Published on Jaani.net (http://www.jaani.net)
User of Lynx Web Browser Found Guilty for Intrusion
Created 08.10.2005 - 14:09

Man attempts to make donation to tsunami relief fund, gets prosecuted for cybercrime violation. This is quite astonishing:

Last January, I got an email from a trusted source swearing that a good pal of his had been arrested while making a donation to an online tsunami relief fund because he’d been using a non-standard text-based browser that triggered the donor’s intrusion detection system.

… He says that he wasn’t just using nonstandard browser, but that’d he’d also probed the system when his attempt to make a donation had failed and he got a suspicion that he’d been suckered by a phishing scam.

According to the ZDNet coverage, the trial judge accepted this version of events, holding that it was not the accused’s intention to cause harm to the system. However, the offence was one of strict liability, meaning that no mens rea was required:

Cuthbert’s defence team had argued that he had merely ‘knocked on the door’ of the site, pointing out that he had the skills to break into it if he wanted.

Section 1 of the Computer Misuse Act 1990 (UK) says that it is an offence to make ‘unauthorised access to computer material’. There is no burden on the prosecution to prove that the accused had intended to cause any damage.

Judge Purdy accepted that Cuthbert had not intended to cause any damage, and also pointed out there was almost no case law in this area.

According to Stephen:

The details of this case are important to understand exactly how absurd the verdict was. What Daniel actually did to ‘knock on the door’ was to insert a ../../../ character sequence into the web address and a single quote into the credit card field - THROUGH HIS BROWSER. He did not use any attack ‘tools’ or ‘probes’ other than Internet Explorer. Furthermore, typing these sequences into a browser does not an attack make — it only proves that a website may be vulnerable. … I am a security consultant and not the only one to be outraged by the way this case was handled and by the outcome of the final verdict. The incompetence and ignorance of the Computer Crime Unit can be understood — but that the judge chose to interpret the vague Computer Misuse Act in this way simply beggars belief and sets a worrying precedent in UK law.

Recent comments

About the author

Cite as: Jaani Riordan, ‘User of Lynx Web Browser Found Guilty for Intrusion’ (2005) Jaani.net Internet Law and Technology <http://www.jaani.net/view/2005/10/08/unauthorised-intrusion-lynx-browser-uk-cybercrime>.
Return to article