BBC fails to understand mens rea

Richard Clayton ukcrypto at chiark.greenend.org.uk
Thu, 12 Mar 2009 14:40:28 +0000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The BBC decided to build their own botnet...

http://news.bbc.co.uk/1/hi/programmes/click_online/7932816.stm

   Software used to control thousands of home computers has been
   acquired online by the BBC as part of an investigation into global
   cyber crime. 

   The technology programme Click has demonstrated just how at risk PCs
   are of being taken over by hackers. 

   Almost 22,000 computers made up Click's network of hijacked machines,
   which has now been disabled. 

   The BBC has now warned users that their PCs are infected, and advised
   them on how to make their systems more secure. 

They also say:

   If this exercise had been done with criminal intent it would be
   breaking the law.

a statement which I entirely agree with, however, I also agree with the
further statement that they _didn't_ write in their article:

"Although this exercise was not done with criminal intent, it was still
illegal under s1 (and possibly also s3) of the Computer Misuse Act 1990
and we should be prosecuted for our wickedness."

As I understand it, being a journalist (or indeed a security researcher
- -- since they seem to have cooperated with Prevx in this exercise) does
not give you immunity from CPA offences [although some useful research
could occasionally be done if it did! (less than many imagine)].

I suspect that the BBC were extrapolating from "mens rea" principles,
viz: that you can be excused if you didn't have a guilty thought; but
quite clearly these people did intend to break into 22,000 machines
without authorisation, so I cannot see that they have any defence.

Since the Met prosecuted Mr Cuthbert ("the tsunami hacker") for a much
less serious transgression, doubtless the "Click" programme makers will
be handing themselves in, to save the time of overworked officers of
going out to White City to find them...

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin



-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSbke3JoAxkTY1oPiEQIx5wCg6FdAc1lOuPsML7QYV5gr5ZYIAScAnAia
M1/CU1SThlOrJSoJyLCARuAS
=WMqg
-----END PGP SIGNATURE-----