Failed UK Case Highlights International Cyberlaw

A fruitless prosecution against a teenager in English court highlights the inadequacy of that nation’s cyberlaws to cope with denial of service attacks.

The youth was accused of sending 5 million e-mails to a former employer, thereby shutting down the company’s servers. The case did not fail because it could not be proved that the teen was the attacker, but because the judge ruled that the United Kingdom’s 15-year-old Computer Misuse Act (CMA) did not outlaw DoS attacks.

The defense argued that sending e-mails, no matter their quantity, could not be considered unauthorized access to or modification of computer systems, which was the charge against the teen, because servers are set up to receive e-mail.

International Hodgepodge

Derek Wyatt, chairman of the All Party Internet Group of the English Parliament’s House of Commons, has been urging updates to the CMA that would outlaw DoS attacks.

While this case occurred entirely within the UK, cybercrime is an international issue. DoS attacks are illegal in the United States, but could a U.S. victim do anything about an attack from the UK?

“If the attack were one that caused harm to a computer system in the United States, and if the impact were great enough, it’s conceivable that someone here might seek to enforce one of a few laws against that British party,” John Palfrey, executive director, Berkman Center for Internet and Society at Harvard, told TechNewsWorld.

“One possible means of doing so is our Computer Fraud and Abuse Act,” he explained. “This points to one very difficult issue: Even where the law might technically extend to people in another country, it might not matter if no one in the affected country decides to try to enforce the law against the attacker.”

Tough to Coordinate

Attempts to put together international regulations that would prevent criminals from taking advantages of one nation’s looser laws to launch an attack on an entity in a more protective nation are slow going.

“There are many, many such efforts, though no particular likelihood that any of those efforts will succeed anytime soon,” Palfrey said.

He cited the World Summit on Information Society (WSIS) to be held Nov. 16-18 in Tunis. Thousands of experts and dozens of heads of state will be on hand to discuss Internet issues such as growth and security, including harmonizing security-related laws.

The International Telecommunications Union’s conference in Hong Kong in December includes a forum on improving regulation of Internet security, such as anti-spam laws.

“There have also been efforts to harmonize criminal laws with respect to Internet, e-commerce, and the like. But these efforts are enormously hard and contentious,” Palfrey said.