A U.K. teenager pleaded guilty on Wednesday to breaking the Computer Misuse Act (CMA) by crashing the e-mail server of his former employer.
David Lennon, 18, was sentenced to a two-month curfew by a judge sitting at Wimbledon Magistrates court.
Lennon had originally been cleared of the charges in November 2005, after another judge ruled that it was not an offence to overwhelm an e-mail server with millions of messages. This ruling was later challenged by the Crown Prosecution Service, and in May 2006 the case was sent back to the Magistrates Court.
On Wednesday morning, Judge Dixon ruled that Lennon should be subject to a curfew, which meant he must stay at home between the hours of 12.30am and 7am on weekdays, and between 12.30am and 10am on weekends. If he breaks this curfew, he risks a more serious sentence.
The curfew has been timed so as not to interfere with Lennon's work at a local cinema. Judge Dixon said it was "a happy coincidence" that it will end the day before Lennon starts college in September.
The prosecution dropped their demand that Lennon should pay costs amounting to 29,000 pounds (US$52,989), which arose from his attack on Domestic and General Group in which 5 million e-mail messages crashed its servers.
The defense argued that Lennon should receive a conditional discharge, given the confusion over whether the CMA outlawed the sending of masses of e-mail messages--known as an e-mail bomb. Judge Dixon, though, argued that this was inappropriate.
"Even given his age at the time, this was a grave offence and caused serious damage, so I need to impose something to make him think again," Judge Dixon told the court.
The CMA, which was introduced in 1990, explicitly outlaws the "unauthorized access" and "unauthorized modification" of computer material. Section 3, under which he was charged, concerns unauthorized data modification and tampering with systems.
Lennon's original case was heard by District Judge Kenneth Grant, who ruled that an e-mail bomb did not violate the CMA because e-mail servers were set up to receive e-mail. As such, each individual e-mail could be ruled to make an "authorized modification" to the server.
The CMA is now seen as insufficient to combat the rise of cybercrimes such as denial-of-service attacks. A series of amendments are being introduced by the Government to update it.