illegal in Britian.

I remember one person telling me that the Slashdot effect is the only legal DoS attack. :-) I guess that'll change.

So, which will it be?

[peterdaly]

All in one day, one county considering making DOS's legal (for P2P networks), one county trying to ban the practice.

Interesting.

-Pete

Re:So, which will it be?

All in one day, one county considering making DOS's legal (for P2P networks), one county trying to ban the practice.

I know US-izens keep thinking that there isn't much else in the world apart from the US, but the UK isn't yet a county of the US as far as I know...

(Score:-1, Flaimbait)

wtf?!?!

[rice_burners_suck]

now lemme get this straight... california wants to allow dos attacks, uk wants to ban dos attacks... where the hell is the damn consistency, damn it?! the fuckin' internet spans the whole fuckin' globe. so i think it shouldn't be governed at all!!!!!!111111 cuz no government agency could do the job, because everyone in government is stupid!!!!!!11111111 yeah, they can govern the sale of cabbage fine, but when it comes to cool things like internet, those jackasses in government are a bunch of boring old farts with gray hair and tires around their bellies and all they care about is fucking over every single person in the world in order to cater to the needs of huge fucking multinational corporations that want to implement the Mark of the Beast and turn us all to shit. because as the constitution says, "We the Corporations of the United States, in order to form a more perfect system of eternal perpetually increasing profits, hereby ordain and establish this Constitution..."

Ugly Site

[alta]

I think the house of Lords gets the prize for worlds ugliest govenment website. Maybe I should say that cause there are some other pretty ugly sites out there!

Re:Ugly Site

[GigsVT]

That way it matches the women. Hey at least the brits are coordinated.

Re:Ugly Site

it's a simple, functional and elegant design - if it wern't for the PDFs it would be perfectly usable in lynx & links. Nice to see the gov here in the UK can get something right.

umm....

: a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised syste.'"

Does that include installing Windows?

The obvious solution

[peterdaly]

I guess the US p2p users will have to setup anonymous reflectors in the UK. Ya gotta love the global age we live in!

-Pete

English Law

[Jucius+Maximus]

In other news, it is still legal in Chechire (Chester) England to shoot, with a crossbow, any Welsh person, as long as you do it inside the city walls after 11 PM.

(don't ask me for a reference, I found it on a 'Stupid Laws' page that has subsequently shut down)

silly

[tps12]

DOSing is just another (admittedly mean) use for the computer. The fact that TCP/IP is built in a way that allows DOS attacks is no reason to try to control what free citizens do with their legally obtained computers.

Re:silly

[DarkMan]

Apply your argument to fire arms.

Murder is just another admittedly mean) use for the computer. The fact that guns are ilt in a way that allows murder is no reason to try to control what free citizens do with their legally obtained firearms.

Your argument seems to be based on because it is possible, is should be legal - which is anarchy.

Re:silly

[tps12]

Try again. The correct analogy is:

Murder is just another (admittedly mean) use for the computer. The fact that laws are built in a way that allows murder is no reason to try to control what free citizens do with their legally obtained firearms.

The solution in this hypothetical society with no murder laws, is to change the laws so that they don't permit murder. Likewise, we should change the prevailing network protocol (TCP/IP) so that it does not permit DOS attacks.

Microsoft would be guilty

[rickthewizkid]

I put Windows on my computer and it "impaired my performance" ... in more ways than one... :)

Seriously, would this law apply only to activities over the Internet, or would it also apply to software vendors as well?

-Rick

This is very good.

[tshak]

This is very good - I mean consider all of the damage that DOS could do to your machine. It's insecure, lacks multitasking, and requires users to configure EMM386 and HIMEM.SYS just to play Doom. Let's just hope that bin Laden doesn't have the technology available to perform a DOS install/attack on all of our machines.

Re:This is very good.

[Dwedit]

You don't need EMM386 to play Doom because Doom uses the DOS4GW memory manager, which uses XMS, not EMS.

Might have been better kept quiet

[andyh-london]

I noticed this draft a few weeks ago and thought about posting it here. Then I thought it might be better if Microsoft and the like did _not_ here about it until it became law.
As it is they'll try and get it amended so they don't get prosecuted for keeping on changing systems to keep Linux/Unix incompatability.

Andy

Re:Might have been better kept quiet

[ScottKin]

Excuse me?

"Linux/Unix" incompatability?

Let me try to figure this out...

Are you meaning:

1) Linux and Unix are incompatable with each other.

or,

2) Linux and Unix are incompatable with Microsoft Operating Systems.

Case #1 - You're an utter idiot and need to be flooged with CAT5 cable.

Case #2 - You're an even BIGGER idiot than what was defined in Case #1, because Microsoft does not have to support *nix OS'es if they don't want to.

To sum things up:

If you want to run Windows Apps in a stable and reliable manner, GO INSTALL WINDOWS ON YOUR EFFING BOX!

'nuff said!

ScottKin

Re:Might have been better kept quiet

[Dalcius]

Thanks for sharing your genius with us, ScottKin.

You don't have to be dumb to be an arsehole. Soften up the tone, please? ::sigh::

Re:MS is in trouble

[tomhudson]

Yeah, their products manage to suck and blow at the same time.

Responsibility

[plastic_heaven]

What happens if someone has 'hacked' your machine and used it to cause a DOS attack? Are you going to be held responsible as well?

Re:Responsibility

If someone steals your car and uses it to kill someone, is car owner responsible? Problem is that most people notice if their car gets lost, but too many people have no idea that their computer is zombie in DDOS - and those zombie-programs could be worms. I don't think that you can be responsible if your computer is hacked and used as a weapon in electric vandalism or if automatic worm infects your computer.
But yeah... it should be illegal to use insecure operating system / leave your car doors open...

Re:Responsibility

[Dalcius]

I was going to say...

I'm having problems finding an analogy, but wouldn't it be at least half way concieveable to hold Microsoft responsible for negligance regarding security holes?

...and I mean this honestly, don't -1 troll me because you automatically assume any comment about MS is retarded.

Re:English law

*yawn* Yet another yank that thinks the US invented everything...

fuck you all

i hate you all

Re:fuck you all

[ScottKin]

Whoops!

Looks like someone installed Windows on his Linux machine, and he feels that everyone here lied to him, because contrary to all of the anti-Microsoft propaganda regularly spewed-forth on /. his system runs perfectly.

Now - let's watch and see how the Modeation Nazi's work with this post - will they mod it down because It's anti-Linux, will they mod it down because it's pro-Microsoft, or will just leave it where it is?

Your guess is as good as mine.

ScottKin

Re:fuck you all

[Dalcius]

Posting meaningless drivel complaining about MS bashing doesn't make you any better.

Note, I'm not complaining (I don't care =P), I'm raising an issue that Scott here might kindly take a look at amidst his critisizm of others.

What about accidental DOS?

What about software like Lotus Domino that can be caused to DOS itself if not properly configured? Should people testing for open relays be held accountable?

Re:What about accidental DOS?

[dunkerz]

The law says that you can be charged if you so much as *anticipate* that using a program will cause a DoS. If it's a total accident, you're fine.

Re:What about accidental DOS?

But if you know it's a Domino server and you test anyways? It seems like this law can be used by sysadmins to protect themselves from testing.

Re:What about accidental DOS?

[ralico]

So its rather like a thought crime, eh? If you think it may happen then you are liable, but if you don't think it will happen, then you are not?

Re:What about accidental DOS?

[dunkerz]

OMG.. good point. Thinking certain thoughts is a crime.

f*ucking hell....

Fun with the law...

[rocjoe71]

...by the way it sounds, you *could* apply this law against virus writers and maybe even spammers too.

Of course, there's still the "burden-of-proof", even in the case of spammers, but it would be nice to think there's a law that makes them vulnerable.

Re:Fun with the law...

[Moonshadow]

Not a bad idea. I mean, downloading that 4k spam degrades my connection. Granted, not by very much, but it's still degraded.

By this logic, ANY communication over the net could be construed as a violation of this bill. You only have so much bandwidth, and the consumption of it will certainly degrade the connection. This is a very dangerous piece of legislation. It could have its uses, but it could be so broadly interpreted DMCA-style to make any Internet-using person a felon.

On the upside, I'm gonna set up an open relay in the UK and send any spammer that uses it (thereby degrading my connection and system performance) to jail.

Re:Fun with the law...

[rocjoe71]

I mean, downloading that 4k spam degrades my connection.

Sure, an eensy-weensy 4k is no trouble for me, but what about the ISP that actually runs and maintains a POP server and a great deal of their clients are getting spammed?

I agree, any communication can be construed as a violaiton but most laws can only be applied if the _intent_ is prooved too.

Ergo (ooo! lookit me talking lawyer-speak!), if the spammer intends to send as many emails as possible to as many people as possible thereby sucking up bandwidth for honest consumers of bandwidth, then failure to recognize the impact this has on said 'honest consumers' would be negligence, hence they could be punished to the extent of this law.

Now aren't we having fun?

Just copyright it.

[High+Jumbllama]

Just copyright denial of service attacks. Everyone knows copyright law is more powerful anyway.

Re:English law

I agree with you about BT and the railways, but the UK laws on broadcast television are excellent. Where else does the government harness the hordes of slack-jawed couch potatoes slumped in front of their televisions in order to fund the development and broadcast of freely available cutting edge radio programmes to entertain those who have things to do with their lives?

Re:(-2)

We can see it's redundant, dumbass. By telling us so, you are being, well, redundant.

The slashdot effect !

[Joel+Ironstone]

. . .if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system.'"

Everyday some random Joe Schmoe's sight is degraded and impaired by a barrage of requests from a slashdot article.

Re:The slashdot effect !

I believe you mean "site," you god damn moron.

Re:The slashdot effect !

[Etcetera]

Everyday some random Joe Schmoe's sight is degraded and impaired by a barrage of requests from a slashdot article.

Maybe if Mr. Schmoe is playing some sort of drinking game related to network traffic or something....

Re:The slashdot effect !

Who is the Lone Ranger?

Will this create a similar catchnet as......

[VirtualUK]

.....before the computer misuse act, the most common way to prosecute someone for something like that was under an law which related to stealing electricity. Could this law be used to prosecute hackers who it could be claimed have degraded the system's performance merely by logging in, or even portscanning by causing the target machine to do something it wasn't scheduled to do?

Re:Will this create a similar catchnet as......

[pinny20]

Under the current Computer Misuse Act it is illegal to attempt to login to a system you have no authorisation to access. Portscanning is also illegal if you have no authorisation to do it.

And remember the Computer Misuse Act is a piece of criminal law - up to a maximum of 4 years in prison I believe.

Re:Will this create a similar catchnet as......

[AndrewRUK]

Unauthorised access carries a maximum of six months and/or a fine.
Unauthorised access "with intent to commit or facilitate commission of further offences", or unauthorised modification, can get you up to five years and/or a larger fine.

Pop-Ups?

[Blue+Stone]

'degradation, failure or other impairment of function of a computerised system.'
Does this mean that action will be taken against sites which load unwanted pop-up windows, which I don't request, that sucks up my already limited dial-up bandwidth?
And when my computer resources are low, and a site launches a couple of pop-ups, and freezes my comp, will that be included in the definition, also?
I do hope so.

Re:English law

[cruachan]

What do you expect? That's what hollywood tells them to think.

SPAM == DOS

[RichMan]

So will SPAM creators be targetable under the provisions? Massive amounts of email can easily be shown to take up CPU memory and processor time as well as all the messages consuming disk space. A small system can easily be overloaded by SPAM, so SPAM is clearly a source of degradation and impairment of function of the computer. Simply filling up an inbox on a system can prevent access to other mail and is demonstratable as denial of service.
SPAM is sent deliberatly with knowledge of the load affects.

Re:SPAM == DOS

[Quimo]

Spam creators would be a target under this technically but then again so would the editors of slashdot.

Section 2 states that they are guilty of a DOS attack if a reasonable person could have anticipated the DOS would result.

Sending huge volumes of email through someone's email server. It sounds reasonable to me that it may degrade performance.

Posting a link on Slashdot and sending hundreds of people to a web site. It sounds reasonable to me that it may degrade performance. The only question is of permission. Is posting a web server on the net giving me an implied permission to link to it.

Criminal Law not Civil Law

[Martin+Spamer]

The Computer Misuse act is criminal law not civil law anybody breaking goes to Prison.

Re:Criminal Law not Civil Law

[DeltaSigma]

Just as well.

Thanks for informing me of this.

Hang on

[Rogerborg]

Feel free to mod this as funny or troll, but I am perfectly serious. I like this bill: it's pithy, addresses a real problem, and is neither too narrow nor too broad. However, it occurs to me that the wording could be applied to writing a piece of buggy software.

"A person is guilty of an offence if without authorisation he does any act which causes directly or indirectly a degradation, failure, or other impairment or function of a computerised system or any part thereof. A person is guilty of the offence [...] even if the act was not intended to cause such an effect, provided that a reasonable person could have anticipated that the act would have caused such an effect. [...] the act is without authorisation if the person doing it does not have the permission of the owner [of the relevant computerised system or part thereof]."

So, I write a piece of code with a memory scribbler in it, say passing an unitialised pointer to memcpy(). The "act" is my typing of that specific line of code. Any reasonable person would anticipate that act would cause a degradation or failure on a system. Note: "a" system, not "my" system. I didn't intend it to cause failure, but I should (reasonably) have realised it would. And once I distribute the code, the damage is caused on many systems, none of which are owned by people who gave me permission (explicitely or even implicitely) to perform the "act", i.e. write that scribbler.

I'm certainly stretching a point, but my scenario satisfies the letter (if not the spirit) of the law. There's already a concept of criminal negligence; this would just be a specific case of it. The part that makes me pause is that the offence is caused by the individual coder, not by her employer.

So while this probably will never effect me, it gives me a little more incentive to make sure that I lint every line that I write, and damn the deadline. But hey, on balance that's a good thing, right? ;-)

Re:Hang on

[WolfDeusEx]

The act of writing would not be the act that case the degradation of their computer system. The running of that code is.

Therefore by installing your software they did grant permission for that code to be run on their machine.

What is more intressting is this is one more stick to beat virus writers with. As by writing a virus and releasing that code is been run on machines with out permission and causing degradation to computers/networks not owned by the virus writer.

Re:Hang on

[Huge+Pi+Removal]

I think the weak link in the chain of your argument is that the end user wouldn't have given you permission to write that scribbler.

As long as you provided the software "as is", the user has *chosen* to run your software, and hence implicitly given you "permission". Now I know that it gets tricky, since one may consider that they only wanted to run the bit of the software that *works*, but if that's the case, well, surely the Flight Sim in MS Word, etc, can count as something that "degrades system performance" (uses up disk space, not the best example but you know what I mean...)?

Re:MS is in trouble

[Budgreen]

sure, but do they swallow?

What a difference...

[huddles]

Top story on Slashdot:
Your Rights Online: UK Parliament to ban DoS Attacks

Earlier on Slashdot:
Your Rights Online: Legalizing Attacks on P2P Networks

Yup, makes me PROUD to be an American, you bet!

Joe

poorly written law.

[Lumpy]

I cant read it as it is currently having an intentional degradation of access.

If the law does not specifically single out INTENTIONAL DoS attack and list accidental as a hold-harmless then the law is really really bad.

you can instantly DoS any network by plugging a switch into it's self or another switch that is connected back to that one and letting one piece of broadcast traffic flow (create a resonance in essence). and many other accidental things (Oops, I broke a Fiber run in the street with my backhoe.. will I be charged with multiple counts of this offense as I just disrupted many many persons/companies/etc...

if it isnt specific that it only covers INTENTIONAL acts then it needs to be thrown out now.

Re:poorly written law.

[WolfDeusEx]

You would not be charged as braking a fiber that ran under you street would be non itentional and a reasonal person would not be expected to know where different wires/fibers/cables/pipes and such are under the street. Also a reason person would expect these lines to be a deep engough level that digging would not cause this problem.

Re:poorly written law.

Did you even read the law, jackass?

Re:poorly written law.

hey dipshit... read the very first sentence in the parent post...

Gawd you teenagers are fricking stupid today.

Re:poorly written law.

[Lumpy]

Ahh but that's the problem... when it comes to laws and lawyers reason is thrown directly out the window, shot and then sacked. reason, logic and truth have no place in the court room. I have seen people sued by a person that robbed them because they stepped on fluffy and broke their arm after breaking and entering. and if the law doesnt specifically mention that it has to be completely intentional so jackass will try and sue/incarcerate some dolt that ran over a fiber node, claiming that their destruction of the fiber node during the car crash constitutes a Denial Of Service attack.

remember, this stuff happens, and it will happen if the law wasnt written to protect the people from the lawyers.

Let's hope they can get some people with this

[colmore]

Man I hate DoS attacks. Hacking is one of those crimes I can't help but quietly cheer. Like graffiti and car chases, I find my self, for no good reason, quietly behind the bad guys. But DoS is the exception. It takes no skill and no talent. It isn't cool, it's just lame.

You hear that, kids? You are *lame*

Re:Let's hope they can get some people with this

(off-topic moderation comment)

that's funny, this is the first "underrated" I've gotten since I started posting at +1.

random criminals?

[forand]

The post say that the bill "states that a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system." Isn't that a little open ended? What if someone, call him bob, uses a trojan to use someone, call him fred, elses computer to perform a DoS attack? could the person whos computer was used be a criminal? It seems like intent should be part of the crime. Another situation: fred goes to a site that is poorly run and opens a few windows at once but the system is already so messed up he causes a DoS by triping some M$ database error, is fred responsible for that? It seems like there should be a catch to stop fred from getting screwed by a stupid company. Just my 2 cents

Re:random criminals?

With regards to the first scenario, if fred can show the posibility that someone else was using his system to carry out the attack he'd be OK (assuming presumption of innocence works the same way in the UK as it does here).

The second situation is more interesting, because fred would have to prove that he could not have resonably known that his actions would cause a DoS. If poor site design is the culprit that should be fairly easy (get some one to recreate the site using proper design and try to reproduce the unintended attack), but if a bug in the database server was the problem fred would be USCW/OP ( Up Sh*t Creek with out a Paddle).

Dynamic IP address and websites?

[Tenebrious1]

So if you have website connected to your DSL, and the ISP changes the dynamic IP address... your site is down for 20 minutes while it contacts the dynamic dns service with the updated IP. Your site is down, your email is down, they've forced a denial of service on your website.

Does that count? It was intentional. It most certainly caused failure of service to your website. Any reasonable person with the knowlege of how DNS works could tell you a new IP will distrupt traffic. So will ISPs be forced to give out static IP addresses to anyone who asks?

Re:Dynamic IP address and websites?

Doesn't really apply in the UK, most decent ISPs give you static IP for ADSL anyway here. And it's not even all that hard to get hold of a /29.

Re:English law

the hovercraft, for example

Re:First Criminals; This is *NOT* funny

[lingqi]

Read the damn file! it reads:

A person is guilty of the offence in subsection (1)(a) even if the act was not intended to cause such an effect, provided that a reasonable person could have anticipated that the act would have caused such an effect.

this means no more posting of links on slashdot linking to UK sites lest Taco becomes an international criminal.

somebody in UK, please write your queen about this.

Thank god!

[HowlinMad]

Now that they are banned, they won't happen anymore. Hey look, is that a flying pig?

What about load testing?

I assume there is an exclusion for internal load testing of systems, a common practice in any decent sized enterprise?

5p4m

[Citizen+of+Earth]

'degradation, failure or other impairment of function of a computerised system'

This definition obviously includes spam. Excellent.

Underground DOS Users.

[lionchild]

I suppose now that DOS has been banned, there will be underground DOS user groups popping up, and the need for new chalking for them to know where they should go, and when to meet. A whole new realm of ancient users staring at white text on a black screen in basements, closets, back alleys..far from the prying eye of those who would ban their sacred DOS.

Of course our friends and MicroSoft will be the ones looking closely at this ban. Because they'll want to insure you're upholding the EULA for that version of DOS you're using illegally. They want their cut of the action too!

UDUG, unite!

so just move the p2p stuff...

...over the the uk. then if the us decides to allow dos attacks on p2p networks, it will be illegal. :-D

oops

[tps12]

I made the same mistake you did, typing "computer" when I meant "gun."

Re:oops

It's not a typo.

You could quite easily kill a person with a computer, if you dropped it on them from a great height.

You could then argue, by your arguments, that since this was just another use for the computer, that we should not be outlawing murder, we should simply be making changes to the computers' designs that would make it impossible to drop them from a great height.

Or maybe we should just outlaw both murder and DOSing, since they are both things that hurt people that it is possible to do with computers.

Re:oops

[GigsVT]

Man, you're full of shit anyway, there is no obligation to design things to prevent people from comitting crimes with them. Sure, it helps if we can come up with a technological solution rather than a legal one, but that's not always feasible.

The only problem with this law is that it's possibly overbroad, other than that, even as a Libertarian, I don't have a problem with it.

Re:English Law

[Malc]

"Chechire (Chester)"

Would that be Chester in the county of Cheshire? Perhaps "Chechire" is a middle English name, or older, that doesn't exist anymore.

DBAs' dream!

[MattRog]

Now we can finally get rid of pesky users that cause table scans and lock up our applications by eating CPU! Huzzah for this amazing piece of legislation!

Reasonable person

[Malc]

"provided that a reasonable person could have anticipated that the act would have caused such an effect"

This is what I like about many English laws: they put it into the perspective of a reasonable person. Do other countries use this kind of wording? Some of the crazy law suits coming out the US suggest not!

Re:English Law

[nicklott]

In case anyone cares: it's here

Wrong.

[r_j_prahad]

It'll be Rep. Howard Berman of California and Hilary Rosen of the RIAA.

TROLL ALERT!

[ScottKin]

Again, the brain-dead meta-moderators or the /. Moderation Nazi's mod-up a TROLL!

There must be some nice php code running here now to automatically up-mod any Anti-Microsoft post, regardless if it's a LAME-ASSED TROLL or not.

'nuff said!

ScottKin

P2P in UK?

[noxavior]

Well, how about this? This is great news considering that the States want to attack the P2P networks . Now the P2P networks will have a place to hide, because it will prove to be challenging to selectively remove the USA users, while avoiding those in the UK.

All in all, great news

Re:P2P in UK?

[Frobnicator]

Especially great because the US and UK have so many treaties, such a thing would surely violate one of them.

We need this to pass through Parliment, then get some people in the UK on the P2P networks who can afford the lawsuits and bandwidth.

Microsoft Visual Studio contains DoS utilities

[kyoko21]

Visual Studio .net Architecture edition comes with a tool that is able to perform load test which can see how fast a website can respond. If misused, this utility can be used as an DoS tool... would this fall under this law?

Re:Microsoft Visual Studio contains DoS utilities

[GeekWithGuns]

Yes using this tool on a website that is not yours would fall under this law, but this law does not seem to have any provisions for possession of the tools. Laws like that are stupid anyway. Just because I have X does not mean that I will use X to commit to hurt someone or something else.

What about Tarpits?

It seems on first impression that the wording of this bill would also forbid the practice of "tarpitting", in which a server deliberately slows its response to a client connecting to it, usually to discourage spammers and portscanners.

Re:English law

[z_gringo]

Well, the requirement for a license to watch TV give me a bit of a problem. Of course the Moderators have spoken... I cant believe that post hit -1... oh well....

kazaa

[dextr0us]

Note to self, move kazaa network to UK, without telling RIAA. Then, when they DoS, shut them down!

Not awkward country?

"It seems that the UK government is not as technologically withdrawn as you may think."

Funny how you put it. We in Finland have had that law for almost 20 years now. Originally for protecting telecommunications, but used for computer crimes alike.

Re:First Criminals; This is *NOT* funny

[antientropic]

Read on:

the act is without authorisation if the person doing it [...] does not have the permission of the owner

If you operate a public webserver you implicitly authorise Internet users to connect to it. A slashdotting is just a group of people doing something that has been authorised by the operator of the server, even if it is a very large group of people.

could be any use

[BigGar']

It seems to me that this could apply to any use of a network legit or not. if one person is surfing the web and using his connection for email the email performance is degraded slightly by the web traffic and vice versa. Since it doesn't appear that any limits are give as to how much degradation must happen before this law could be invoked any use of a network in criminal. It's a stretch sure, but when has that been a problem for lawyers?

Re:could be any use

[BigGar']

Ok, I went back and actually read the bill.
If you own the network in question or have authorization to use the network then it's use is not a crime.

DOS != popularity

[RichMan]

Putting a site on the web invites every net appliance in the universe to connect to it. The web is a set of paths connecting gardens, people are allowed to wander anywhere. If you don't want the network world to connect to a port on your device you fire wall it.

This is different from targeted DOS where someone deliberatly sends many requests at a single port. Everyone is allowed to wander through an open garden gate. Occasionally we can expect a popular garden to get full. Driving a tank over the gate and destroying the garden is bad.

Spam to be banned in Europe anyway

[Gerald_Hlasgow]

A number of people have mused whether this bill could be applied to spam, this would seem to be a moot point as according to the register The European Parliament has voted to ban the sending of unsolicited commercial email.

Re:First Criminals; This is *NOT* funny

[ethereal]

Yeah, I agree with that, but on the other hand that argument has been somewhat unconvincing when it comes to "deep linking" court cases. Your reasoning seems sound to me, but I think we'll need a few court rulings that public web servers do implicitly authorize all access before I feel too comfortable.

Last post

Lost Post!

Using an OS that easily contributes to a DOS attac

[natefaerber]

What about using an Operating System that you know (and the authors know) has several security problems such that your computer could be easily used in a DOS attack simply by reading an email on said Operating System's default Email Client?

"It was not my intention but I did know it could happen".

Does this mean AV software is mandated by law?

could this negate the earlier article for p2p DoS

[Monofilament]

Well.. I wonder how this could effect california's plan make DoS's of p2p networks legal.. like say the RIAA makes a DoS on kazaa and blows away a bunch of connections in britain.. I see WAR!!!!!!!!!!!

Re:English Law

[DJNW]

Also, when I took a tour of York, (abou 4/5 years ago,dunno if it's still true)it was still legal to take your thrash your wife at whipmawhopmagate. there was this big wooden....thingey for tying 'em to then...

Re:English Law

[Cryptnotic]

Is it legal to do it to an ex-girlfriend?

The Innocent are easier to catch & will be tri

[WeeGadget]

A malicious DOS fiend will cover his tracks and will not be found.

Frustrated Law Enforcers who can't get the guy they want, will get the guy they can.

A lack of criminal convictions shows incompetence, but fortunately, enough innocents will fall into this vaguely worded trap to keep the trials rolling at a fair clip.

Re:(-2)

[Cryptnotic]

You too are being a dumbass.

Re:First Criminals; This is *NOT* funny

[Cynikal]

"provided that a reasonable person could have anticipated that the act would have caused such an effect."

so all those idiots who open exe attachments and get infected with klez or whatever and cause a degradation of mail service are now *criminaly* stupid? i'd love to see that stick

UCITA vs. England

[DaveAtFraud]

This should make it illegal for someone to include what UCITA (Uniform Computer Information Transactions Act) calls "electronic remedies", sell the product in England and then use the electronic remedy to disable the product. Here's a link to the Inforworld site that has more information about UCITA.

Not the UK Government

[RvonG]

The Earl of Northesk who has introduced this Bill is a Conservative peer, and so this is not a Government Bill.
For better or worse it is therefore most unlikely to become law, especially so close to the end of the Parliamentary year. Though if the UK Government notice that there is support for it, they could decide to introduce their own Bill next session, I suppose.

our government is technologicly withdrawn?

[fatgraham]

have you not seen john livingstones website? www.e-brownpaperbag.co.uk

UK to ban RIAA endorsed attacks...

[wolf-]

This ought to be an interesting international incident...

Re:UK to ban RIAA endorsed attacks...

[Tim+C]

Not really.

George will talk to Tony, and everything will be smoothed over.

Trust me, the UK parliament is so nearly an American lap dog you'd swear it was wagging at times.

Cheers,

Tim
(UK citizen, born and bred)

Hmmm

[retro128]

It states that a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system.'"

*insert Microsoft joke here*

What About Windows?

[Phloyd]

Wouldn't this indict Microsoft. I think it could be effectively argued that Windows causes "degradation, failure or other impairment of function of a computerised system."

Re:What About Windows?

[DaleEMoore]

So would everyone that installed Windows have to be locked up?

Re:What About Windows?

[mrBen]

They're computers are, so why shouldn't they be ;o)

Re:English Law

You are still allowed to shot a Scotsman with a bow and arrow from the walls of the city of York.

There are lots of dumb laws. In London, for example, taxi drivers should carry a bail of hay at all times.

Eh ... no

[00_NOP]

This is not a Government Bill - so has no real chance of getting passed - especially as it has been introduced so late in the session. I don't think it's even had a 2nd Reading debate.

Nice try, guys. But you need to update yourselves on the UK constitution.

Re:Eh ... no

[plaidfishes]

What UK constitution? They don't have one.

Re:Eh ... no

[Bill_Mische]

But we do have: Common Law, Royal Perogative, Magna Carta, the Bill of Rights, the Act of Union, the Parliment Acts, the Act of Westminster etc. etc. Basically our constitution is less cathedral and more bizzarre.

Re:Eh ... no

[gfreeman]

Legally, we do not. You may think that Common Law, Royal Perogative, Magna Carta, the Bill of Rights, the Act of Union, the Parliment Acts, the Act of Westminster etc. etc. could be called a "constitution", but as a single written legal document, there is no such beast.

Not having a constitution is not the end of the world, indeed many see it as a good thing. Would you rather have a list of things you are allowed to do (US Constitution, Bill of Rights etc.) or a list of things you are not allowed to do (UK common law, various Acts etc)?

Neither system (US v UK) is perfect, but we live with what we know. And as for DoS attacks, at least there's an attempt to do something about it, rather than bury heads in sand.

Re:Eh ... no

[Oddbits]

We do have one, it's just not formally written in a single document.

Re:Eh ... no

[John+Sullivan]

Would you rather have a list of things you are allowed to do (US Constitution, Bill of Rights etc.) or a list of things you are not allowed to do (UK common law, various Acts etc)?

Surely the US consititution is not a (definitive - as you implied) list of things you can do, but a list of things the government is not allowed to make laws stopping you from doing. It still takes an additional law to stop you from doing things not mentioned in their constitution.

Re:Eh ... no

[gfreeman]

Fair point.

Re:First Criminals; This is *NOT* funny

[peddrenth]

"somebody in UK, please write your queen about this"

Concerted attempts have been made to wield the clue-stick in the direction of parliament, however, they're still thick as pigshit when it comes to computers:

The bill, as it stands, would outlaw everything which causes somebody else's computer to slow down without the owner's permission. Read the bill if you think I'm exaggerating.

That means, anytime you use a computer for anything, you are to some extent a criminal if this gets passed. Again, our MPs need some computer experience, p.d.q. if they think this is a good solution to d.o.s.!

(p.s. side issue, but if a program of yours is insecure (even with GPL's disclaimed liability) and your program causes someone else's computer to slow down, or to divert any resources away from its normal functioning, you'll have broken the law if this piece of legislation gets passed. Software liability by the back door?)

oh no!

The government is trying to take away your right to DoS people! First they take away your right to crack copy protection measures and steal IP. Now they have the nerve to ban DoS attacks! Bastards!

Re:English law

[Nurgster]

How about the technology that makes the Internet (and modern phone systems) work?

I kid you not, packet switching was invented in the UK, while the US was having trouble implementing that "ARPANet"" thing...

Woohoo

[towaz]

So if i use filesharing programs and get a dos from the RIAA I can get them sued?

Re:First Criminals; This is *NOT* funny

[tconnors]

>somebody in UK, please write your queen about this.

No, but they may write *to* our Queen.

After all, they speak English.

Re:First Criminals; This is *NOT* funny

That's what cookies are for.

If you deep link from somewhere else, well no cookie for you!

Too vague

a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system.

Couldn't most of Microsoft's programmers be arrested under this statute?

legal escalation

[Amoeba]

We propose a law to legalize certain DoS attacks.

They propose a law to make those DoS attacks illegal.

We retaliate with another law to make any laws criminalizing our law that legalizes DoS attacks illegal.

They strike back with a law that makes it illegal to pass laws which make laws that that legalize DoS attacks illegal..

In furious anger and righteous indignation we pass a law tha...

I think I just hurt something in my head.

Re:First Criminals; This is *NOT* funny

[FyRE666]

"somebody in UK, please write your queen about this"

Didn't you know? We all know her here in the UK - I'll pass on your message next time I drop by for tea and scones...

UK Parliament to ban DoS Attacks

[Alamaz]

Uh Oh . . . looks like the final nail in MicroSoft's coffin.

Re:First Criminals; This is *NOT* funny

[drinkypoo]

this means no more posting of links on slashdot linking to UK sites lest Taco becomes an international criminal.

bzzt. They're just posting a link; Of course, if you deep link, that could be illegal in some countries. Stupid countries. You follow the link. It's like the difference between rioting, and inciting a riot; inciting a riot is illegal, but unless they make inciting a DoS illegal, the slashdot effect isn't covered.

hmm...

[lingqi]

Non-Anonymous

i think it's actually "nonymous"

Re:hmm...

[Dwonis]

That's "onymous"

Re:First Criminals; This is *NOT* funny

[scosol]

This is entirely ridiculous, and is patent evidence of the dangers of non-technical people making technical decisions.

Depending on the nature of the "DOS" attack, there may or may not be any distinction between "DOS" traffic and "legitimate" traffic.

Example: Google could be sued for putting site "x" at the top of their results- causing an influx of traffic and slowing it down.

Utterly Fucking Ridiculous

Re:English Law

[Jucius+Maximus]

"Would that be Chester in the county of Cheshire? Perhaps "Chechire" is a middle English name, or older, that doesn't exist anymore."

I checked back on the original site (which I saved to my home machine's hard drive before the site went offline) and the spelling there matches what you have.

My original post was posted from memory this morning when I was at work so I didn't get it exactly right. So essentially, I spelled it wrong and stand corrected.

Microsoft causes failures

Doesn't this criminalize every Microsoft programmer since they routinely cause faulures?

Re:First Criminals; This is *NOT* funny

Read the damn file! it reads:

... provided that a _reasonable_ person could have anticipated that the act would have caused such an
effect.

... thereby exempting /.ers.

A way to get at spammers?

[Walles]

Could this law be used to sue spammers? If a spammer uses your mail server to send out a ton of mail (thereby degrading its performance while the e-mail is being sent out), will that be considered a DoS attack under this bill?

Please learn to speak english

we cant "write our queen" because this is incorrect english.
we can write TO our queen.

If you americans are going to use our language, please use it properly.

Scotland has it's own legal system

[Clansman]

..actually :-)

But seriously, whatat do you mean by 'kill'? You mean that an association of commercial corporations will hack or dos a server hosted in Scotland?

This is definately not legal, even in the US. So, yes they would be extradited to Scotland (not the same as th UK) and then tried.

If you mean, seek legal redress for damages caused by the p2p server, then they would seek assistance from the legal authorities in Scotland and proceed.

Re:Scotland has it's own legal system

[dillon_rinker]

Q: What's the difference between being British and being English?
A: Ask the Scots...

=)

This is definately not legal, even in the US
True...for now. A recent /. article discussed the RIAA's attempts to make it legal to DoS a P2P server that was illegally distributing copyrighted content. I was obliquely referring to this.

Re:English law

ARM processors, public key crypto, the Sinclair C5...

Re:English Law

[DataCannibal]

Not quite correct. It's not only legal it's compulsory :-)

Waits for flaming death from welsh dragon

cheers

Phil

beware Microsoft

[lfourrier]

Planning to introduce a DRM system on computers will certainly causes directly or indirectly a degradation, failure, or other impairment or function of a computerised system or any part thereof, as any reasonable person can see.

Re:Does the 'Slashdot Effect' count as a DDoS atta

I thought the idea was to punish offenders?

Re:First Criminals; This is *NOT* funny

[mpe]

Concerted attempts have been made to wield the clue-stick in the direction of parliament, however, they're still thick as pigshit when it comes to computers:

Maybe, since they obviously have some spare time on their hands, could hold a competition with the US Congress to find the least clueful legislator :)

The bill, as it stands, would outlaw everything which causes somebody else's computer to slow down without the owner's permission. Read the bill if you think I'm exaggerating.

It also appears to be utterly redundant, since the kind of things it seaks to outlaw are already illegal.

This sounds VERY familiar...

[Chibi+Merrow]

'degradation, failure or other impairment of function of a computerised system.'
Isn't that kinda like installing Windows XP?

Re:First Criminals; This is *NOT* funny

[John+Sullivan]

so all those idiots who open exe attachments and get infected with klez or whatever and cause a degradation of mail service are now *criminaly* stupid?

Mens rea, mate, mens rea.

Re:English law

[AndrewRUK]

The web.

(well sort of. Tim Berners-Lee is a Brit, but he was working at cern, in Switzerland, at the time)

heh, sometimes I feel like one of

[Clansman]

... pavlovs dogs ...

Scotland?

[Dan+the+Main+Man]

Is that "Scotland" as in "Axis of Evil Scotland"?

Send in the Marines!

Copied straight from the Slashdot FAQ:

[Glytch]

(Link here, but I imagine you're too lazy to click, so here's a copy:)

Slashdot should cache pages to prevent the Slashdot Effect!

Sure, it's a great idea, but it has a lot of implications. For example, commercial sites rely on their banner ads to generate revenue. If I cache one of their pages, this will mess with their statistics, and mess with their banner ads. In other words, this will piss them off.

Of course, most of the time, the commercial sites that actually have income from banner ads easily withstand the Slashdot Effect. So perhaps we could draw the line at sites that don't have ads. They are, after all, much more likely to buckle under the pressure of all those unexpected hits. But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!

I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?

So the quick answer is: "Sure, caching would be neat." It would make things a lot easier when servers go down, but it's a complicated issue that would need to be thought through in great detail before being implemented.