Monday, April 03, 2006

The DOS wars: Blogscript strikes back

Blogscript sadly fell beneath the waves of overwork at rather the wrong time to make a dent in the amendment process to the Police and Justice Bill revisions of the CMA 1990. Well, inspired by general waves of self congratulation from everyone form the APIG to the BCS, I feel inclined to remark in curmudgeonly way that I'm still not at all happy that the CMA amendments will do anything to water-tightly criminalise DOS in the UK. See my previous blog post at http://blogscript.blogspot.com/2006/01/denial-of-service-i-told-you-so-part.html .

If the latest version of the PJB is as at http://www.publications.parliament.uk/pa/cm200506/cmbills/119/06119.27-33.html, which I *think* it is, then it seems the amendments made have changed nothing useful (in cl 34 - cl 35 has been improved).

The crucial point is that in cl 34 it now reads:(I paraphrase)

S 3(1)CMA90 is amended to say

"A person is guilty of an offence if—
(a) he does any unauthorised act in relation to a computer;
AND (emphasis added)
(b) at the time when he does the act he has the requisite intent and
the requisite knowledge."

It doesn't help to define the intent required by s 3(1)(b) to include intent to impair* if s 3(1)(a) can't be established. You need both pre conditions for a conviction. And as things stand, post last year's DOS acquittal, someone who sends ordinary email or page requests etc to an open website is still not "unauthorised".

What is needed is to re-define or clarify "unauthorised". One easy way might be something like "The owner or operator of a website or server is rebuttably presumed not to give authorisation to the sending of data or traffic to that site where it is sent for the primary purpose of [insert the terms from s 3(2)]*".

I can't see any attempt to clarify "unauthorised" in the PJB. Worse still, we stil have s 3(4) declaring that "For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that the act in question is unauthorised".
I sincerely hope I've missed something. Pah. Why do we expect MPs to draft legislation? We don't expect them to perform heart surgery or build bridges. Why is drafting law, a difficult and skilled task, treated as amateur hour?

* s 3(2) CMA 1990: " (a)to impair the operation of any computer,
(b) to prevent or hinder access to any program or data held in any
computer, or
(c) to impair the operation of any such program or the reliability of any such data,
whether permanently or temporarily."

No comments: