A court ruling that denial of service attacks were not illegal in the UK has been overturned on appeal
The need for updates to the UK’s computer crime laws have been highlighted again this week, as an appeals court ruled that the decision to let off a so-called ‘email bomber’ last November was the wrong one.
The case involves David Lennon, who was accused of crashing his previous employer’s email server by sending hundreds of thousands of messages. However, Lennon was cleared after arguing that the purpose of an email server is to receive messages. The judge ruled that these types of attacks are not illegal under the Computer Misuse Act (CMA), and so the case never went to trial.
However, the Court of Appeals has now ruled against that decision. It found that while a computer owner would consent to receiving emails, this consent would have limits – and would not cover messages that had been sent to disrupt the system rather than for communication purposes. The court also agreed that Lennon’s acts could be interpreted as unauthorised modification of a computer system through adding unauthorised data.
According to IT law web site Outlaw.com, Lennon, who could not be named when he was cleared because he was under 18, must now decide whether to plead guilty or stand trial in the magistrates' court. He faces a maximum five-year prison sentence if convicted.
The about-turn in this case could put pressure on the government to speed up implementation of the Police and Justice Bill, which contains proposals for updates to the CMA, which has long been criticised for failing to clarify denial-of-service attacks as illegal and for the leniency of its maximum penalties.
Under the update proposals, the maximum penalty for maliciously impairing a computer would be increased from five to 10 years; while unauthorised access to computer material could result in a custodial sentence of up to two years, instead of just six months. The changes would also make denial-of-service attacks illegal, closing the current loophole in UK law.
The bill was first announced in January, and passed its first reading in parliament in March. It is expected to become law by this autumn.
The need for updates to the UK’s computer crime laws have been highlighted again this week, as an appeals court ruled that the decision to let off a so-called ‘email bomber’ last November was the wrong one.
The case involves David Lennon, who was accused of crashing his previous employer’s email server by sending hundreds of thousands of messages. However, Lennon was cleared after arguing that the purpose of an email server is to receive messages. The judge ruled that these types of attacks are not illegal under the Computer Misuse Act (CMA), and so the case never went to trial.
However, the Court of Appeals has now ruled against that decision. It found that while a computer owner would consent to receiving emails, this consent would have limits – and would not cover messages that had been sent to disrupt the system rather than for communication purposes. The court also agreed that Lennon’s acts could be interpreted as unauthorised modification of a computer system through adding unauthorised data.
According to IT law web site Outlaw.com, Lennon, who could not be named when he was cleared because he was under 18, must now decide whether to plead guilty or stand trial in the magistrates' court. He faces a maximum five-year prison sentence if convicted.
The about-turn in this case could put pressure on the government to speed up implementation of the Police and Justice Bill, which contains proposals for updates to the CMA, which has long been criticised for failing to clarify denial-of-service attacks as illegal and for the leniency of its maximum penalties.
Under the update proposals, the maximum penalty for maliciously impairing a computer would be increased from five to 10 years; while unauthorised access to computer material could result in a custodial sentence of up to two years, instead of just six months. The changes would also make denial-of-service attacks illegal, closing the current loophole in UK law.
The bill was first announced in January, and passed its first reading in parliament in March. It is expected to become law by this autumn.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: