The Computer Misuse Act pre-dates the growth of the internet. As
such, it did not contemplate denial of service attacks, attacks in
which a server is flooded with false and untraceable requests for
information. Such attacks can overload and disable a network.
The loophole in the 1990 Act does not mean that denial of
service attacks are currently legal. In England, the Criminal
Damage Act could be used in a prosecution of such an act; in
Scotland, the crime of Malicious Mischief might apply.
If the Computer Misuse (Amendment) Bill is passed in its present
form, the 1990 Act would provide that “a person is guilty of an
offence if without authorisation he does any act” which causes or
which he intends to cause, “directly or indirectly, a degradation,
failure or other impairment of function of a computerised system or
any part thereof.”
Guilt will be established even if the intent is not shown,
“provided that a reasonable person could have anticipated that the
act would have caused such an effect.”
The European Commission last month released a draft Directive
that would require Member States to create crimes of hacking –
which it calls “illegal access to information systems,” and denial
of service and virus attacks – described as “illegal interference
with information systems.”
