UK Parliament to ban DoS Attacks 271
Ian Hill writes "It seems that the UK government is not as technologically withdrawn as you may think.
This bill is an amendment to the Computer Misuse Act 1990 which bans Denial of Service attacks by name. It states that a person is guilty of an offence if they cause, or intend to cause, 'degradation, failure or other impairment of function of a computerised system.'"
Ha anyone told Rep. Howard Berman ? (Score:5, Interesting)
Slashdot Banned From posting Links to UK? (Score:4, Interesting)
UK vs US? (Score:4, Interesting)
Re:First Criminals (Score:2, Interesting)
You know, the parent poster might be more on par than you think. Since Slashdot has a tendency to push huge amounts of traffic to sites mentioned in articles, could that be taken as a DoS attack? Notice the line above says 'cause or intend to cause', meaning if you cause something like a Denial of Service attack, with or without intent, you could still be prosecuted. Hmmm. This might not be a good thing after all.
Re:slashdotted (Score:2, Interesting)
It was the title of a sci-fi short story years ago, in an age where teleportation exists and some major event occurs, causing people from all over teleport themselves to the event, causing a large crowd to appear, only to disappear after the event was over.
In the computing sense, it referred to legit cases of denial-of-service. For example, a "flash crowd" occured on 9/11 when MSNBC.com, CNN.com, etc, were all overloaded with connections from people seeking info on what was going on.
Who'll do the policing? (Score:2, Interesting)
Re:silly (Score:2, Interesting)
Murder is just another admittedly mean) use for the computer. The fact that guns are ilt in a way that allows murder is no reason to try to control what free citizens do with their legally obtained firearms.
Your argument seems to be based on because it is possible, is should be legal - which is anarchy.
Hang on (Score:4, Interesting)
Feel free to mod this as funny or troll, but I am perfectly serious. I like this bill: it's pithy, addresses a real problem, and is neither too narrow nor too broad. However, it occurs to me that the wording could be applied to writing a piece of buggy software.
"A person is guilty of an offence if without authorisation he does any act which causes directly or indirectly a degradation, failure, or other impairment or function of a computerised system or any part thereof. A person is guilty of the offence [...] even if the act was not intended to cause such an effect, provided that a reasonable person could have anticipated that the act would have caused such an effect. [...] the act is without authorisation if the person doing it does not have the permission of the owner [of the relevant computerised system or part thereof]."
So, I write a piece of code with a memory scribbler in it, say passing an unitialised pointer to memcpy(). The "act" is my typing of that specific line of code. Any reasonable person would anticipate that act would cause a degradation or failure on a system. Note: "a" system, not "my" system. I didn't intend it to cause failure, but I should (reasonably) have realised it would. And once I distribute the code, the damage is caused on many systems, none of which are owned by people who gave me permission (explicitely or even implicitely) to perform the "act", i.e. write that scribbler.
I'm certainly stretching a point, but my scenario satisfies the letter (if not the spirit) of the law. There's already a concept of criminal negligence; this would just be a specific case of it. The part that makes me pause is that the offence is caused by the individual coder, not by her employer.
So while this probably will never effect me, it gives me a little more incentive to make sure that I lint every line that I write, and damn the deadline. But hey, on balance that's a good thing, right? ;-)
P2P in UK? (Score:2, Interesting)
All in all, great news
Re:First Criminals (Score:2, Interesting)
The first time a link to my site got posted on Slashdot, the onslaught on the first day and subsequent spreading through blogs and mailing lists got me kicked off my hoster for generating an excess of 30 MB of netrowk traffic in 20 days -- they thought I was trading MP3s or warez. When they found out it was just my page, they still invoked their "upsetting normal working of server" clause and kicked me out on Dec 23d.
I found a new hoster, but this one charges me 6 bucks for any extra MB of traffic over my 2MB. That's just the breaks, the rest of the package is good. Of course, since it is hosted I can't actually do neat tricks like change the webserver to block slashdot referrers or anything, I just have what I have. But I wouldn't get slashdotted asgain, would I?
Of course I would, and without warning or consultation Chris posts the link again on the front page. My billing is monthly, the link was put the last day of the month, so I got the bill for this stunt after one day in the May billing: 54 bucks. June, of course, is yet to come in, and Lord knows what that bill is going to be.
All Slashdot editors know this will happen when they post a link. They know. They have known for years now. When I complained, I got a pointer to their standard policy "We don't warn people", as pointing to some webpage somehow mitigates the slashdot effect or precludes them from responsability for what their site does to websites. Further pressing got a "Change your webserver to deny referrals from slashdot (because you should just anticipate that we will Slashdot you some day, so you should have done this already)" and pointer to their FAQ on why they don't use Google cash: "But it's so hard to use it!"
I don't mind at all if a bill comes along somewhere that points out to editors of popular sites that wield this kind of power that there is no difference between them and a DDoS attack from a web-publishers point of view.
Re:SPAM == DOS (Score:2, Interesting)
Section 2 states that they are guilty of a DOS attack if a reasonable person could have anticipated the DOS would result.
Sending huge volumes of email through someone's email server. It sounds reasonable to me that it may degrade performance.
Posting a link on Slashdot and sending hundreds of people to a web site. It sounds reasonable to me that it may degrade performance. The only question is of permission. Is posting a web server on the net giving me an implied permission to link to it.
Re:First Criminals (Score:4, Interesting)
Was he wrong? All he did was send some email. It's not his fault the machine fell down, it was an unscalable design.