Goto Blog Home PageRevell Research Systems: Alastair Revell's Web Log
On this page....
Police and Justice Bill
Archive
<October 2008>
SunMonTueWedThuFriSat
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678

RSS 2.0     Atom 1.0     CDF

Summary
September, 2008 (2)
June, 2008 (1)
May, 2008 (1)
March, 2008 (2)
February, 2008 (1)
November, 2007 (2)
October, 2007 (2)
September, 2007 (5)
August, 2007 (5)
July, 2007 (5)
June, 2007 (1)
May, 2007 (3)
April, 2007 (4)
March, 2007 (2)
February, 2007 (3)
January, 2007 (3)
November, 2006 (5)
October, 2006 (4)
September, 2006 (4)
August, 2006 (3)
July, 2006 (4)
June, 2006 (7)
March, 2006 (1)
February, 2006 (1)
January, 2006 (4)
Search
Navigation
Home
Revell Research Systems
Revell Research Systems Blogs
Alastair Revell
Microsoft Patterns & Practices
University of Birmingham
University of Plymouth
Categories
 
 
 
 
 
 
 
 
Blog Roll
RSS 2.0 Brad Abram
RSS 2.0 Clemens Vasters
RSS 2.0 David Maister
RSS 2.0 Grady Booch
RSS 2.0 Harry Pierson
RSS 2.0 Joe Hummel
RSS 2.0 Nick Robinson
RSS 2.0 Robin Bloor
RSS 2.0 Scott Hanselman
RSS 2.0 Seth Godin
RSS 2.0 Sir Tim Berners-Lee
RSS 2.0 The Orange Rag
RSS 2.0 Tom Hollander
RSS 2.0 Tom Mertens
About Alastair Revell
Alastair Revell is the Managing Consultant of Revell Research Systems, a Management and Technology Consulting Practice based at Exeter in the United Kingdom.
Contact Alastair Revell
 EMail Alastair Revell Email Me
Copyright

© 2008 Alastair Revell

Legal & Other Notices

Terms of Use

About Alastair Revell

About this Blog

Sign In
Sign In
Disclaimer
The material published in this web log is for general purposes only. It does not constitute nor is it intended to represent professional advice. You should always seek specific professional advice in relation to particular issues. The information in this web log is provided "as is" with no warranties and confers no rights. The opinions expressed herein are my own personal opinions.

Web Log Home | Welcome to this Web Log | Using this Web Log | New to Blogs? | About Revell Research Systems | Contact Details

Review Entries for Day Wednesday, February 01, 2006

Police and Justice Bill

As far as computing-related crime, the Police and Justice Bill, which was published last week, is at least a step in the right direction.

The problem with the existing legislation (The Computer Misuse Act 1990) is that it is out-of-date in computing terms. This is adequately illustrated by a recent case heard by District Judge Kenneth Grant (2nd November 2005), sitting at Wimbledon Magistrates Court, in which a teenage defendant was charged under Section 3 of The Computer Misuse Act 1990. Section 3 of the Act concerns unauthorised modification of or tampering with a computer system.

The defendant was alleged to have sent an enormous amount of email to an organisation, which caused its email server to crash under the load. This may seem unlikely to happen elsewhere, but our experience is that most Microsoft Small Business Server Systems are configured to have their email database on the system partition, making not only the internal and external email vulnerable to this sort of attack, but also their entire computer system. If you use such a system, this could have been you!

Presumably, the prosecution intended to show that this was a malicious attack, intent on crashing the server and causing damage to the organisation.

However, the defendant's lawyers argued that since an organisation's email server, by its very nature, is there to receive that organisation's email, the organisation had authorised its correspondents to use its email system. Consequently, no offence could have been committed under the Act, regardless of the volume involved. District Judge Kenneth Grant agreed with their argument, causing consternation in the IT community. Effectively, this form of Denial of Service attack is legal in the United Kingdom.

The problem is that the existing law was drafted long before concepts like Denial of Service (and the stronger Distrubuted Denial of Service) attacks had been conceived. In fact, as far as the general public is concerned, it was drafted long before the Internet had even entered popular language.

The Police and Justice Bill does aim to plug this hole in English Law and extends sentencing periods for hackers in line with the commercial damage that they can cause. However, does it go far enough?

I think that we need to understand that our computing legislation needs to be reviewed regularly and that we must expect to replace the existing legislation lock, stock and barrel every so many years, simply because computing is not what is was last year, let alone 16 years ago. I would like to see HM Government publish a new Computer Misuse Bill for this decade to deal with the problems that have emerged in the last few years. There have been several private member's bills, but none have been successful. I think it is time for the Home Office to bite the bullet...

The Computer Misuse Act (1990) was enacted in June 1990 and was, no doubt, drafted earlier. To put January 1990 into perspective - Microsoft had not even yet launced Windows 3.0! We were still using MS-DOS - black and white text screens...

Our principal legislation on computer misuse dates from this era when few people had access to personal computers outside of work.

More about Alastair Revell

Wednesday, February 01, 2006 2:48:18 AM (GMT Standard Time, UTC+00:00)  #
Comments [0] General | Trackback Tracked by:
"EMail Based Denial of Service" (Alastair Revell's Web Log) [Trackback]
http://blogs.rrs.co.uk/revella/PermaLink,guid,67fd0242-d610-400d-ac20-f57bedd2f7... [Pingback]

RSS 2.0 Feed If you enjoyed reading an article on this blog, why not subscribe to the RSS 2.0 feed to receive future articles?
   
Revell Research Systems Logo Visit the Revell Research Systems Web Site if you want to learn more about this management and technology consulting practice.