Monday, October 10, 2005

Judge convicts hacker with "considerable regret"

A security consultant has been convicted under Section 1 of the UK Computer Misuse Act, of unauthorised access to the Disaster Emergency Committee's tsunami fundraising web site. Yet it was agreed by all sides that he had not done anything malicious. However, the law effectively applies a strict liability test and unauthorised access is a crime regardless of the motive of the perpetrator. As the judge said, "unauthorized access, however praiseworthy the motives, is an offense."

Peter Sommer of the London School of Economics reckons the police should have just given him a slap on the wrists. Even the judge said he was convicting "with some considerable regret."

The defendant, Daniel Cuthbert, has lost his job and is having difficulty finding another. Apparently he lied to the police when first arrested, which could have been the reason they decided to prosecute, even when the full circumstances of Cuthbert's actions came to light. The folks working in high tech crime units are over-worked and under-resourced. And I wonder to what the degree the politics of the need for successful convictions drove this case but on balance I agree with Peter Sommer. The prosecution of someone with no malicious intent, who has done no damage, though he has admittedly wasted scarce specialist police ressources, was not in the public interest.

Thanks to Seth Finkelstein for the link.

No comments: