Sweden to Make Denial of Service Attacks Illegal

paulraps writes "Sweden is to pass legislation making Denial of Service attacks illegal. The offense will carry a maximum jail term of two years, and is thought to be a direct response to the attack which crashed the Swedish police's web site last summer. Nobody was charged for that, but the fact that it came shortly after a raid on the Pirate Bay's servers was thought by many to be not entirely coincidental. Sweden's move follows the UK, which is even tougher on web attackers — there the sentence can be over five years in prison."

Slashdotted.

[morgan_greywolf]

So does this mean that they're gonna arrest Taco, Zonk and Co.?

Re:Slashdotted.

[nmb3000]

So does this mean that they're gonna arrest Taco, Zonk and Co.?

It's worth a try!

*cough* :)

Not going to work

[Kaleo]

It damn well SHOULD be illegal, but unfortunately making it illegal isn't going to accomplish anything. Look at marijuana, it's illegal but everyone does it anyways. It will be unenforceable.

Pointless

[forgoil]

Take a quick look at everything that is illegal in Sweden, take a look at all the laws (seriously, do), and I can tell you that this doesn't really make a difference. Just because you make something illegal doesn't mean it will go away, something they refuse to realize in this country of mine...

Re:Pointless

[susano_otter]

I don't think laws are about preventing crime, so much as they are about setting up a "payback" system for crime.

I think of it this way: You take something from society, you should give up something of your own in exchange. Ideally, you should give up something that pays society back in exchange for what you took, but in practice this is difficult to manage. (However, in America at least, we do have civil courts for people who want to try to get paid back in this way.) Instead, societies over the years have settled on conventions of what is "just" for a person to give up, in exchange for the privilege of taking something away from society.

In this case, the Swedish people, as represented by their government, have determined that two years of freedom is a just thing to give up, in exchange for attempting a denial of service attack.

Imprisonment might seem like a strange thing to exchange for many crimes (including DDOS attacks), but over thousands of years, imprisonment is what most societies have come up with, as the best (or least bad, if you prefer) exchange for most crimes. Other exchanges include fines, confiscation of property, exile, torture, maiming, and execution, as well as combinations of these things.

It's obvious that many people will continue to commit crimes regardless of the deterrents put in their way. The justice system isn't called the "deterrence system", after all. But it's called the "justice system" precisely because it codifies these tradeoffs: take something from society, give up something of your own in return.

Tracking

[HomelessInLaJolla]

How do you suppose they'll handle compromised systems, proxies, or VPNs? If I root someone else's system and am knowledgeable enough to cover my tracks how do they propose to track me down? The FP also mentioned the Slashdot effect. How do you think they could handle a network of web pages which, when visited, all make requests from the targetted server (similar to pay-per-click scamming)?

Re:Tracking

[suffe]

They are politicians, why should this bother them? They'll just leave the problem solving to someone else. And as everyone knows, the legal system will only use the new powers to do good when it is evident that the found person is in fact the culprit. No one ever interpreted a law by its words rather then by its intention, did they?

Too bad

[cdrguru]

Too bad they don't understand that the Internet is a consequences-free zone.

You can do just about anything on the Internet and are safe from prosecution. Why? Because the Internet crosses international borders and we all know that international law enforcement is just about impossible. No two countries have the same laws, the same penalties or even agree that the same things are criminal acts.

So, Sweden can pass all the laws they want to, but it will have no effect unless every country on the planet agrees that DDOS attacks are a criminal act with at least two years in jail being an appropriate penalty this will have no effect.

What is likely to happen is they will track some stupid show-off bragging script kiddie to Canada where it will be declared that they aren't going to extradite because it would bruise the delinquents ego. Or, the perp will be tracked to Romania where the response will be "So?"

Under the right circumstances, the US would probably even shield a perpetrator.

No, unfortunately for many people the Internet is destined to remain consequences-free for a long time to come.

My rights online!

[anthony_dipierro]

Geez, so now it's illegal in Sweeden to crash people's websites! What's gonna be next, a law against blowing up mailboxes?

Re:Mostly pointless...

[Xemu]

As most of the time DOS attacks are performed from outside the country, and therefor outside its juridiction, I doubt they'll even invoke it in court.

This law will allow the police to obtain the identity of the person using the IP address that is used for the DOS attack, even if this DOS attack is directed from Sweden to the outside world. I am sure there is a large amount of political pressure from the US in this matter and Swedish politicians are easy to intimidate.

It is important to note that the sentence term of 2 years was not chosen at random. When a crime carries this sentence as a possiblity, the Swedish police gets greater powers to use surveillance, wiretapping and raids to secure evidence such as the identity of person using a specific IP address.

In fact, this is also why thePiratebay.org exists and is so successful - since file sharing carries a sentence which is usually much less than 2 years, the police are not allowed to raid or subpoena the ISPs for the identity of the person that is using a specific IP address. (The Swedish MPAA aka APB have treid hard to get a criminal conviction for file sharing for this reason.)

So...

[TCM]

...does that mean it wasn't illegal up until now? That's actually more surprising to me.

seems reasonable

[DM9290]

This seems like a very reasonable maximum sentence. I am sure I can get 2 years for interferring with someones lawnmower or hairdrier in most jurisdictions. So I'm not sure this is even newsworthy. In fact.. I'm quite suprised this isn't already included in some kind of mischeif law thats already on the books and has been on the books for the past 500 years.

Its basically always been illegal to screw around with someone elses machinery.

Punishment...

[xaoslaad]

People who get charged with DUI's and other more grievous crimes don't even necessarilly end up in prison for the first offense. Sending people to prison for over 5 years for taking down a website is absurd. It's something that should probably be dealt with via stiff fines. In most cases it's just a frikkan' website. In most cases no ones life or well-being rely on it... perhaps a separate more severe punishment like prison time could be reserved for those public service type sites that might exist with a greater purpose...

At least the 'maximum punishment' of 2 years they are seeking does not seem too severe. If that maximum sentence isn't abused, and used only for those repeat offenders who just don't learn it seems alright...

More importantly

[denoir]

What is just briefly mentioned in the article is that conspiracy to make a DOS attack will be punishable. It seems like a very vaguely defined crime and because the tough sentences it would give the police search warrants way too easily. Technically to be a suspect all you need to have is a computer - what else kind of evidence could there be before an attack is actually committed?

Re:Mostly pointless...

[sr180]

In fact, this is also why thePiratebay.org exists and is so successful - since file sharing carries a sentence which is usually much less than 2 years, the police are not allowed to raid or subpoena the ISPs for the identity of the person that is using a specific IP address. (The Swedish MPAA aka APB have treid hard to get a criminal conviction for file sharing for this reason.)

No. The pirate bay exists because its not illegal to link to illegal copyrighted material in Sweeden. The pirate bay doesnt share illegal material, just torrent files, which are essentially a link to where the material actually is.

Re:Are they currently legal?

[the-intersocialist]

IKEA is an abbrevation for Ingvar Kamprad Eltmaryd Agunnarryd (the first two are the names of the founder and the two second are the name of the farm he grew up at and the parish of said farm). IKEA is not a word in Swedish.

Digg and Slashdot users are not mutually exclusive

[ickeicke]

Probably the news was on Digg earlier, resulting in a massive influx of visitors. You say that Slashdot was responsible for less visitors, but maybe that was because some Slashdot readers had already seen the story (hours) earlier via Digg?

It would be interesting to see how many people regularly visit both sites. I think that people who often check Digg, will RTFA even less often than regular /. users, because Digg often has stories faster (or so I am told, I myself only visit Slashdot).

Geek vigilante fest!

[sita]

It is important to note that the sentence term of 2 years was not chosen at random. When a crime carries this sentence as a possiblity, the Swedish police gets greater powers to use surveillance, wiretapping and raids to secure evidence such as the identity of person using a specific IP address.

Also, if you catch someone in the act of committing, or appearantly fleeing from the scene of crime of, a crime that carries a maximum penalty of more than two years, you may make a "citizen's arrest", that is grab and hold a person until the police arrives.

Now imagine a geek neighbourhood watch!