Monday, January 17, 2011

Out Door Lighting Alarm

DoS attacks or questions about the effectiveness of law reform

is good that a company shall be equipped with articulated standards and mechanisms to punish those who by their actions cause damage to property or rights of third parties provided that the punishment meets a series of human principles that has cost us many centuries, and efforts to achieve.

laws also should be useful and should be applicable, as in the case of no good for nothing in reality are like a sad effort discredits both those who make the laws as to the latter and ultimately resents the credibility of citizens in the system.

As I was saying, we are witnessing the embryo of the first major online demonstrations against the policy objectives set in Spain, particularly against so-called Law Sinde, but also worldwide against companies bowed to the wishes of States united in their crusade against Wikileaks.

In this connection it is recalled the entry into force on 23 December Penal Code which devotes one of his articles to describe offense conduct that can be identified as a DoS attack, Article 264:
1. Who by any means without permission and erase seriously, would damage, deterioration, alteration, deletion, or did inaccessible data, software or electronic documents outside, where the result produced is serious, shall be punished with imprisonment from six months to two years.
2. He who by any means, without the authorization and seriously obstruct or interrupt the operation of a foreign computer system, inputting, transmitting, damaging, deleting, deteriorating, altering, suppressing or rendering inaccessible computer data produced when the result is serious, shall be punished with imprisonment from six months to three years.
One element of the type, and that is determining the severity of the outcome will occur. This gravity is a criterion to be a result of the interpretation that judges or courts do, but input will cause fear for the uncertainty of knowing when Setara to a crime or not.

But the problem comes in identifying the perpetrator of the crime, committed the crime because the Internet will have the problem of identifying the responsible after a specific IP address from which the attack takes place.

is a recurring theme in this blog is about the content of Law 25/2007 on Data Retention and conditions to identify the person to whom the telecommunications service provider has assigned a specific IP.

Says
1. This Act is to regulate the obligation of operators to retain data generated or processed in connection with the provision of electronic communications services or of public communications networks, and the duty of transfer of such data authorized agents if they are required by the relevant judicial authorization purposes detection, investigation and prosecution of serious crimes referred to in Penal Code or special penal laws.
2. This Act shall apply to traffic data and location of natural and legal persons related data necessary to identify the subscriber or registered user.
That is, any transfer of data to identify a particular subscriber to the IP that is assigned only be made to the appropriate judicial authority, but only for serious crimes. And what are the serious offenses?

According
the Criminal Code, Article 13 , serious crimes are those punishable by a severe sentence. And severe penalties, Article 33.2
are severe penalties:
  1. The imprisonment exceeding five years.
So who carries out a DoS attack can not be identified by the court through the IP address from which the attack comes since the law does not authorize the ISP assigns data because the penalty for the offense of computer damage is a maximum of 3 years.

Therefore for able to identify the responsible parties should obtain their identification by other means and it would still be the problem of linking the IP address to the specific person responsible for the attack.

back at this point to start playing what I was saying and decided to ask who legislate behavior, since it makes little sense to include an offense that in most cases will result in failure finding the perpetrator.

For anyone who suffers an attack will be frustrating to know that your issue may not reach the bottom and did not find the person responsible, which will undermine their confidence in the system, and the attacker will feel strong at the impunity with which they can develop their actions, which ultimately does not improve coexistence. Besides that impunity will result in the medium term, an overreaction by the other party that require toughness and other measures which, for the internet, restrict the rights of all.

It is important that whoever legislates do with the whole legal system in the head and not just punitive impulses agenda set by the media, causing public discontent and ineffective laws and institutions constantly undermined.

0 comments:

Post a Comment