UK Parliament to ban DoS Attacks

Ian Hill writes "It seems that the UK government is not as technologically withdrawn as you may think. This bill is an amendment to the Computer Misuse Act 1990 which bans Denial of Service attacks by name. It states that a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system.'"

Thank God

[Ashcrow]

Now no one will ever do it!

First Criminals

[Amazing+Quantum+Man]

And the first two people charged will be:

Ian Hill and CmdrTaco for causing a slashdotting of the UK Parliament server!

Re:First Criminals

[DNS-and-BIND]

This is a real issue. I was involved in a court case recently, where an email server had fallen down after receiving a mere 14,000 emails. The mail server (a 4x450 CPU Sun E4500) had really bad mail processing software. The cluebies who set it up caused sendmail to spawn a shell process and a SQL script for *each incoming email*. That's right, two expensive processes just to get one email injected into the database. Needless to say, after the first 500 mails or so, the system load was above 100 and the machine was not doing anything but processing mail (needless to say, it was an "all-in-one" server, that had Oracle, apache web interface, OAS, DNS running). The FBI prosecuted the guy for "executing a remote command to do damage" and "unauthorized access".

Was he wrong? All he did was send some email. It's not his fault the machine fell down, it was an unscalable design.

Ha anyone told Rep. Howard Berman ?

[drew_kime]

I wonder if this will get passed before this.

irony

[s20451]

So we slashdotted them with a link. How ironic. Can I rat out Taco for a reduced sentence?

Slashdot Banned From posting Links to UK?

[EastCoastSurfer]

Wouldn't the slashdot effect be a way of degrading network performance?

Degredation of a computer system?

[restauff]

Every time I download a big movie or file from a fast server, I cause degredation to my connection, and so my computer system. How does one define at what point it is intentional, and at what point serious damage is done to the system?

UK vs US?

[dillon_rinker]

So when the RIAA kills a file-sharing server in Scotland because US law specifically permits it, and when they are indicted because UK law specifically outlaws it, whose national sovereignty will be degraded?

English Law

[Jucius+Maximus]

In other news, it is still legal in Chechire (Chester) England to shoot, with a crossbow, any Welsh person, as long as you do it inside the city walls after 11 PM.

(don't ask me for a reference, I found it on a 'Stupid Laws' page that has subsequently shut down)

This is very good.

[tshak]

This is very good - I mean consider all of the damage that DOS could do to your machine. It's insecure, lacks multitasking, and requires users to configure EMM386 and HIMEM.SYS just to play Doom. Let's just hope that bin Laden doesn't have the technology available to perform a DOS install/attack on all of our machines.

Criminal Law not Civil Law

[Martin+Spamer]

The Computer Misuse act is criminal law not civil law anybody breaking goes to Prison.

Hang on

[Rogerborg]

Feel free to mod this as funny or troll, but I am perfectly serious. I like this bill: it's pithy, addresses a real problem, and is neither too narrow nor too broad. However, it occurs to me that the wording could be applied to writing a piece of buggy software.

"A person is guilty of an offence if without authorisation he does any act which causes directly or indirectly a degradation, failure, or other impairment or function of a computerised system or any part thereof. A person is guilty of the offence [...] even if the act was not intended to cause such an effect, provided that a reasonable person could have anticipated that the act would have caused such an effect. [...] the act is without authorisation if the person doing it does not have the permission of the owner [of the relevant computerised system or part thereof]."

So, I write a piece of code with a memory scribbler in it, say passing an unitialised pointer to memcpy(). The "act" is my typing of that specific line of code. Any reasonable person would anticipate that act would cause a degradation or failure on a system. Note: "a" system, not "my" system. I didn't intend it to cause failure, but I should (reasonably) have realised it would. And once I distribute the code, the damage is caused on many systems, none of which are owned by people who gave me permission (explicitely or even implicitely) to perform the "act", i.e. write that scribbler.

I'm certainly stretching a point, but my scenario satisfies the letter (if not the spirit) of the law. There's already a concept of criminal negligence; this would just be a specific case of it. The part that makes me pause is that the offence is caused by the individual coder, not by her employer.

So while this probably will never effect me, it gives me a little more incentive to make sure that I lint every line that I write, and damn the deadline. But hey, on balance that's a good thing, right? ;-)

Re:First Criminals; This is *NOT* funny

[lingqi]

Read the damn file! it reads:

A person is guilty of the offence in subsection (1)(a) even if the act was not intended to cause such an effect, provided that a reasonable person could have anticipated that the act would have caused such an effect.

this means no more posting of links on slashdot linking to UK sites lest Taco becomes an international criminal.

somebody in UK, please write your queen about this.

Re:English Law

[nicklott]

In case anyone cares: it's here

Eh ... no

[00_NOP]

This is not a Government Bill - so has no real chance of getting passed - especially as it has been introduced so late in the session. I don't think it's even had a 2nd Reading debate.

Nice try, guys. But you need to update yourselves on the UK constitution.