Director of Public Prosecutions v Lennon: Admn 11 May 2006

The DPP appealed against dismissal of a charge under the 1990 Act. The defendant had been involved in a campaign of mail-bombing the complainant’s computer systems with over a half million mails, causing a denial of service. The question was whether it was the defendant or the complainant who determined whether an email would be an authorised modification of the data in the complainant’s system under 17(8)(b).
Held: The appeal succeeded.
Jack J said: ‘the owner of a computer which is able to receive emails is ordinarily to be taken as consenting to the sending of emails to the computer. His consent is to be implied from his conduct in relation to the computer. Some analogy can be drawn with consent by a householder to members of the public to walk up the path to his door when they have a legitimate reason for doing so, and also with the use of a private letter box. But that implied consent given by a computer owner is not without limit. The point can be illustrated by the same analogies. The householder does not consent to a burglar coming up his path. Nor does he consent to having his letter box choked with rubbish.’ There was therefore a case to answer. The defendant had obtained access by ensuring that his emails purported to come from a member of staff. Such access was potentially unauthorised, and the case was remitted.
Keene LJ said: ‘The critical issue is that of ‘consent’ as that word is used in section 17(8) of the Act. I, for my part, see a clear distinction between the receipt of emails which the recipient merely does not want but which do not overwhelm or otherwise harm the server, and the receipt of bulk emails which do overwhelm it. It may be that the recipient is to be taken to have consented to the receipt of the former if he does not configure the server so as to exclude them. But in my judgment he does not consent to receiving emails sent in a quantity and at a speed which are likely to overwhelm the server. Such consent is not to be implied from the fact that the server has an open as opposed to a restricted configuration. ‘


Keene LJ, Jack J


[2006] EWHC 1201 (Admin)




Computer Misuse Act 1990 3(1)


CitedZezev and Yarimaka v Governor of HM Prison Brixton and another CACD 2002
Wright J said: ‘But if an individual, by misusing or bypassing any relevant password, places in the files of the computer a bogus e-mail by pretending that the password holder is the author when he is not, then such an addition to such data is . .
Lists of cited by and citing cases may be incomplete.


Updated: 06 July 2022; Ref: scu.242205

Comments are closed.