Out-Law / Your Daily Need-To-Know

The UK Government this month published a short bill to amend the country’s anti-hacking legislation of 1990 so that it covers denial of service attacks. At present, such attacks may fall through a legal loophole.

The Computer Misuse Act pre-dates the growth of the internet. As such, it did not contemplate denial of service attacks, attacks in which a server is flooded with false and untraceable requests for information. Such attacks can overload and disable a network.

The loophole in the 1990 Act does not mean that denial of service attacks are currently legal. In England, the Criminal Damage Act could be used in a prosecution of such an act; in Scotland, the crime of Malicious Mischief might apply.

If the Computer Misuse (Amendment) Bill is passed in its present form, the 1990 Act would provide that “a person is guilty of an offence if without authorisation he does any act” which causes or which he intends to cause, “directly or indirectly, a degradation, failure or other impairment of function of a computerised system or any part thereof.”

Guilt will be established even if the intent is not shown, “provided that a reasonable person could have anticipated that the act would have caused such an effect.”

The European Commission last month released a draft Directive that would require Member States to create crimes of hacking – which it calls “illegal access to information systems,” and denial of service and virus attacks – described as “illegal interference with information systems.”

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.