tag:blogger.com,1999:blog-3993498847203183398.post4503785961690181821..comments2024-03-28T09:19:27.451+00:00Comments on RevK<sup>®</sup>'s ramblings: A crime that one cannot reportRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-3993498847203183398.post-16681568685491043892017-05-31T20:49:18.366+01:002017-05-31T20:49:18.366+01:00There are three elements to the s3 offence. To my ...There are three elements to the s3 offence. To my mind, there are, in this situation, question marks over at least two of those elements.<br /><br /><b>First</b>, an act must be done in relation to a computer, and that act must be unauthorised.<br /><br />In respect of which computer is an act done here?<br /><br />The ISP will be running one or more computers comprising the filtering system. But the act of uploading the filtering definitions (or whatever similar act it is) is clearly authorised, as it is the ISP’s system: the ISP has responsibility for that computer, and is entitled to change the files on it.<br /><br />The other main computer at issue here is the ISPReview webserver. But is any “act done in relation to” that computer? This seems questionable. An act is done in relation <i>to traffic destined for that computer</i>, sure. <br /><br />I’m unconvinced, though, that an act is done by Sky “in relation to” that webserver.<br /><br />This seems distinguishable from a DoS attack, where one is sending data (or causing other computers to send data) to the target computer. This, to my mind, falls far more readily into “an [unauthorised] act done in relation to a computer”.<br /><br />(There may still be problems: if I run a webserver, I am, I presume, authorising someone to send traffic to it on, say, port 80 and 443. At what point, if any, does “sending traffic” to one of those ports become “sending too much traffic such that it is an unauthorised act”?)<br /><br /><b>Second</b>, if an act is done “in relation to” the webserver, does Sky “know that [that act] is unauthorised”? One would need to ascribe a mens rea to a legal person. That’s not straightforward. It can arise, where the “identification principle” can be applied. This basically requires that the acts and state of mind of the company’s senior managers are given effect to by the company. <br /><br />Could it be proven that a senior officer of the company was sufficiently involved in the decision making here that they “knew” that the act in question was unauthorised, such that this knowledge could be ascribed to the company? That seems like a stretch to me. <br /><br />(As we’ve discussed, I see a difference between someone not knowing that the act is authorised, or not thinking about whether an act is authorised or not, and knowing that the act is not authorised.)<br /><br />The same argument can be made around s3(2), and the mens rea of intent, and 3(3) and reckless.<br /><br />I do take your point that it would be nice if someone had been willing to listen to your complaint, and discuss the detail with you. But I can also understand that, with the limited resources to allocate, someone, somewhere, has to make a decision as to whether a crime was committed. Here, that decision was made sooner than you might have liked, clearly.Anonymoushttps://www.blogger.com/profile/18427000118752159232noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-39838177478475237262017-05-31T20:18:41.959+01:002017-05-31T20:18:41.959+01:00"My point is that an act to block access to d..."My point is that an act to block access to date "on a computer" is clearly an act in relation to *that* computer."<br /><br />Possibly, but is it an unauthorised act? <br /><br />I suspect this must have come up in court and there may well be case law which could clarify.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-27691053823095473122017-05-31T18:53:29.276+01:002017-05-31T18:53:29.276+01:00My point is that an act to block access to date &q...My point is that an act to block access to date "on a computer" is clearly an act in relation to *that* computer. Normally legislation/gov/uk reports updated versions of acts so should show as amended. I am not saying it is sensible, but it does seem clear - the act was in relation to a computer - the computer on which the data resided that could not be accessed. It is an interesting point you raise, I agree.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-69389559108925140032017-05-31T18:51:13.435+01:002017-05-31T18:51:13.435+01:00Totally agree with your points about the ActionFra...Totally agree with your points about the ActionFraud service however.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-1035449053564777022017-05-31T18:49:52.204+01:002017-05-31T18:49:52.204+01:00It's difficult to see how blocking access to a...It's difficult to see how blocking access to a website would be considered as an "unauthorised act in relation to a computer" which is necessary for an offence to occur. (If it were, then firewalls would be illegal).<br /><br />Thinking as I type here, but would you agree that in a DoS attack the packets are sent to the attacked computer, or some intermediary computer which the attacker is not authorised to act on?<br /><br />Also, the 1990 act was modified here:<br /><br />http://www.legislation.gov.uk/ukpga/2006/48<br /><br />See sections 35-38.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-23667436075572639022017-05-31T18:35:41.326+01:002017-05-31T18:35:41.326+01:00Also, if that was their argument I'd have been...Also, if that was their argument I'd have been happy to discuss - they could not even see the law, yet were judging that I was wrong to report it either because I was not a victim or it was not a crime (they did not seem to be clear which).RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-7039193442977763812017-05-31T18:34:47.875+01:002017-05-31T18:34:47.875+01:00The action was prohibiting or hindering address to...The action was prohibiting or hindering address to data on a "computer". It was that computer that is relevant here, surely? Yes, the suspension one is an interesting one. But if this was not the interpretation a DoS attack, being an action on computers that send lots of packets, is not in relation to the attacked computer is it?RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-7208376896237729892017-05-31T18:32:38.170+01:002017-05-31T18:32:38.170+01:00Can I suggest that you are mistaken here;
section...Can I suggest that you are mistaken here;<br /><br />section 3(2)(b) of the Computer Misuse Act only comes in to play if there is a breach of section 3 (1):<br /><br />A person is guilty of an offence if—<br /><br />(a)he does any unauthorised act in relation to a computer;<br /><br />(b)at the time when he does the act he knows that it is unauthorised; and<br /><br />(c)either subsection (2) or subsection (3) below applies. <br /><br />As Sky are authorised to make changes to their own systems, no offence has been commited.<br /><br />If you think about it, this is probably a good thing - otherwise an ISP would be commiting an offence were they to suspend service temporarily for maintenance. Worse still as an ISP you would be commiting an offence by suspending someones internet service for non-payment of their bills!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-85053868617916268862017-05-30T19:50:27.447+01:002017-05-30T19:50:27.447+01:00And don't forget that the CPS have the right t...And don't forget that the CPS have the right to take over private prosecutions - so if you start to prosecute the "wrong person", the CPS can take over the prosecution, and then abandon it. There's nothing unlawful about them doing this - and it's a very good way to stop you prosecuting someone the government doesn't want prosecuted (assuming that they can lean on the DPP to get the CPS to take the prosecution off you).Simon Farnsworthhttps://www.blogger.com/profile/15190608047563530091noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-20903398633704060002017-05-30T17:30:52.008+01:002017-05-30T17:30:52.008+01:00It helps their statistics to not record crimes at ...It helps their statistics to not record crimes at all unless they're planning to put effort into them.Nick Alcockhttps://www.blogger.com/profile/06590610308528769844noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-52929480673870462192017-05-30T14:43:57.985+01:002017-05-30T14:43:57.985+01:00I think the best bit is where the Action Fraud rep...I think the best bit is where the Action Fraud representative says that he can't access the Government site with the legislation - implying that something is (unlawfully?) impeding his access to that site, too.Nick Johnsonhttps://www.blogger.com/profile/04083452977458707717noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-58570555846304355222017-05-30T09:48:15.861+01:002017-05-30T09:48:15.861+01:00Amused by Action Fraud's choice of text colour...Amused by Action Fraud's choice of text colour: http://rationalwiki.org/wiki/Green_inkAnonymoushttps://www.blogger.com/profile/04865364963936135464noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-29545803592627297362017-05-30T07:31:08.896+01:002017-05-30T07:31:08.896+01:00It is clearly a crime of you read yeh CMA. My issu...It is clearly a crime of you read yeh CMA. My issue here is the lack of controls for this arbitrary blocking. Sites do not know they are blocked or by whom or why and have no legal recourse when blocked. RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-61932552205692617642017-05-30T07:28:19.793+01:002017-05-30T07:28:19.793+01:00Not worth it. What pisses me off is that they won&...Not worth it. What pisses me off is that they won't even accept the crime report. I could understand saying not in public interest to prosecute, but refusing to accept the crime report seems crazy.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-45208939849323156732017-05-30T02:23:57.480+01:002017-05-30T02:23:57.480+01:00I'm both an A&A Customer, albeit only for ...I'm both an A&A Customer, albeit only for VoIP services, and a Sky Broadband (& phone, not that I use it) customer. If you need permission off someone, you have mine! Robhttps://www.blogger.com/profile/15492761714688454925noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-31603831574074205362017-05-29T23:14:47.247+01:002017-05-29T23:14:47.247+01:00Irrespective of whether you actually can hammer th...Irrespective of whether you actually can hammer this kind of cock-up into a CMA-shaped hole, this is undoubtedly better left as a matter between Sky's customers, Sky and ISPReview.<br /><br />You trying to drag the forces of law and order into what by any reasonable interpretation would be a civil matter between some parties who might have suffered a minuscule injury and another party who happens to be a competitor of yours looks, at best, absurd.<br />Will Deanhttps://www.blogger.com/profile/15515078919433985452noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-34759771970957180222017-05-29T21:49:48.639+01:002017-05-29T21:49:48.639+01:00Could you not sponsor a private prosecution RevK? ...Could you not sponsor a private prosecution RevK? The Railways do it all the time.Chad Hhttps://www.blogger.com/profile/06466797076721870606noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-32116907524296836162017-05-29T20:45:14.856+01:002017-05-29T20:45:14.856+01:00If you actually DO wish to pursue this its going t...If you actually DO wish to pursue this its going to require you to get a solicitor (& unltimately a QC) involved. Preferably ones with clues about these matters.<br /><br />That's going to cost.<br /><br />English justicial enforcement has always been primarily about property rights and riots likely to damage said property <br /><br />Penalties for violence came later but were usually significantly less severe (proportionally) than penalties for things like debt.<br /><br />Grand Juries got abolished in the 30s (Churchill IIRC) because they had the sad habit of indicting people the state didn't want to prosecute. <br /><br />The CPS sorted all that out as they don't prosecute anyone the "crown" (parliament in theory but the govt/cabinet these days) doesn't want to.<br /><br />This all happened decades before most of your readers were born.<br /><br />The rule of law in E&W is based on wealth & power. Nothing else.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-50840072586071896302017-05-29T20:21:10.284+01:002017-05-29T20:21:10.284+01:00I will if you want but to be brutally frank you...I will if you want but to be brutally frank you're wasting your time. <br /><br />This sort of shit was the whole point of the IWF (nobody's allowed to know what's on it) list in the first place. For anyone naive enough to think otherwise have a look at the ex-plod & ex-secret squirrel/civil-service mob who run it.<br /><br />Also "Action Fraud" are nothing other than a shill service for the banks to reduce their costs. <br /><br />AFAIK (In)Action Fraud won't look at losses/theft under £100k for an individual case & even then you'd be better off asking next-door's cat.<br /><br />So even if you do get someone to complain they're going to say "not £100k loss, you'll get a crime reference number & don't call us".<br /><br />Been like this a long long time Adrian....Anonymousnoreply@blogger.com