BBC Botnet Could Be Breaking Laws

A recent show on the British Broadcasting Corporation, BBC Click, investigated cybercrimes and how compromised computers could be used to send spam.

But the program didn’t just provide information on current criminal practices, they created their own botnet and accessed 22,000 computers in the U.K. The show informed users they had infected about the vulnerability, and about ways to better protect themselves.

Despite the informative value of the exercise, some critics like Graham Cluley are wondering if they are in violation of the Computer Misuse Act 1990, which states,

Computer misuse offences

1 Unauthorised access to computer material

(1) A person is guilty of an offence if—

(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

(b) the access he intends to secure is unauthorised; and

(c) he knows at the time when he causes the computer to perform the function that that is the case.

However, Out-Law editor Struan Roberrtson says that the intent components of the statute are unlikely to be met, and prosecution of the BBC is unlikely. He even claims they may have done a public service by exposing the vulnerabilities.

Interestingly, although the BBC refused Out-Law interviews, they did indicate via Twitter that legal counsel was consulted,

We would not put out a show like this one without having taken legal advice.

Cluley is doing a poll to see what others think about the BBC move.