Skip to main content

Teenager gets off in five million email case

A teenager managed to escape trial (opens in new tab)last week after a judge at Wimbledon Magistrates Court ruled that the lad - who was aged 16 at

the time when he allegedly flooded his former employers' email system with five million emails - had no case to answer.

ZDNet reports that District Judge Kenneth Grant ruled that the teenager's alleged actions were not an offence under Section Three of the Computer Misuse Act (CMA) caused his former employer's email servers to crash.

In his written ruling, Judge Grant said: "In this case the individual emails caused to be sent each caused a modification which was in each case an 'authorised' modification. Although they were sent in bulk resulting in the overwhelming of the server, the effect on the server is not a modification addressed by section three [of the CMA]."

Peter Sommer (opens in new tab), the security guru - who is is also a fellow at the LSE - acted as expert witness for the defence. His presentation to the court was that there was no case to answer as, although the teenager did send five million emails, the lad did not modify any information.

The case has some interesting parallels with my own hacking case (opens in new tab)back in 1985 (to 1989), in that the prosecution tried to nail the teenager

with a pretty heavy bit of legislation.

In my own case - in which I was acquitted on appeal, and which resulted in the creation of the Computer Misuse Act (my 15 seconds of fame!) - the prosecution tried to nail Rob Schifreen and myself under the Forgery Act, reasoning that the act of using an ID/password without the permission of the holder (BT) was analogous to printing off dud fivers.

(One of the BT ID/password combos we used as 2222222222/2222 - pretty secure huh?)

In my own case, because the offence was so grave, Rob Schifreen ended up being grilled senseless at two week crown court trial. NOT and experience I want to repeat, I can tell you.

In this latest prosecution if the prosecution had laid charges under the Protection from Harassment Act 1997, the result would more likely have been a guilty one, and a modest fine would have resulted.

Instead, the Crown Prosecution Service (opens in new tab) decided to try and nail the defendant with Section Three of the CMA, and failed.

Even if the lad had been found guilty, because he was under age, the penalties wouldn't have been that severe.

The nett result of this case is:

(1) It highlights the need for a reform of the CMA

(2) It results in a waste of a considerable sum of public money

(3) It shows up the CPS in a bad light

Now I'm not arguing for hackers to be let off. In my own case, I can cheerfully admit we were bloody stupid in what we did. But what I can say that the prosecution tried to make a mountain out of a molehill, and wasted £1.9 million of tax-payers money in the process.

Some things never change...