Denial of service attacks have been featured in the media on numerous occasion in recent years. In its simplest form it involves bombarding a website with nonsensical emails until the data buffer for the website is exceeded. The website is then prevented from receiving further emails. This is clearly disastrous for any business that relies on email to receive orders from users (e.g. an online bookshop). Unfortunately the existing Computer Misuse Act 1990 was passed before the widespread use of the internet and so does not specifically prohibit such malicious attacks. Criminal offences under the existing Act are based on the criteria of unauthorised access or unauthorised data modification. Denial of service attacks aimed at publicly available websites do not do not neatly fit within those criteria.

The Computer Misuse (Amendment) Bill, currently before Parliament, seeks to introduce a new criminal offence relating to denial of service. Denial of service is defined in the Bill as causing a function of a computer system to degrade, be impaired or fail without the authorisation of the owner. The Bill, which amends the existing Computer Misuse Act 1990, criminalizes any action, proposed or carried out, which impairs the function of a system. If the action is actually carried out, intent to impair the system is not required provided the effect could have been anticipated from an objective standpoint. The Bill is seen by many in the industry as a significant step towards ensuring the existing Act can combat current computing crimes.

The Bill is expected to pass during the next session of Parliament, which is due to start on October 15.

Please click through for a copy of the Bill.

© Herbert Smith 2002

The content of this article does not constitute legal advice and should not be relied on as such. Specific advice should be sought about your specific circumstances.

For more information on this or other Herbert Smith publications, please email us.