Forwarded from: Elyn Wollensky <elynat_private> http://www.silicon.com/a50435 Joey Gardiner Tuesday 15th January 2002 A war of words has broken out between Energis and a UK webmaster after a hacker tried to break into a website from a domain managed by the ISP. The row erupted after Freeserve user John Chamberlain noticed attempts were being made to hack into his website. They stemmed from an Energis domain, and although the ISP claims it traced the source and took 'appropriate action', it has so far refused to name the guilty party. Energis says the Data Protection Act (DPA) prevents it from releasing that information. But Chamberlain is now considering legal action to try to gain access to the information, saying he has his own responsibilities to protect confidential data under the same legislation. Chamberlain is worried about his own liability if he doesn't make every effort to keep his alchemyproject.net site secure. There is also concern that Energis' commitment to the DPA is forcing it to unwittingly cover up the attempted hack, which is a crime under the Computer Misuse Act. Lawyers agree the legal position is very confused in this area. Simon Stokes, head of ecommerce at law firm Tarlo Lyons, said: "It's a very grey area indeed. Hacking, and the intent to hack, is illegal, so in one sense Energis has a duty to not conceal this. However, it does of course have obligations to its users under the DPA." Stokes said it is clear Energis has a responsibility to provide all of this information to authorities once any kind of civil or criminal investigation is launched. Other lawyers agree there is a definite conflict between the Data Protection Act and the Computer Misuse Act in cases such as these. Energis could not provide silicon.com with a copy of its standard procedures at the time of publication, but said: "If we believe that a criminal act has taken place, we would advise the complainant to report the issue to their local police station and we would work within the law to identify the alleged offender." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 01:09:20 PST