Legislators search for right way to outlaw DoS

The Home Office is mulling different ways to outlaw denial of service attacks

Looking for the right legal vehicle

Legislation is needed to make denial of service (DoS) attacks illegal, but amending the Computer Misuse Act (CMA) might not be appropriate, according to Jon Crowcroft of the Communications Research Network working group, a body backed by academics and industry.

Crowcroft welcomed reports that the Home Office is investigating alternative means to criminalise DoS attacks, saying, “The government is right to take its time. Legislation has to be careful not to infringe legitimate activity or violate privacy laws.”

A Home Office spokeswoman said reports that it would include DoS legislation in the Safer Communities Bill were speculation, but added that the government is committed to criminalising DoS attacks. “We have to clarify that all interference with computer systems is criminal, but we need to find the right legislative vehicle,” she said. Attacks using hijacked systems or involving extortion are illegal, but DoS attacks in themselves are not.

The government was called on to take action this month after a UK teenager, who crashed his ex-employers email server by bombarding it with emails, escaped conviction. John Barker, an associate solicitor at law firm Last Cawthra Feather, said the ruling made firms more vulnerable.

But Crowcroft said companies already have some protection from DoS attacks via contracts with internet service providers (ISPs), which allow ISPs to disconnect users guilty of “unreasonable behaviour”.

News of the government’s latest plans follow the postponement from next month to March of the second reading of a private members bill to make DoS attacks illegal by amending the CMA.

Barker noted that private members’ bills rarely become law.