A UK teenager pleaded guilty on Wednesday to breaking the Computer Misuse Act (CMA) by crashing the email server of his former employer.
David Lennon, 18, was sentenced to a two-month curfew by a judge sitting at Wimbledon Magistrates court.
Lennon had originally been cleared of the charges in November 2005, after another judge ruled that it wasn't an offence to overwhelm an email server with millions of messages. This ruling was later challenged by the Crown Prosecution Service, and in May 2006 the case was sent back to the Magistrates Court.
On Wednesday morning, Judge Dixon ruled that Lennon should be subject to a curfew, which meant he must stay at home between the hours of 12.30am and 7am on weekdays, and between 12.30am and 10am on weekends. If he breaks this curfew, he risks a more serious sentence.
The curfew has been timed so as not to interfere with Lennon's work at a local cinema. Judge Dixon said it was "a happy coincidence" that it will end the day before Lennon starts college in September.
The prosecution dropped their demand that Lennon should pay costs amounting to £29,000, which arose from his attack on Domestic and General Group in which five million emails crashed its servers.
The defence argued that Lennon should receive a conditional discharge, given the confusion over whether the CMA outlawed the sending of masses of emails — known as an email bomb. Judge Dixon, though, argued that this was inappropriate.
"Even given his age at the time, this was a grave offence and caused serious damage, so I need to impose something to make him think again," Judge Dixon told the court.
The case was brought by the Metropolitan Police, which said that Lennon's conviction showed that such cyber-offenses would be treated seriously.
The CMA, which was introduced in 1990, explicitly outlaws the "unauthorised access" and "unauthorised modification" of computer material. Section 3, under which he was charged, concerns unauthorised data modification and tampering with systems.
Lennon's original case was heard by District Judge Kenneth Grant, who ruled that an email bomb did not violate the CMA because email servers were set up to receive emails. As such, each individual email could be ruled to make an "authorised modification" to the server.
The CMA is now seen as insufficient to combat the rise of cybercrimes such as denial-of-service attacks. A series of amendments are being introduced by the Government to update it.
Talkback
Wait a minute. I thought the problem with these kind of people is they're loners who aren't getting out enough.
Isn't he likely to do more damage if he's confined to his bedroom?
Peter, you're right. So I think he should also be sentenced to having someone in his bedroom with him, to keep his mind off computers. I'm sure that someone could be found, for a suitable fee.
That'll teach him!
If I remember rightly, this is the guy that did this because a colleague was sacked for not attending work whilst being in hospital suffering a miscarraige...
So... Good on him! It should have never have gotten this far anyway. While it may not have been the best decision to bombard them with emails, It taught the company to finally treat employees with respect!
Absolutely agree with the other comments...
The curfew will just give this kid time to read more books, do more research and potentially inflict more damage. Not the mention that 12:30am isn't a painful curfew anyway.
What does this curfew have anything to do with the crime? Completely irrelevant!
Spam is not just a nuissance, it clogs our inboxes (http://essentialsecurity.com/Documents/article20.htm). I once had to cancel an email account because it had gotten so bad. Why aren't these guys being PUNISHED?
'Bomber' ?
Too slack, ZDNet. You'll have pictures of naked motherboards on Page 3, next.
The offence doesn't exist, but he was obviously conned into pleading guilty to the charge probably in return for "dropping" the ludicrous compensation claim. Reading between the lines he was probably told he would be let off because of the confusion. What confusion, the law does NOT apply.
This makes things easy for TBs government now as a precedent has been set that this law can be used where they want to and can only be properly overturned by someone with the money to fund it.