Slashdot Mirror

← Back to Stories (view on slashdot.org)

British Teen Cleared in "E-mail Bomb" Case

Posted by samzenpus on from the whatever-I-do-what-I-want dept.

legaleagll writes "According to this article , a British Judge has ruled that a teen who sent approximately 5,000,000 e-mails to his former employer was not in violation of the U.K.'s Computer Misuse Act. It appears that the Computer Misuse Act is a bit outdated being that it was created 15 years ago when a number, perhaps most, of the current methods for misuse of computers were not contemplated."

8 of 155 comments (clear)

  1. Pros and Cons of a good piece of legislation by Palal · · Score: 5, Insightful

    How do we strike a balance between a piece of legislation that covers any crime that may not have been thought up yet, without prohibiting activities that are not necesserily criminal that will be invented in the future? This is something that no country has come up with yet and this is unlikely to happen any time soon due to various governments in power. (cough)

    --
    -Palal
    1. Re:Pros and Cons of a good piece of legislation by grogdamighty · · Score: 4, Insightful
      The obvious answer is that legislation should be for there here and now, updated as necessary for changes in society. Rather, any "enduring" legal work should be through the constitution - the basic rights fleshed out by legislation.

      Thus, the Second Amendment allows citizens to bear arms so that they are never helpless before the government, but more current legislation is designed to keep criminals from using guns to harm citizens (no concealed weapons in certain locales, background checks, etc.)

      --
      My other sig is funny.
  2. Time for a new server. by CyricZ · · Score: 4, Insightful

    Perhaps it is time for that business to invest in a more modern mail server. Indeed, even the lowliest of Dell servers running Linux or FreeBSD can easily handle 5 million email messages, even if sent in a very short period of time. A large amount of mail should never cause the server to completely crash, even if it does consume much bandwidth and cause other delays.

    --
    Cyric Zndovzny at your service.
    1. Re:Time for a new server. by CyricZ · · Score: 3, Insightful

      Would my server straight out die? Of course not. It would queue the messages for as long as possible, and if the server happened to run out of disk space, it would begin rejecting the messages. The one thing it would not do is crash.

      --
      Cyric Zndovzny at your service.
    2. Re:Time for a new server. by mcrbids · · Score: 5, Insightful

      I take you you have little/no experience working with small businesses?

      My "not credible" numbers are very typical for scenarios I work in. In this world of small enterprises, it's very normal to run an entire business with just a single server. Bitch all you want to about whatever security issues, I sure have.

      Small business owners tend to have a case of megalomania. If they can pet the box, they "own" it. Thus, they'll spend $2,000 on a server rather than $25/mo on a managed solution because they can pet the box, even as they explain about the increased downtime because they don't have a dedicated admin, like their ISP.

      Just because it's not true in your world, doesn't mean it isn't true!

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  3. Proof... by hoka · · Score: 4, Insightful

    That law has a hard time keeping up with technology. It takes a long time for laws to be made, changed, proven, and stand up in court. It doesn't take nearly as long in the technological world for attacks, defenses, and things in general to change. This is where a lot of the problems are coming from, since most of the time when you get things that are pushed out quickly there are all sorts of acts or laws such as the DMCA or Canadian Do-Not-Call list) which contain all sorts of problems in one way or another. It's just a shame it will take so long for things to really shape up.

    Really quite a predicament when too fast means you get poorly written laws, and too slow means the bad guys can work "legally" for a while...

  4. computer misuse act does NOT need updating by irw · · Score: 5, Insightful

    The Computer Misuse Act seems to have been designed to encode the electronic equivalent of breaking-and-entering (offences 1 & 2) and criminal damage (offence 3).

    Denial of service is probably very difficult to encode in a similar fashion, since I do not see what *criminal* offence it would equate to.

    In this particular care, there is no essential difference between sending a million emails and sending a million letters by post - both would swamp the service, but equally both are simply making use of the (e)mailing infrastructure as it was designed. (Yes I know letters cost more. That's irrelevant - they require more effort to deliver, and are priced accordingly).

    Taking a different example, such as opening thousands of connections to a server with intent to deprive others' of access to it, I still can't see what equivalent physical world *criminal* offence has been committed. In this case an analogy requires many people, but what difference is it if a thousand people stand on the pavement outside a shop entrance effectively preventing other shoppers from entering, due to weight of numbers? Sure, the police can ask people to move on, which is the same as closing those open connections, no?

    Since most electronic systems only enact operations which have equivalents in the physical world, I do not see how it would be right to create a law which makes the electronic equivalent illegal, when the physical original is not. This use of legislation creates the likes of the DMCA.

    The Computer Misuse Act is a rare example of a really *good* law which is (1) broad enough to capture most offenders (2) easily tested for applicabilty i.e. not complicated with exceptions, extensions, etc and (3) not so vague that it is open to abuse.

    1. Re:computer misuse act does NOT need updating by irw · · Score: 3, Insightful
      Why not set up www.you're-not-allowed-to-look-at-this.com and launch a criminal suit against anyone who has a peek? In fact, you are officially NOT AUTHORISED to read this message.

      You wouldn't get very far with this argument. Anything placed on a website is published. Anything published is public, therefore access is de facto authorised.

      Now obviously you can put access controls on a website. But then you've taken a step to define authorised access. If you give someone a username and password, you've granted access. If someone obtains a username or password without permission, that's unauthorised. If someone bypasses this access control (and this bypass would probably have to be non-trivial; so if for example someone could cut and paste a URL which went directly to the material without being prompted, this would not apply) then it is unauthorised.

      I personally think that "computer material" was a bad choice of phrase, and that "computer system(s)" is more appropriate. I cannot think of a way in which access controls could be devised which would NOT involve the owner of a computer system defining (at least implicitly) "authorised access". I'd make the assumption that in giving permission to put computer material on a computer system the owner of the material has agreed with the owner of the system on what arrangements are made for authorised access.

      If my reading is correct it means a court gets to decide what is or is not authorised based on the circumstances, which is the Right Way IMO. Putting every conceivable situation in the Act would either be draconian or prone to loopholes as previously unconsidered situations arise.

      Please give post your e-mail address so I can send details of the criminal suit against you 5 million times.

      You're joking, of course. I suspect you could be charged with harassment (though maybe not criminally) and I would seek an injunction to stop you. Furthermore, the fact that you have made a threat which you are capable of carrying out might be common assault (which is a criminal offence).