BBC Programme Broke Law With Botnets, Says Lawyer

The BBC has destroyed its botnet and does not control machines any longer. It said it has contacted the 22,000 computer owners to warn them of their machines' vulnerabilities and advise them on how to secure the computers.

Though the activity is likely to have been technically illegal, Robertson said that it is unlikely that the corporation will be punished for it.

"The maximum penalty for this offence is two years' imprisonment. But it is very unlikely that any prosecution will follow because the BBC's actions probably caused no harm. On the contrary, it probably did prompt many people to improve their security," he said.

A blog posting from security firm Sophos suggests that the BBC has committed an offence of making unauthorised modifications to a computer. Robertson said that that is unlikely.

"The offence of unauthorised modification requires a recklessness or an intent that I don't think the BBC has displayed," he said.

Section three of the Computer Misuse Act describes the need for an intent to impair the operation of a computer or to hinder access to data. Such intent is not required for the section one offence of unauthorised access, said Robertson.

The BBC did not respond to OUT-LAW's request for comment. However, a message on the programme's Twitter account suggests that the team did consult lawyers. "We would not put out a show like this one without having taken legal advice," it said.