A British teenager who allegedly flooded his former employers' email system with five million emails has escaped trial after a judge ruled that he had no case to answer.

The ruling at Wimbledon Magistrates Court raises fresh doubts about the effectiveness of the Computer Misuse Act [CMA] in dealing with denial of service attacks by hackers.

The Computer Misuse Act - which dates back to 1990, before the widespread use of the net - outlaws the "unauthorised access" or "unauthorised modification" of computer systems. The unnamed teenager was charged under Section Three of the Act which covers the more serious offence of unauthorised modification of a computer system.

The judge accepted defence arguments that since the firm's email server was set up for the express purpose of receiving emails then sending a flood of unsolicited emails could not be considered an act of unauthorised modification.

In a written ruling, Judge Grant said: "In this case the individual emails caused to be sent each caused a modification which was in each case an 'authorised' modification. Although they were sent in bulk resulting in the overwhelming of the server, the effect on the server is not a modification addressed by section 3 [of the CMA]."

Zdnet reports that the defendant was not called to testify so it remains unclear whether or not he was responsible for the alleged attack. Peter Sommer, expert witness for the defence, said the case highlighted a need to reform the UK's Computer Misuse Act. ®

Related stories

• Kid who crashed email server gets tagged (23 August 2006)
• Teen accused of 'email bombing' faces retrial (12 May 2006)
• Home Office pushes tough anti-hacker law (26 January 2006)
• North West biz buried in email blitz (30 November 2004)
• German jailed for email bomb hoax (9 September 2004)
• Analysis Enforcement is key to fighting cybercrime (2 July 2004)
• MPs demand big stick for hackers (30 June 2004)
• MPs urged to reform cybercrime laws (30 April 2004)