NEWS
A British teenager has been cleared of launching a denial-of-service (DoS) attack against his former employer, in a ruling that delivers another blow to the Computer Misuse Act.
Sitting at Wimbledon Magistrates Court, District Judge Kenneth Grant ruled that the youth, who can't be named for legal reasons, had not broken the CMA, under which he was charged. He was accused of sending five million emails to his ex-employer, causing the firm's email server to crash.
The CMA, which was introduced in 1990, explicitly outlaws the 'unauthorised access' and 'unauthorised modification' of computer material. Section 3, under which he was charged, concerns unauthorised data modification and tampering with systems.
The defendant was not called into the witness box during the trial, so he never confirmed whether or not the attack had taken place. The defence counsel argued that sending a flood of unsolicited emails would not cause unauthorised access or modification, as the email server was set up for the purpose of receiving emails.
Judge Grant told the court that "the computer world has considerably changed since the 1990 Act", and that there was little legal precedent to refer back to. He then ruled that DoS attacks were not illegal under the CMA.
Tom Espiner writes for ZDNet UK
Comments
There are 2 comments. Join the discussion
1. anonymous
well that's reassuring, launch a DOS on a UK based site and you can't be touched!
I'm sure there are lots of people who'd like to thank the judge (or should that be JP) for clarifying that.
If everyone sends Tony Blair 5million emails he might get his rear in gear and upate the law sharpish.
2. anonymous
Interesting. I suppose the argument must be that sending an email to an email server is not 'unauthorised'. Everything else then falls down.
The wording of this section of the Act is:
3.-(1) A person is guilty of an offence if-
1. he does any act which causes an unauthorised modification of the contents of any computer; and
2. at the time when he does the act he has the requisite intent and the requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing-
1. to impair the operation of any computer;
2. to prevent or hinder access to any program or data held in any computer; or
3. to impair the operation of any such program or the reliability of any such data.
(3) The intent need not be directed at-
1. any particular computer;
2. any particular program or data or a program or data of any particular kind; or
3. any particular modification or a modification of any particular kind.
(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.
(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.