U.K. Removes Denial-of-Service Attacks from "Legal Gray Area"
UNITED KINGDOM -- If you're thinking of launching a denial-of-service attack against a person or group that you don't like, they'd best not be in the United Kingdom or you could get into big trouble.
Although experts say that the attacks had previously existed in "a legal gray area," lawmakers have changed that, making it an offense to hamper the ability of any computer system to operate.
The Police and Justice Bill 2006 supercedes the previously applicable Computer Misuse Act 1990 (CMA), which was created prior to common use of the internet. The bill, given Royal Assent earlier this month, also includes clauses prohibiting behavior that denies users access to programs or data stored on a computer, or interfering with the ability of any data or program stored on a computer to operate. Violators of the new law now face maximum cybercrime penalties of up to 10 years in jail, as opposed to the previous five.
The CMA had only prohibited unauthorized modification of computer systems, and not the rendering of an entirely computer system inoperable via data overload, thus leaving denial-of-service attacks in the aforementioned "legal gray area." This has been used as a defense by individuals who might otherwise have been convicted of cybercrimes, including David Lennon, whose mailing of 5 million emails to his former employer caused the email server to crash. His successful November 2005 argument stated that since an email server exists to receive email, the number of emails sent to it, no matter how large, could not be deemed an unauthorized modification to it. The case was later overturned and Lennon sentenced to two months' electronic tagging with an enforced curfew.