About a month ago, during the University break, my mother came home from the primary school where she works (she's a teacher). Her school had finally got its classrooms networked and connected to the Internet. She complained that even though she had been given a new school email address she couldn't yet access it from home, because the IT department hadn't given her the details yet.
She had her username and password already, so I reckoned that all she needed was the email server address. Her description convinced me it was an IMAP server the school was using. So I tried using the domain of the email as the mail-server address. There was an IMAP server at the right port, so I put her details into Outlook Express (Yes, we use Windows at home), and tried to download her emails for her.
It didn't work, and complained about a bad user/pass combination. That wasn't a huge surprise, to be honest. Networked machines have passwords for a whole range of services, and my mother didn't know which pair was for email access. We tried a couple of other possibilities (e.g. full email address as username), but with no success. We gave up, and decided to wait until the IT department gave specific instructions.
That was a month ago. Today I got a call from my step-father telling me that I'd been reported to the police for hacking.
Understandably, I found this pretty funny at first. Then I found out my Mum had also been accused and reported, and she was pretty upset. It seems that she mentioned to a colleague in IT that we tried and failed to collect her email from home. The next thing we know is that somewhere along the line, someone reported this as an attempt to gain unauthorised access to a PC under the Computer Misuse act (I presume).
It's clearly ludicrous. Somebody attempts to connect to a server on which they have an account, attempting to access their own account, using a standard protocol on a publicly accessible port, visible to the Internet. If that's illegal than the entire Internet is illegal.
I don't really know what happens next. Will the police interview me, or phone me? Will I be arrested? Will nothing at all happen? My logical self suspects that the 'nothing' option is the strongest. The police must have hundreds of unauthorised access attempts reported a day, and most of them will be the real deal; industrial espionage, script kiddies, spammers and the like. A quick look at our server logs shows that people like these try to hit us all the time. Hopefully, the police will be able to say straight off: "That's not illegal; don't be silly".
Another possibility is that they'll follow it up a bit. This would be a bit of an arse, really. It would involve phonecalls, statements and stuff like that. And then they'd drop it at that point.
What actually worries me is that I probably won't know what they decide. The police don't phone you up to say "Oh, by the way, we just thought we'd like to let you know you haven't committed a crime". I'll have to wait it out and see if anything happens.
It wasn't the school who contacted the police, it was an IT solutions company -- you know, network installation and all that. They're in the high-tech business, and they don't know the difference between using the Internet and 'hacking'. It's a farce.
I've just realised that this probably constitutes a statement of some sort, but I don't care.
Oh, and my flatmates elem_125 and Heschelian have an odd sense of humour about this whole thing; see http://theflat.net for their contribution to this mess.