Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.K. Outlaws Denial of Service Attacks

Posted by ryuzaki0 on from the keep-it-in-your-toolbox dept.

gnaremooz writes "A U.K. law has been passed that makes it an offense to launch denial-of-service attacks. The penalties for violating the new statues are stiff, with sentences increased from 5 to 10 years. The five year penalty was from the 1990 "Computer Misuse Act", which was enacted before the Internet became widespread. The idea of stiffer penalties for DoS attacks are probably something we can all get behind, but the language of the law is frustratingly vague." From the article: "Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system. Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer."

20 of 239 comments (clear)

  1. Another law by adpsimpson · · Score: 5, Insightful

    Another law with good intent.

    Another set of wording so vague it's no use against those it's meant to stop.

    Another set of abuses waiting to happen.

    --
    Is crushing a suspect's child's testicles illegal?
    John Yoo: "No, [if] the President thinks he needs to do that."
    1. Re:Another law by Ksempac · · Score: 4, Insightful

      Well you ve got 2 possibilities...

      One : You let a politician write the law with words and vague ideas everyone can understand, including politicians and judges. It doesn t satisfy experts, but at least politicians understand what are they voting for. Once the vague law is voted, judges can make their own decision by referring to the spirit of the law rather than the word of the law.

      Second : You let experts write the law, only people with a lot of knowledge in the field will understand what it means, but that will still be up to the politicians to vote them. How do you expect them to vote well if they have no idea what is this all about ? How do you expect judges to use a law they dont understand ?
      Moreover, how do you choose your expert for let's say... a law about DRM ? Do you ask a guy from the RIAA/the majors (i m sure they ve got a bunch of qualified engineers and scientists working on DRM) or Richard Stallman to write it ?

    2. Re:Another law by RexRhino · · Score: 4, Insightful

      This law is really no worse than the laws that regulate health care, the economy, the enviornment, etc. You are simply a domain expert in this field, and thus you understand how stupid the law is. But when the government makes other stupid laws (for example, not allowing patients who are most certainly going to die to choose to try high-risk experimental treatments because the treatments are "too dangerous"... Or making "water saver" toilets manditory, that need two flushings to work properly, and thus use way more water that the old-school "wasteful" toilets... etc., etc.), you probably don't notice, or don't care. You probably say "Oh, a new drug safety law! I support drug safety!", or you say "A new water conservation law! I support protecting the enviornment!". Well, everyone else is saying "Wow, a new computer security law. I want computer security, so I support this!".

      Laws are very crude tools... it is like doing brain surgery with hammers. This law was probably make with plenty of input from domain experts. Laws can be tricky enough when you are dealing with crimes like murder, rape, mugging, etc. But when you want a single code of rules to be used to micromanage the legality of acts of a highly technical nature outside the understand of the general voting public, and that are constantly changing, this is going to be the best you do. You create laws that are so overly vauge that the police have huge leeway to go after whoever they want on their own discretion, because you know that there is no way you can have hearings, discussions, commiteee meetings, and create a sensible set of rules in the time frame that things will keep up with technology. I am not saying I agree, but the people who make the laws trust the discrection of police and government officials more than they trust the general public to do OK without regulation.

      Most people would rather deal with shitty laws, than leave things alone. I can't say I agree with that idea, but if YOU don't, then you are most certainly far outside the mainstream.

    3. Re:Another law by SEMW · · Score: 4, Funny

      >Are these people just incredibly arrogant or plain stupid?

      Why does it have to be either-or?

      --
      What's purple and commutes? An Abelian grape.
    4. Re:Another law by tyler_larson · · Score: 3, Funny
      FTA:
      "Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system.

      No more unplugging the microwave.

      --
      "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
      RFC 1925
  2. Hindering Access by Anonymous Coward · · Score: 5, Insightful
    preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer

    This is a pretty good description of DRM! So it's illegal now?

    1. Re:Hindering Access by sumday · · Score: 5, Insightful

      You seem to be forgetting the magnificent powers of wordplay that lawyers posess. You see, DRM isn't restricting access to data... It's securing access to data.

      --
      sudo killall humans
    2. Re:Hindering Access by jc42 · · Score: 4, Interesting

      preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer

      What is ''operation of data''? I don't think we had that in CS.

      Well, on a unix-like system, the meaning is pretty obvious: Any file permissions other than 777 are now illegal. So to comply, you should run the following commands:

      umask 0
      find / | xargs chmor ugo+rwx

      Also, in any programs that create files, you should change the permission arg to 0777.

      Lessee, what have I forgotten?

      (I suppose you should also turn off any firewall software you may have running, just to be on the safe side.)

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
    3. Re:Hindering Access by russ1337 · · Score: 3, Interesting

      ">>>I wouldn't take this to be not allowing anyone access to the data, and I'm convinced that no judge in the world would interpret it this way."

      Lets just hope you have a good lawyer who can put up a decent argument against a well versed set of 'anti-terror' lawyers, and prey that the judge you speak of owns an iPod. (you might want to hope you don't have the anarchists cookbook on your computer too).

      But riddle me this Batman - if you submit a story to Slashdot about a new technology bill making denial of service attacks illegal, and the Governments site referenced in the article gets Slashdotted.... are you, by the new law, responsible?

  3. If Slashdotting is outlawed by EnsilZah · · Score: 5, Funny

    Only outlaws will be reading Slashdot?

  4. Good intentions by robinesque · · Score: 4, Insightful

    Unfortunately merely meaning to do good isn't enough if you don't understand the root of the problem. This isn't going to deter people who are doing DoS attacks anyways. Usually they're using DDoS, through hijacked computers... This is pointless. But good for them for taking an interest.

  5. Very vague. by massivefoot · · Score: 4, Funny
    a clause that makes it an offense to impair the operation of any computer system


    That really is rather vague. My family are able to "impair the operation of any computer system" just by being left alone with it for 10 minutes.
  6. Re:Where is the real damage by the_unknown_soldier · · Score: 4, Insightful

    The original poster sounds a bit silly - but he is getting close to an important point.

    I don't think anyone here denies that it is important if websites go down. It can cot businesses millions if their website is not available to customers. If DDOSing hurts business, then why should it not be a civil issue? Let the civil jurisdiction deal with it, because it certainly isn't something that is worthy of jail time.

  7. Jail Microsoft? by newandyh-r · · Score: 3, Interesting

    So, when MS switch-off a copy of XP (or Vista) remotely FOR WHATEVER REASON they are breaking the letter of this law - and have "the necessary intent". So will we extradite Bill and bang him up for lots of 5-year sentences?

  8. Re:Slashdotted effect by thebigbluecheez · · Score: 3, Funny

    quick, everyone pull the article up and refresh till the cows come home!

    --
    I like your Macs, but I don't like your Mac users. (with apologies to Gandhi)
  9. Cutting off nose to spite face much? by KKlaus · · Score: 4, Insightful

    So let's see... DDOS takes down a site for a period of time (maybe more if its a shared server). And so we respond with 10 years in jail?

    First of all, economically that's a moronic decision. Jail costs the state between 20-30 thousand dollars a year depending on where it is. Unless someone is DDosing Amazon, and here's where the vague wording of the law is an important shortfall, we're spending hundreds of thousands of dollars punishing someone who did perhaps a few thousand dollars worth of damage. That's bad economics, and I'm sure that money could be better used say, feeding the starving or allowing someone to go to college who otherwise wouldn't be able to.

    Second of all, the kind of person you're going to be able to catch is not the person you want to throw in jail. We already have laws to punish people who run large botnets, and moreover by and large experienced blackhats won't be caught because they administrate their nets from countries ending in -stan. So the people who this legislation will put in jail will by and large be stupid college kids and people making a bad, poorly thought out decision as evidenced by the fact that they're using their home computer. These people need to be slapped with a big fine to they smarten them up, and then allowed to contribute to society.

    This should be a poster case of a crime that should not carry criminal penalty.

    --
    Relax I just want some peanuts.
  10. Full text of the act by user24 · · Score: 4, Interesting

    http://www.publications.parliament.uk/pa/cm200506/ cmbills/119/2006119.htm

    "Making, supplying or obtaining articles for use in offence under section 1 or 3
    (1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article--
    (a) knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3; or
    (b) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3."

    I'm now a criminal. Joe Blackhat won't care; he'll still get hold of the 'articles', but now my website which tries to teach people about responsible use of such 'articles' now makes me liable for up to 2 years in jail, plus a fine. I hate the law.
    Now I don't have to know what the tools will be used for, just that they can be used for wrongdoing.

  11. Oh well, try getting them to act by norfolkboy · · Score: 4, Insightful

    When one of my websites (with over 130,000 active members) was being attacked, South Wales Police told me they couldn't do much to investigate the perpetrator because all the funds were tied up in fighting online paediaphilia.

    What's the point in making the term of sentance tougher, if there aren't any resources to investigate online crime in many UK forces?

  12. Re:Impair, you say? by jc42 · · Score: 3, Insightful

    Does this mean people can be prosecuted for installing Windows onto a computer system?

    Maybe. But more likely it means you can be prosecuted for installing a browser. The only purpose of a browser is to use the bandwidth and cpu time of some other computer. That obviously interferes with anything running on that computer, impairing it for all other users.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  13. Just who exactly is gonna get the heat? by Opportunist · · Score: 3, Interesting

    DOS (or rather DDOS) attacks are rarely something you do from your computer at home. You have a herd of sheep doing that for you: Computers that you infected with a trojan which are under your control, waiting for the "drop da bomb" command.

    Who's gonna feel those 5-10 years? As much as I'd love it, it won't be the people dumb enough to not even notice that their connection is at crawling speed because they're infected. That would indeed be the end of the 'net, because people would be scared to go online.

    So we're after the guy controling the botnet? HA! Good effing luck! Europol backed and "encouraged" by banks is trying to get a hand on the guys doing phishing trojans. I.e. European persecution organisations with some rather "encouraging" businesses behind them are in vain trying to crack down on some people doing essentially the same a DDOS controller would do.

    So why do you think a DDOS blackmailer who's most likely targeting "smaller" companies (read: Normal companies that don't have the executive forces of states at their fingertips) would ever be found out?

    In a nutshell, the law is pointless. Unenforceable. Yes, it's forbidden. Yes, it's against the law. Yes, people won't give a fu.., knowing that it's impossible to get caught.

    Whether a law is broken does not primarily depend on the sentence tacked to it. It mainly depends on your chances of being caught. If that chance is zero, the sentence could be worse than death and people wouldn't care.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.