The Home Office confirmed to OUT-LAW.COM that the long-awaited
changes will not happen now as planned, but in October. It had
previously said that the changes would be implemented in spring of
this year.
The changes are already
in force in Scotland. A Statutory Instrument was passed last
year which brought them into force on 1st October 2007.
The changes will make clear that denial of service attacks
are illegal. Such attacks can disable a website or computer network
through the automated sending of countless, near-simultaneous
messages which clog up a network.
The changes will also make it an offence to distribute tools
which are "likely" to be used for hacking computer networks. This
part of the law has been controversial because experts have warned
that it could criminalise some research into hacking.
Anyone found guilty of launching a denial of service attack
could be imprisoned for up to 10 years. The new law also increases
the maximum sentence for unauthorised access to computer networks
from six months to two years.
The changes are to be made by bringing into force some parts of
the Police & Justice Act and the Serious Crime Act that have
been passed but have remained inactive.
The Home Office said that a Statutory Instrument will bring
those parts of the law into force in October 2008, though it could
not give a precise date.
The specific outlawing of denial of service attacks was thought
necessary after a teenager was cleared of any offence after sending
five million emails to his employer.
Lennon's lawyer successfully argued that because his employer's
email server was designed to accept emails, Lennon committed no
offence in sending email to it.
The trial judge found that no offence had been committed under
the Computer Misuse Act, though the Court of Appeal later ruled
that the judge had been wrong to draw that conclusion.
The changes to the law were made in November 2006.
