I was musing with Josh this evening about the Computer Misuse Act and its apparent vagueness in 1) what contemplates actual misuse, and 2) the punishment one would receive in offending it. There are plans in the works to introduce a new bill which would update the current computer misuse specifics, especially in regards to network-based attacks, such as Denial of Service attacks and the production and promotion of tools which aid these (which is where a lot of vagueness on behalf of the government comes in again).
So this got me thinking – I couldn’t knowingly carry out a DoS attack on a specific target without incurring what appears to be some serious penalty (like several years in prison). So why not just apply the same logic to the new computer misuse act in the same way the government and legal system applies laws and penalties to non-tech situations?
For example; the law declares that it’s perfectly legal to protect yourself from assault using “necessary force” for “self-defence”. At the moment, if someone were to attempt to DoS me, and in retaliation and “self-defence” I quickly DoS’d them back, myself and the offending party would face prosecution under the computer misuse act. However, my attack was only in self-defence, in order to protect my(computer)self, so I think I should be immune to any prosecution.
And onto another example, the “pre-emptive strike”. The government seems to think this is a perfectly fair, reasonable and legal stance to take in the 21st century. After all, if I’ve got the name of a suspected spammer, and have the tools at my disposal to stop him before he has the chance to spam me, shouldn’t I be allowed to?