Those of you contemplating giving money to charity via the much hyped Disasters Emergency Committee DEC, might wish to reconsider.
Remember that they pressed criminal charges against Daniel Cuthbert, an IT security consultant, under the Computer Misuse Act 1990, after he had donated £30 on his credit card (obviously leaving his own name and address etc) , but then had become worried that perhaps the inept website was vulnerable to phishng attacks etc.
Cuthbert was found guilty under the CMA of gaining unauthorised access to the Tsunami appeal Web site. He claimed in court that he had made a donation and then became concerned that he'd fallen victim to a phishing scam. To check, he added ../../../ to the URL in an attempt to access the site's higher directories -- an action that triggered an alarm.
Security experts and ZDNet readers have expressed concern about the conviction. O'Neal shares this view.
"As for the conviction, it's frankly ridiculous. It highlighted how untried and untested the CMA is. The main problem is how you define unauthorised access and intent in the context of an open Web server," O'Neal said.
British Telecom's intrusion detection system raised an alarm, but DEC were callous enough to actually press charges.
If you absolutely must give money to charities who operate in war zones, arguably helping to prolong and perpetuate the conflicts, by allowing the friends and relatives of the people they give aid to, to buy weapons instead of spending their own scare resources on food and medical aid etc, then give it directly to those charities, and not through the DEC website.