Prosecutors claimed a victory after an 18-year-old man pleaded guilty yesterday to crashing his former employer's server with a flood of five million emails.
David Lennon, of Bedworth, Warwickshire*, had been charged with violating the Computer Misuse Act of 1990, which prohibits the unauthorised modification of a computer.
Lennon admitted to having 'modified' the server of Domestic and General Group, a company that provides warranties for domestic appliances, by sending the email. But he claimed the email flood was not unauthorised since the website invited comments.
In November a judge agreed, casting doubt on whether the computer crime law was precise enough to allow the successful prosecution of certain kinds of DoS (denial-of-service) attacks.
Prosecutors appealed the ruling, and the Royal Courts of Justice sent the case back to trial on the grounds that the volume of email Lennon sent didn't constitute authorised use.
As a result, Lennon pleaded guilty and was sentenced to two months' curfew, according to the CPS (Crown Prosecution Service), which means he is confined to his home for parts of the day.
While the law wasn't written specifically for an email DoS attack, "it's flexible enough... that the law can develop alongside as technology develops," a CPS spokesman said.
Legislators are debating revisions to the Computer Misuse Act, which is part of the Police and Justice Bill, a broad package of law-enforcement legislation.
The revisions would increase the maximum penalty for unauthorised modification of a computer, under which DoS attacks could be included, from five to 10 years. The maximum penalty for unauthorised access would be raised to two years, up from six months.* The photo that accompanies this story is posed by a model