Slashdot Mirror
Hackers are 'Terrorists' Under Ashcroft's New Act
Carlos writes "Most computer crimes are considered acts of terrorism under John Ashcroft's proposed 'Anti-Terrorism Act,' according to this story on SecurityFocus. The Act would abolish the statute of limitations for computer crime, retroactively, force convicted hackers to give the government DNA samples for a special federal database, and increase the maximum sentence for computer intrusion to life in prison. Harboring or providing advice to a hacker would be terrorism as well. This is on top of the expanded surveillance powers already reported on. The bill could be passed as early as this week. I feel safer already."
All it takes is one bad customer relationship to cause a false accusation...
jeremiah cornelius
"Flyin' in just a sweet place,
Never been known to fail..."
I don't know much about how this bill would be interpreted were it to come to law, but it seems to me that making security bugs known to the general public could be construed as giving advice to a hacker since, well, it alerts the general public to security problems.
who are the victims?
stop and think.
if someone commits credit card fraud with said stolen numbers, then we know who the victim is. but we already have a law for that. until some other crime is committed, there was no victim of simply stealing the numbers.
just because a computer was used to commit the crime, it doesn't mean the crime is somehow worse than the same thing done without a computer. theft is theft, and should be treated as such. it's not like we have separate murder laws for guns vs knives...
This act and the DMCA are eerily similar. Both seek to address particular historical circumstances and events (e.g. Napster, terrorist attacks). Both sets of circumstances are genuinely complex and problematic. And, in both cases, there were already perfectly adequate laws more general laws which address the particular situation. We already have laws to address copyright violation, and we already have laws to convict violent criminals, spies, and yes...even hackers.
The DMCA and all these supposedly anti-terrorist laws, past and present, take a terribly backward approach to lawmaking. The best laws, like the best software, succeed on minimality and generality. Witness the excellent US constitution, which has been extremely effective considering how long it's been around. The constitution uses very broad terms -- "life", "property", "punishment", "vote" -- and very few specific terms. (Some parts are quite specific, like the quartering of soldiers bit. They seem very quaint now.)
Laws, like software, tend to break if they are designed in specificity but used in generality. The trouble with these new laws is that they create all kinds of special cases and extra circumstances designed for a particular moment in history, which we'll have to support for decades or even centuries. The new terrorist laws, in a way, are like the 640k RAM limit -- they seem good enough for now, but in the future, they'll cripple and break all kinds of things.
The difference is, in this case, it is our fundamental freedoms that are being to get crippled and broken. As always, please please please call your representatives and give them a piece of your mind. They are under a lot of pressure right now, and they need to hear from sensible people.
Computer crime should be a crime.
But it already *is* a crime. The question is what is a just response to computer crimes. Some things which are *not* just:
- Sentencing someone to lifetime imprisonment without possibility of parole for a simple computer crime. Remember, if the crime really warranted such a sentence--for example, cracking air traffic control and causing planes to crash into each other; cracking a CIA computer and stealing national secrets--then the criminal would already be liable for serious punishment under existing laws--murder and espionage, in these cases.
- Retroactively eliminating the statute of limitations, allowing people to now be charged with computer "crimes" they committed decades ago.
What's even worse is the provision that giving advice or information which may be used to facilitate computer crimes is not only criminalized but subject to the same penalties.To put it another way, if this law passes then someone could be given life in prison without parole for documenting vulnerabilities which allow systems to be compromised by a cracker or a worm. Indeed, it isn't clear that, with the removal of the statute of limitations, they couldn't charge the people documented the vulnerabilities responsible for eg. Code Red or Nimda under this law.
This provision is like the anti-circumvention provision of the DMCA writ large. Whereas at least the DMCA only applies to access-control restrictions on copyrighted material, this law could potentially make all discussion of any vulnerabilities which allow systems or information to be compromised illegal.
These provisions are so utterly preposterous and out of proportion to the crimes (or so-called crimes) discussed as to boggle the mind.
No, it isn't.
From the bill:
"(19) `protected computer' has the meaning set forth in section 1030
"(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.";
From Title 18 Chapter 47 Sec. 1030:
(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication;
Used in interstate or foreing communication? How many of you connect to machines and/or through machines without crossing state lines?
Further from the bill:
""SS 25. Federal terrorism offense defined
"As used in this title, the term `Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate-
-snip-
1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)
-snip-
Okay, so now *maliciously* breaking into basically any computer system is a terrorist act. Couple this with the rest of the increases in anti-terroism this bill contains, and you're doing *LIFE* in FEDERAL PRISON (aka "no parole") because your Anti-CodeRed Perl script took down some dipshit's enterprise server. Meanwhile child molestors get time off for good behavior.
I don't think anyone thinks "computer crime" shouldn't be punished. Just not to this ridiculous degree.
This sig is xenon coated, and will glow red when in the presence of aliens
I assume you know that *all* flight training is currently banned in the USA? Yes, that's right. If you are a flying instructor, currently *you cannot* train students.
Well, you won't go to jail. But the FAA will take your pilot's license away. If you are a pilot, that's nasty. Check out news://rec.aviation.pilots for more.
Without passing a law, without recourse to a *single* elected person, thousands of US citizens have had their source of income removed.
Well, that makes us all safe doesn't it?