British Teen Cleared in "E-mail Bomb" Case 155
legaleagll writes "According to this article , a British Judge has ruled that a teen who sent approximately 5,000,000 e-mails to his former employer was not in violation of the U.K.'s Computer Misuse Act. It appears that the Computer Misuse Act is a bit outdated being that it was created 15 years ago when a number, perhaps most, of the current methods for misuse of computers were not contemplated."
Pros and Cons of a good piece of legislation (Score:5, Insightful)
Time for a new server. (Score:4, Insightful)
Proof... (Score:5, Insightful)
Really quite a predicament when too fast means you get poorly written laws, and too slow means the bad guys can work "legally" for a while...
Re:Time for a new server. (Score:4, Insightful)
spam (Score:1, Insightful)
Re:Pros and Cons of a good piece of legislation (Score:4, Insightful)
Thus, the Second Amendment allows citizens to bear arms so that they are never helpless before the government, but more current legislation is designed to keep criminals from using guns to harm citizens (no concealed weapons in certain locales, background checks, etc.)
Re:Pros and Cons of a good piece of legislation (Score:3, Insightful)
Really, it should be extremely difficult to pass a new law, and it should be clear that there is a solid need for it. Yes, that means the first people who commit crimes using new technology in new ways may not be prosecuted (note that I'm not talking about using new technology to commit EXISTING crimes), but that's better than the alternative. (And I wouldn't say in this case the kid got away scot free-- he was prosecuted, which at the very least is a scary thing, and potentially costly in legal bills as well.)
Oh and yeah, that kind of sucks for the victim, but in some cases (like this) the matter could at least be taken to civil trial.
Sorry, but that's a pretty dumb comment... (Score:3, Insightful)
Do you have any idea of the size of the company involved?
For all you know, the company concerned might have no more than a handful of employees, so a mail server capable of handling 5 million emails in a short space of time would be totally inappropriate. Not all computer crime is committed against large organisations that have turnovers that are measured in millions or even billions.
Wasting police and court time? Well, if the police were involved then there's a good chance that the prosecution was brought by the Crown Prosecution Service (ie, the government), so someone in the appropriate position of authority thought it was a sensible case to persue.
And even if it was a civil case, well, then that's what courts are for: to listen to all the evidence, consider all the facts, and make a judgment one way or another when two parties are in dispute.
Re:'editors' heh (Score:1, Insightful)
How the fuck does this have anything to do with "my rights online?"
Unless you think I have an inalienable right to be an assclown, in which case, HAND.
Re:Only 5 million emails and the server crashed? (Score:3, Insightful)
Re:Sorry, but that's a pretty dumb comment... (Score:3, Insightful)
For all you know, the company concerned might have no more than a handful of employees, so a mail server capable of handling 5 million emails in a short space of time would be totally inappropriate.
Let's see - 5M messages at 10k each = 50GB. If it were a small company, they may have only had a 1.5Mb line, so that 50GB would take about 50GB/150K/3600 = 92 hours to complete. Any mail server can handle that, and any competent admin should be able to block the messages within four days!
Of course, a 3rd party hosted mail server could handle the mail a bit faster, so the only question is whether 50GB is an excessive amount. Since I have a 300MB quota, it might be. Then again, maybe not - disk space is cheap, and nuking one message sent to any number of people is pretty straightforward.
Re:Pros and Cons of a good piece of legislation (Score:2, Insightful)
Re:Your Rights Online? (Score:2, Insightful)
If this guy would be punished for annoying people by sending 3 millions E-Mails, it would set precedent to punish spammers.
It would seriously harm advertising industry, if spam would be banned. No responsible jugde would allow this to happen.
Re:Time for a new server. (Score:5, Insightful)
My "not credible" numbers are very typical for scenarios I work in. In this world of small enterprises, it's very normal to run an entire business with just a single server. Bitch all you want to about whatever security issues, I sure have.
Small business owners tend to have a case of megalomania. If they can pet the box, they "own" it. Thus, they'll spend $2,000 on a server rather than $25/mo on a managed solution because they can pet the box, even as they explain about the increased downtime because they don't have a dedicated admin, like their ISP.
Just because it's not true in your world, doesn't mean it isn't true!
Re:Pros and Cons of a good piece of legislation (Score:3, Insightful)
Simple you provide a set of guidelines, perhaps backed up by examples, that define misuse. For instance phrase it thus:
It would be quite easy to prove that sending 3,000,000 emails to your ex-employer, especially in a short span of time, would fall foul of that law. Yes, you have to prove intent but you would have to do that anyway. Accidents wouldn't fall foul of this law but a clause for negligence could be added. The problem is that a law thus phrased would require interpretation by the jury which is something most Governments seem loath to allow them to do. The upside is that this law would be good for the foreseeable future and would probably cover most new crimes. I suppose the problem is that if we had high level laws and a true trial by jury the Govenment would rapidly lose one of it's basic functions - to make more laws.
computer misuse act does NOT need updating (Score:5, Insightful)
Denial of service is probably very difficult to encode in a similar fashion, since I do not see what *criminal* offence it would equate to.
In this particular care, there is no essential difference between sending a million emails and sending a million letters by post - both would swamp the service, but equally both are simply making use of the (e)mailing infrastructure as it was designed. (Yes I know letters cost more. That's irrelevant - they require more effort to deliver, and are priced accordingly).
Taking a different example, such as opening thousands of connections to a server with intent to deprive others' of access to it, I still can't see what equivalent physical world *criminal* offence has been committed. In this case an analogy requires many people, but what difference is it if a thousand people stand on the pavement outside a shop entrance effectively preventing other shoppers from entering, due to weight of numbers? Sure, the police can ask people to move on, which is the same as closing those open connections, no?
Since most electronic systems only enact operations which have equivalents in the physical world, I do not see how it would be right to create a law which makes the electronic equivalent illegal, when the physical original is not. This use of legislation creates the likes of the DMCA.
The Computer Misuse Act is a rare example of a really *good* law which is (1) broad enough to capture most offenders (2) easily tested for applicabilty i.e. not complicated with exceptions, extensions, etc and (3) not so vague that it is open to abuse.
Re:Your Rights Online? (Score:2, Insightful)
Getting on trains, if you're Brazilian.
Re:Pros and Cons of a good piece of legislation (Score:3, Insightful)
There are many such laws. For example, criminal damage. If you infringe on another's property rights by physically damaging his/her property (be it a horsebuggy, a door, or an iPod) without permission, that's a crime. Many laws are put in a technology-neutral way. The problem is that with new technologies, often the first laws to fight some sort of nuisance are framed in a technology-non-neutral choice of words. That's why there were junk-fax statutes even before e-mail spam came along.
Also, there are judges and juries determining whether a certain law should apply, even if the wording is a bit off. And to what extent (e.g. 2nd amendment - not good for carrying nuclear warheads..)
Then, finally, there's your run off the mill lawsuits, where you can get a court to compel some one to stop being a jerk and to pay damages. Not being criminal court the standards for evidence, as well as the standards for strict interpretation of the law, are a bit laxer. In general, if some one is being a jerk, you'll be able to seek judgement against them, even if what they're doing isn't a punishable offense, or even specifically legislated against - unless there's legislation spelling out it's their right to be jerks (i.e. the first amendment, though even in that case, you can slap time, manner and place restrictions on people).
It's not that the law isn't flexible. It's just that there's a process, and different ways of seeking retribution. And sometimes you don't get to act out revenge, because something isn't on the books, or, *gasp*, some one is allowed to be a jerk.
Attack? (Score:2, Insightful)
Re:computer misuse act does NOT need updating (Score:4, Insightful)
You wouldn't get very far with this argument. Anything placed on a website is published. Anything published is public, therefore access is de facto authorised.
Now obviously you can put access controls on a website. But then you've taken a step to define authorised access. If you give someone a username and password, you've granted access. If someone obtains a username or password without permission, that's unauthorised. If someone bypasses this access control (and this bypass would probably have to be non-trivial; so if for example someone could cut and paste a URL which went directly to the material without being prompted, this would not apply) then it is unauthorised.
I personally think that "computer material" was a bad choice of phrase, and that "computer system(s)" is more appropriate. I cannot think of a way in which access controls could be devised which would NOT involve the owner of a computer system defining (at least implicitly) "authorised access". I'd make the assumption that in giving permission to put computer material on a computer system the owner of the material has agreed with the owner of the system on what arrangements are made for authorised access.
If my reading is correct it means a court gets to decide what is or is not authorised based on the circumstances, which is the Right Way IMO. Putting every conceivable situation in the Act would either be draconian or prone to loopholes as previously unconsidered situations arise.
Please give post your e-mail address so I can send details of the criminal suit against you 5 million times.
You're joking, of course. I suspect you could be charged with harassment (though maybe not criminally) and I would seek an injunction to stop you. Furthermore, the fact that you have made a threat which you are capable of carrying out might be common assault (which is a criminal offence).