To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39153882,00.htm

Youth escapes denial of service charge
Defendant doesn't even take the stand due to the wording of outdated Computer Misuse Act...

By Tom Espiner

Published: Thursday 03 November 2005

A British teenager has been cleared of launching a denial-of-service (DoS) attack against his former employer, in a ruling that delivers another blow to the Computer Misuse Act.

Sitting at Wimbledon Magistrates Court, District Judge Kenneth Grant ruled that the youth, who can't be named for legal reasons, had not broken the CMA, under which he was charged. He was accused of sending five million emails to his ex-employer, causing the firm's email server to crash.

The CMA, which was introduced in 1990, explicitly outlaws the 'unauthorised access' and 'unauthorised modification' of computer material. Section 3, under which he was charged, concerns unauthorised data modification and tampering with systems.

The defendant was not called into the witness box during the trial, so he never confirmed whether or not the attack had taken place. The defence counsel argued that sending a flood of unsolicited emails would not cause unauthorised access or modification, as the email server was set up for the purpose of receiving emails.

Judge Grant told the court that "the computer world has considerably changed since the 1990 Act", and that there was little legal precedent to refer back to. He then ruled that DoS attacks were not illegal under the CMA.

Tom Espiner writes for ZDNet UK