MPs ponder whether 'benign' hacking should be legal

[InfoSec News <isn () c4i org>]

http://news.zdnet.co.uk/internet/security/0,39020375,39153024,00.htm

Graeme Wearden
ZDNet UK
April 26, 2004

With Britain's Computer Misuse Act heading for a revision, some MPs
want to explore whether ethical hacking should be allowed

Should UK citizens ever should have the right to launch a hack attack
against a computer or a network?

A group of tech-savvy MPs are poised to consider this question, as the
All-Party Internet Group (APIG) launches an investigation into
Britain's cybercrime laws.

APIG has recognised that the Computer Misuse Act (CMA), which came
into law in 1990, needs to be updated to cover attacks upon the
Internet and on other computer networks. Like many experts, the group
is concerned that the existing legislation may not apply to
denial-of-service attacks -- where a network is driven offline by a
flood of Web traffic.

"As it stands, the Computer Misuse Act suffers from a lack of a
network focus. Today, the primary threat from hackers is to the
network, rather than to individual computers, and if the network goes
down we've got problems," said Richard Allan MP, joint vice-chairman
of APIG.

APIG has already received written evidence from interested parties,
and is taking further oral evidence at a session in parliament on
Thursday. The Home Office has said it is revising the CMA at present,
and APIG wants to feed the views of the UK IT industry into this
process.

And while Allan is adamant that tough action is needed against denial
of service attacks, he's also keen to examine whether ethical hacking
should be protected in law. He cited the law on criminal damage, where
a defendant can claim that they acted to avoid a worse event taking
place.

"If a successor to David Blunkett was going to introduce tough
censorship laws on the use of the Internet in the UK, should someone
be able to justify a hacking attack against the IT involved because
they opposed that censorship," asked Allan, who is the liberal
democrat MP for Sheffield Hallam.

The idea of a draconian home secretary smashing our human rights may
be far-fetched -- or not, depending on your take on the ID Card issue
-- but Allan points out that such suppression is already thriving in
other parts of the world.

"When the Chinese government blocked access to the BBC Web site,
people very rightly sought to subvert that censorship. As a
legislator, am I prepared to support legislation that says benign
hacking can result in several years in prison?"

Other issues that should be covered at this Thursday's oral evidence
session are whether the CMA should be revised to meet Britain's
international treaty obligations with other countries, and whether the
level of penalties within the CMA are sufficient to deter today's
criminals. The rise in organised e-crime makes these issues
increasingly relevant.

E-envoy Andrew Pinder is due to attend this session, as are
representatives from the home office and the ISP industry, as well as
legal experts and security providers.
 


_________________________________________
ISN mailing list
Sponsored by: OSVDB.org