BBC Click 'did break the law'

A BBC report in which a presenter used a botnet to send thousands of emails broke the law, it has been claimed.

The BBC Click video showed a BBC presenter and a security expert sending thousands of messages to two separate email accounts.

Graham Cluley of Sophos said that the experiment contravened the law and it was "clearly an unauthorised modification of computer data".

Struan Robertson, a technology lawyer with Pinsent Masons, said: "The BBC appears to have broken the Computer Misuse Act.

"It does not matter that the emails were sent to the BBC's own accounts and criminal intent is not necessary to establish an offence of unauthorised access to a computer," Robertson continued.

Sophos' Cluley was heavily critical of the BBC's decision to use the botnet.

"Sending spam from someone else's computer obviously gobbles up bandwidth and will use up system resources. Even if the BBC felt the impact would be minimal - it doesn't make it right," Cluley said.

Another security firm, Kaspersky, agreed with Cluley.

Magnus Kalkuhl, senior virus analyst at Kaspersky, said: "In the past the BBC has done a good job in informing people about potential dangers of computing. However, acquiring botnets should not be part of any awareness program.

"In fact, by playing around with machines that are part of a botnet, the criminal side of botnets becomes trivialized," he continued.

BBC Click made a short statement about the matter on Twitter. "We would not put out a show like this one without having taken legal advice," the statement read.

But Pinsent Masons' Robertson thought the BBC would escape any punishment and the report could in fact have a positive effect.

"The maximum penalty for this offence is two years' imprisonment. But it is very unlikely that any prosecution will follow because the BBC's actions probably caused no harm. On the contrary, it probably did prompt many people to improve their security," he said.

A 'botnet' is the term used for a network of computers, all of which have been hacked by cybercriminals, and are being used to send out spam emails in high volumes. The botnet used by BBC Click consisted of some 22,000 computers.

Do you think the BBC was right to highlight the problem of spam by using a botnet? Have your say in the Web User forums.