DPP v Lennon
| Jurisdiction | England & Wales |
| Judge | LORD JUSTICE KEENE,Mr Justice Jack,MR JUSTICE JACK |
| Judgment Date | 11 May 2006 |
| Neutral Citation | [2006] EWHC 1201 (Admin) |
| Court | Queen's Bench Division (Administrative Court) |
| Docket Number | CO/1004/2006 |
| Date | 11 May 2006 |
[2006] EWHC 1201 (Admin)
IN THE HIGH COURT OF JUSTICE
QUEEN'S BENCH DIVISION
DIVISIONAL COURT
Lord Justice Keene
Mr Justice Jack
CO/1004/2006
MR RICHARD BROWN (instructed by Crown Prosecution Service, Organised Crime Division, 50 Ludgate Hill, London EC4M 7EX) appeared on behalf of the Appellant
MR TOM ALLEN (instructed by Messrs Tuckers Solicitors, Manchester M2 3HZ) appeared on behalf of the Respondent
I shall ask Mr Justice Jack to give the first judgment.
On 2nd November 2005 District Judge Kenneth Grant, sitting as a Youth Court in Wimbledon, ruled that there was no case to answer by the defendant, David Lennon, and dismissed the charge brought against him under section 3(1) of the Computer Misuse Act 1990. The Director of Public Prosecutions now appeals against that decision by case stated.
David Lennon was charged that, contrary to section 3(1), on a day between 30th January and 5th February 2004 he caused an unauthorised modification to a computer belonging to Domestic and General Group Plc ("D&G") with intent to impair the contents of the computer. The facts which lay behind the charge were the following. Mr Lennon was employed by D&G for three months until he was dismissed in December 2003. He was then 16. On 30th January 2004 Mr Lennon started to send emails to D&G using a "mail-bombing" program called Avalanche V3.6 which he had downloaded from the Internet. The program was set to "mail until stopped". That meant it would continue to send emails until it was manually stopped from doing so. The majority of the emails purported to come from Betty Rhodes, who was D&G's Human Resources Manager. Her email address was purportedly used. Each email contained a list of other employees of D&G to whom it was copied once it reached D&G, thus increasing the email traffic. During the last few hours of the emailing different addresses were used. The purpose of this was to try to defeat attempts to prevent the emails from continuing to arrive. The last message stated "it won't stop" and was addressed to Betty Rhodes. It was estimated that Mr Lennon's use of the program caused approximately 5 million emails to be received by the D&G email servers. When D&G's employees arrived for work on Monday 2nd February, they took steps to stop the emails and eventually this was done. Mr Lennon was arrested and interviewed. He admitted sending the emails purporting to come from Betty Rhodes. He said that his intention was to cause a "bit of a mess up" in the company; that he did not consider what he was doing was criminal; that he did not realise the repercussions of his actions; and it was not his intention to cause the damage to D&G which D&G had in fact sustained. He said also that he could have carried out a PING attack, but had not because that would have only slowed the network for a few hours.
The relevant parts of section 3 provide:
"(1) A person is guilty of an offence if—
(a) he does any act which causes an unauthorised modification of the contents of any computer; and
(b) at the time when he does the act he has the requisite intent and the requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing—
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer; or
(c) to impair the operation of any such program or the reliability of any such data.
(3) The intent need not be directed at—
(a) any particular computer;
(b) any particular program or data or a program or data of any particular kind; or
(c) any particular modification or a modification of any particular kind.
(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.
(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary."
It is also necessary to refer to the interpretation provisions of section 17. Subsections (7) and (8) are relevant. They provide:
"(7) A modification of the contents of any computer takes place if, by the operation of any function of the computer concerned or any other computer—
(a) any program or data held in the computer concerned is altered or erased; or
(b) any program or data is added to its contents;
and any act which contributes towards causing such a modification shall be regarded as causing it.
(8) Such a modification is unauthorised if—
(a) the person whose act causes it is not himself entitled to determine whether the modification should be made; and
(b) he does not have consent to the modification from any person who is so entitled."
The prosecution case was that by his actions in relation to the Avalanche program Mr Lennon caused an unauthorised modification to the contents of D&G's computers by adding data to their contents, that is to say, the half million emails which he caused to be sent, and that when he did so he had the requisite intent and the requisite knowledge. It was alleged that he had the requisite intent as provided for by section 3(2) because he intended to hinder the operation of the computers by overwhelming them with the emails —section 3(2)(a), and that he intended thereby to prevent or hinder access to their programs and data —section 3(2)(b), and to impair the operation of their programs and the reliability of their data —section 3(2)(c). It was alleged that he had the requisite knowledge as provided for by section 3(4) because he had knowledge that the modifications he intended to cause by adding the emails to the data in the computers were unauthorised. All of this was accepted on behalf of Mr Lennon as sustainable in law, save that it was submitted that on the evidence the modifications could not be shown to be unauthorised. The basis of that submission was that the function of the servers was to receive emails, so D&G clearly consented to receiving emails on them, and so D&G authorised potential senders...
To continue reading
Request your trial
-
Hksar v Chu Tsun Wai
...it is a decision on a different statute, there is some analogy with the decision of the English Divisional Court in DPP v Lennon [2006] EWHC 1201 (Admin) on the question of whether the owner of a computer consented to receive the equivalent of a DDoS attack in the form of a torrent of e-mai......
-
Table of Cases
...190 DPP v Lawrence [2007] EWHC 2154 (Admin), [2008] 1 Cr App R 147, [2008] Crim LR 383, [2007] All ER (D) 235 (Jul) 227 DPP v Lennon [2006] EWHC 1201 (Admin), (2006) 170 JP 532, [2006] Info TLR 311, (2006) 150 SJLB 667 19, 27–28, 33 DPP v McKeown, DPP v Jones [1997] 1 WLR 295, [1997] 1 All ......
-
Offences Involving Misuse of Computers
...of the actus reus failed to encompass Denial of Service (DoS) attacks (see para 1.5.2), despite the judgment in DPP v Lennon [2006] EWHC 1201 (Admin) indicating that it could. 35 The amendment of section 3 of the CMA 1990 brought it into line with the United Kingdom’s obligations under Arti......
-
Computer Misuse: The Implications of the Police and Justice Act 2006
...accessed 22 November 2007. 3 ETS No. 185, Budapest (23 November 2001).4 [2006] EWHC 1201 (Admin).5 The particular problems posed for the law by Lennon can be found in my case entitled ‘Computer Misuse: Denial-of-service Attacks’, DPP v Lennon (2006) 70 JCL474. 6 (2005–06), Bill 119. The Jou......
-
Table of Cases, Volume 79, 2006
...TABLE OF CASES, VOLUME 79, 2006Director of Public Prosecutions v David Lennon [2006] EWHC 1201 (Admin) 368–370DPP v Camplin [1978] AC 705 279Gouriet v Union of Post Office Workers [1978] AC 435 376Jones (Respondent) v Whalley (Appellant) [2006] UKHL 41 374–376Meadow v General Medical Counc......