A judge has ruled that denial of service attacks are not
illegal under the UK's outdated Computer Misuse Act.
A teenager charged with launching a denial of service (DoS)
attack against his former employer escaped punishment when the
judge threw out the charge after his defence successfully argued
that DoS attacks were not covered by the parts of the act he was
charged under.
District judge Kenneth Grant, sitting at Wimbledon magistrates
court, said that the youth, who can’t be named for legal reasons,
had not broken the law under which he was charged.
The youth had been accused of sending five million e-mails to
his ex-boss as part of a DoS attack that crashed the company’s
e-mail server.
He was charged under section 3 of the 1990 act, which covers
unauthorised data modification and system tampering.
His defence argued that sending a flood of unsolicited e-mails
did not cause unauthorised data modification or tamper with
systems, as an e-mail server was there for the purpose of receiving
e-mails.
The judge agreed with this argument and said DoS attacks were
not illegal under section 3 of the act.
The IT and telecoms industry has reacted angrily, with Cable
& Wireless saying the case demonstrated why the Computer Misuse
Act had to be overhauled.
C&W said the act was 15 years old and out of touch with
computer crime today, having been enacted before the arrival of DoS
attacks and the broadband networks they travel over.
The company called for MPs to look urgently at overhauling the
act to help businesses counter the damage caused by computer
crime.