X
Tech
Home Tech Services & Software Collaboration

British teen cleared in 'e-mail bomb' case

A British teenager has been cleared of launching a denial-of-service attack against his former employer, in a ruling that delivers another blow to the UK's Computer Misuse Act.At Wimbledon Magistrates Court in London, District Judge Kenneth Grant ruled on Wednesday that the teenager had not broken the CMA, under which he was charged.
Written by Tom Espiner, Contributor
A British teenager has been cleared of launching a denial-of-service attack against his former employer, in a ruling that delivers another blow to the UK's Computer Misuse Act.

At Wimbledon Magistrates Court in London, District Judge Kenneth Grant ruled on Wednesday that the teenager had not broken the CMA, under which he was charged. The defendant, who can't be named for legal reasons, was accused of sending five million e-mail messages to his ex-employer that caused the company's e-mail server to crash.

The teenager greeted the news with relief, although an appeal by the prosecution is still possible. "I feel very happy. This has been going on for two years. At the moment, this is no longer hanging over my head," the teenager said.

The CMA, which was introduced in 1990, does not specifically include a denial-of-service attack as a criminal offence, something some members of the UK parliament want changed. However, it does explicitly outlaw the "unauthorised access" and "unauthorised modification" of computer material. Section 3 of the act, under which the defendant was charged, concerns unauthorised data modification and tampering with systems.

A denial-of-service attack is one in which a flood of information requests is sent to a server, bringing the system to its knees and making it difficult to reach.

The defendant was not called into the witness box during the trial, so it was never confirmed whether an attack had taken place. The defence counsel argued that sending a flood of unsolicited e-mails did not constitute unauthorised access or modification, as the targeted company's e-mail server was set up for the purpose of receiving e-mail messages.

Judge Grant told the court that "the computer world has considerably changed since the 1990 act," and that there was little legal precedent to refer back to. He then ruled that denial-of-service attacks were not illegal under the CMA.

In a written ruling, Judge Grant stated: "In this case, the individual e-mails caused to be sent each caused a modification which was in each case an 'authorised' modification. Although they were sent in bulk resulting in the overwhelming of the server, the effect on the server is not a modification addressed by section 3 (of the CMA)."

"On the narrow issue of an authorised or unauthorised modification, I concluded that no reasonable tribunal could conclude that the modification caused by the e-mails sent by the defendant were unauthorised within the meaning of section 3," Grant added.

Peter Sommer, an expert witness for the defence, called for the law to be revised in light of the trial. "This is an interesting result, which highlights the need for reform of the CMA," Sommer, a senior research fellow in the London School of Economics' Information Systems department, said.

ZDNet UK's Tom Espiner reported from London. For more coverage from ZDNet UK, click here.

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now