Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tougher Hacking Laws Get Support in UK

Posted by ryuzaki0 on from the be-careful-of-blanket-statements dept.

rainbowhawk writes to tell us BBC News is reporting that new laws outlining harsher punishments for computer crimes are gaining support in the UK. From the article: "The move follows campaigning from Labour MP Tom Harris, whose ideas are now being adopted in the Police and Justice Bill. There will be a clearer outlawing of offenses like denial-of-service attacks in which systems are debilitated."

16 of 189 comments (clear)

  1. Ambiguity by kaleco · · Score: 4, Interesting
    The bill - which was being debated for the first time in the House of Commons on Monday - would also boost the penalty for using hacking tools.

    What constitutes a hacking tool? A terminal emulator? Linux?

    --
    Prosperity is only an instrument to be used, not a deity to be worshipped. Calvin Coolidge
  2. You think this is a joke? by Anonymous+Brave+Guy · · Score: 5, Interesting

    Actually, Slashdotting almost certainly would be regarded as a deliberate DDoS attack.

    1. It suddenly diverts massive numbers of requests to a particular system, resulting in an obvious denial of service.
    2. The admins of that system are given no prior warning and have no particular reason to expect such a spike, so they can't do anything about it. (There goes the "if it's on the web, it's fair game" argument.)
    3. The Slashdot admins know damn well about the Slashdot effect, and have consistently ignored public suggestions to improve their procedures.

    I would expect that if the Slashdot editorial staff continue to allow linking in articles without giving any sort of warning or (better) seeking consent from the linked service's admins, the first case will go against Slashdot in a matter of minutes, and there will be genuine consequences for the admins. Let's hope the more enlightened editorial policy zillions of Slashdotters have been advocating for years results.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    1. Re:You think this is a joke? by Anonymous+Brave+Guy · · Score: 4, Interesting

      Reading the proposed wording, there is no definition of "DDoS". The offences are defined in terms of denying access to a system, and you would simply have to make the case that the Slashdot editors had the requisite knowledge and intent. The knowledge is clear; the Slashdot effect is widely known, and it is not credible that the editorial staff are unaware of the likely effect of linking to a site on the front page of Slashdot. The intent is less clear, but I'm sure you'd find a lawyer who could make a strong case for it. We might refer to a "DDoS attack" in conversation, but the use of zombie machines or whatever is irrelevant to whether or not an offence is committed under the proposed law.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  3. We will always be at war with Oceania! by WillAffleckUW · · Score: 2, Interesting

    Or some other excuse to crack down on hackers.

    My guess is that they're more worried about details of the Iraq misadventure will be found by activist hackers, or Members of the House of Lords or House of Commons visits to .. um ... naughty websites ... nudge nudge wink wink ... you know ... than they are of hackers ganging up on website owners and demanding blackmail (which is already illegal and will already result in stiff jail terms).

    --
    -- Tigger warning: This post may contain tiggers! --
  4. Script Kiddies go free ;-) by TekGoNos · · Score: 4, Interesting
    A person is guilty of an offence if--
        (a)
            he does any unauthorised act in relation to a computer; and
        (b)
            at the time when he does the act he has the requisite intent and
            the requisite knowledge.
    So, if a script kiddy just tries everything without knowing what he does, he goes free?
    --
    I have discovered a truly remarkable proof for my post which this sig is too small to contain.
  5. So it's the answer to "DO SOMETHING!"? by Opportunist · · Score: 2, Interesting

    Bit like the reaction to the avian flu, hmm? We dunno what to do, we have no information about the topic at hand, but we have to do something to at least appear like we're in charge.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  6. Re:Awkward justice system by I+confirm+I'm+not+a · · Score: 2, Interesting

    Does anyone else find it COMPLETELY wrong someone like Milan Babic (former Croatian Serb leader who just commited suicide) serves 13 years for genocide crimes and hackers can serve as much for a little denial of service attack?

    Yes. I live in the south-side of Glasgow, the area represented by Mr Harris. The issues here aren't, apparently, genocide and war: they are graffiti and "anti-social behaviour" (and now, presumably, ha><0ring). Meanwhile, Mr Harris's colleagues in the (Labour-controlled) city council are closing council-run schools and swimming pools, and state-run hospitals. Unemployment in much of Glasgow is still a national disgrace, sectarian violence is still with us, and we still have our reputation as the sick man of Europe (the most polluted street in Europe is just around the corner from my workplace).

    So I do feel it's completely wrong that Mr Harris and his cronies devote so much time to so little effect. I'd guess that Mr Harris et al feel that genocide isn't a vote-winning issue. I am slightly surprised to see a Glasgow Labour MP asserting himself: in Glasgow we elect telephone boxes because they're New Labour red. I guess Mr Harris is planning a career beyond Glasgow politics.

    Disclaimer: I was a member of Mr Harris's party - Labour - until they went off the rails in 1996.

    --
    This is where the serious fun begins.
  7. Re:And how should it be enforced? by Baseball_Fan · · Score: 3, Interesting
    In turn, what it accomplishes is that there will be fewer and fewer people with relevant skills. Let's face it, everyone, literally everyone, who is in the security biz today, from 'net security to virus analysis has some kind of record. Either a public one or (if he's good) at least one that didn't get public. But everyone has scratched and sniffed at a server or two.

    I disagree with this statement. Many people learned security the right way. There are places with servers designed for testing. You don't have to crack the computers at U of State to learn security. You don't have hack the computers at GE to learn security.

    Laws against DDoSs. Great idea. Btw, let's next outlaw Hurricanes from destroying properties.

    DDoSs is different. IMHO, DDoSs is like a boycott. Unions did this before computers were invented. I can give you one example. A local shipping factory was going to take away health insurance from the truck drivers. The union voted to strike, and the compnay hired scabs. The truck drivers protested in front of the factory for a couple days, but realized they were not making progress. So what did they do? The truck drivers on strike got in their private trucks, vans, and whatever cars they could find, and they drove in a circle around the factory. This made it impossible for trucks to enter or leave the factory, and jammed up all the local intersections. But it was 100% legal. The police were called in, and the truck drivers were not breaking any laws. The company was forced to deal with the union.

  8. Compare/Contrast... by Greyfox · · Score: 3, Interesting
    It'd be interesting to see a comparison of the penalties for a real world crime and its computer equivalent. For example, what's the penalty for shoplifting a CD, where you've stolen actual physical property and downloading the same songs from bittorrent or wherever. Assuming you get caught in either case. Likewise what are the penalties for staging a DDOS, which is temporary, versus, say, a Miltonesque burning down of the building, which isn't? And are the penalties for dumpster diving and stealing thousands of credit card numbers any more or less than phishing for them on the internet. Although it seems phishers are pretty good at covering their tracks these days judging from the number of news stories there are about THEM getting caught.

    It'd be even more interesting to see a news outlet pick up a story on that. Anyone care to send a suggestion off to NPR?

    Anyway... if the punishments for the electronic equivalents are more severe than the real world crimes, perhaps the lawmakers in question need to review their statutes about smoking crack and turn themselves in for appropraite punishment.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  9. Rules need to exist for creators too by TWX · · Score: 2, Interesting

    Honestly, I don't think that malevolent use of technology would be nearly as much of a problem if it were designed better. I'm looking at you, Microsoft, who have continued to provide us with software that is insecure both on the system and via network, and who never ever gets the software truly fixed. The next version may fix many of the previous version's problems, but it itself introduces new vulnerabilities that again, aren't fixed until the next version.

    Companies that create software or firmware need to be held to a quality standard that creates a modicum of safety or security. There will always be people who will try to break into systems, but if the software is hardened to a certain extent then maybe the scr1pt k1dd13s will be kept out and reduce the number of compromises to those who actually can break in through their own work.

    --
    Do not look into laser with remaining eye.
  10. Is it official? by Jon+Luckey · · Score: 2, Interesting

    Is the Lynx browser now officially against the law in the UK?

    --
    -- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
  11. Re:Welcome to the new world by I+confirm+I'm+not+a · · Score: 2, Interesting

    You make a valid point (that a DDoS attach has the potential to create real harm), but it's slighlty irrelevant: if, through dangerous driving, I crash a motor vehicle and kill someone I would, quite correctly be charged with manslaughter. It doesn't, however, equate to the deliberate and systematic mass murder of civilians and should not merit an equivalent sentence.

    --
    This is where the serious fun begins.
  12. Re:What? by voice_of_all_reason · · Score: 2, Interesting

    The "parole forever" part sounds really scary. In the US, anyone on parole can be stopped/searched at any time, sex offenders can't buy any porn -- a whole host of crap. You really can't rebuild some semblence of a life if you're not treated equally under the law any longer.

  13. Re:Black? White? Grey? Define it! by PitaBred · · Score: 1, Interesting

    Nope. Just a much higher violent crime rate. Most people seem to think this is because of the lack of protection that a person in the UK definitely doesn't have, but a person in the US may or may not have. Additional links:

    US DOJ
    NewsMax
    The Weekly Standard

    Get off your "Britain is better" high horse, because it's completely wrong.

    --
    My blog. Good stuff (when I remember to update it). Read it.
  14. Industry response? by timbrown · · Score: 2, Interesting

    As a UK pen tester and developer of security software, this bill directly affects me. My initial response was outrage, but having discussed this with colleagues over the last month or so, I can see the counter point that UK computer security law is in need of updates.

    Given that the UK government runs a scheme for accreditation of pen testers and that this bill has been drafted in consultation with industry leaders, I feel it is unlikely that our activities will be deemed illegal. My understanding is that providing that you can demonstrate that you wrote the tool in good conscience for reasons other than the compromise of systems without authorisation then you'll be okay.

    Having said this, personally I'll be pressing my bosses for a precise legal explanation of the consequences of these changes to the law in relation to the work I'm currently engaged in.

    --
    Tim Brown
  15. Re:What about spurious takedown notices? by Anonymous Coward · · Score: 1, Interesting

    7 years for rape? Right now in the UK you can get as little as 12 weeks for murder if you imply it wasn't intentional.