Saturday, November 25, 2006

A Double-Edged Sword

There is a new Police and Justice Law in the U.K. which reads in part:

"Unauthorised acts with intent to impair operation of computer, etc
For section 3 of the 1990 Act (unauthorised modification of computer material)
there is substituted—

“3 Unauthorised acts with intent to impair operation of computer, etc.

(1) A person is guilty of an offence if—

(a) he does any unauthorised act in relation to a computer; and

(b) at the time when he does the act he has the requisite intent and
the requisite knowledge.

(2) For the purposes of subsection (1)(b) above the requisite intent is an
intent to do the act in question and by so doing—

(a) to impair the operation of any computer,

(b) to prevent or hinder access to any program or data held in any
computer, or

(c) to impair the operation of any such program or the reliability of
any such data,

whether permanently or temporarily.

(3) The intent need not be directed at—

(a) any particular computer;

(b) any particular program or data; or

(c) a program or data of any particular kind."
According to Computer Act!ve, this change to the 1990 Computer Misuse Act could place developers of some software tools as well as those warning of security flaws at risk of prosecution:
"The new Act will make a person guilty of an offence "if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, [a hacking offence]".

Richard Clayton, a security researcher at Cambridge University explained: 'A lot of tools are used legally for good purposes but they could also be used for bad. It is also possible that someone who publishes warnings about security flaws could be prosecuted.'"

I think it is too soon to be analyzing how the Courts will interpret the law.

No comments: