Leader News

The CMA is an ass

Leader ZDNet.co.uk

Published: 03 Nov 2005 14:20 GMT

Sometimes, people are convicted of a crime when popular opinion, masquerading rightly or wrongly as the moral opinion, says they should have been acquitted or never charged in the first place. And sometimes, somebody goes free when they have clearly done something wrong.

Rarely do we get both situations under the same law within the space of a few weeks, but that's where we stand today.

The acquittal on Wednesday of a teenager at Wimbledon Magistrates Court is the clearest proof yet of what is wrong with the Computer Misuse Act. We're not concerned so much with the rights and wrongs of a disgruntled individual sending an email bomb to his former employer — something the youth never denied and the judge accepted had happened — but the inability of the CMA to address what would clearly be a denial-of-service attack.

Because sending an individual email to a server could in no way be construed as modifying the server as defined in the Act, the judge ruled that sending a large number of emails could not either. Following this important test case, it is now more likely than ever that other — potentially much more malicious and damaging — types of denial of service attacks will go unpunished. The floodgates have been opened.

At the same time we have the case of Daniel Cuthbert, who was convicted last month under the CMA for what he credibly said was an attempt to ensure that a Tsunami appeal site was genuine. Nobody involved in the case appeared to believe that Cuthbert had intended any malicious actions — by all accounts, he just wanted to check his donation had gone to the right place — yet he was found guilty.

Neither of these cases say anything about the motives of the people involved, nor about the judgement of those presiding. They do however indicate in the starkest form possible the fact that the CMA, 15 years after its introduction, is woefully inadequate to address the threats facing us today.