Hackers are 'Terrorists' Under Ashcroft's New Act

Carlos writes "Most computer crimes are considered acts of terrorism under John Ashcroft's proposed 'Anti-Terrorism Act,' according to this story on SecurityFocus. The Act would abolish the statute of limitations for computer crime, retroactively, force convicted hackers to give the government DNA samples for a special federal database, and increase the maximum sentence for computer intrusion to life in prison. Harboring or providing advice to a hacker would be terrorism as well. This is on top of the expanded surveillance powers already reported on. The bill could be passed as early as this week. I feel safer already."

There's too many of us

[Water+Paradox]

There are just way too many of us out here.

Put us all in prison, and prisons will be freer than out here.

The true hacker is absolutely, completely, devoted to freedom.

-wp

Re:There's too many of us

[benedict]

There are far more drug sellers and users than there are security geeks, but Federal and state governments have no problem with the idea of putting them all in prison. So I wouldn't be so cocky.

(Though security geeks are likely richer and whiter than drug offenders, on average, which will help.)

oh, crap...

[hugg]

Damn, we /.'ed the securityfocus server... that's a DOS attack, isn't it?

Quick, smash your DSL modems, clear your logs, and run for the hills before the Feds arrive!

Re:oh, crap...

[camusflage]

Thank god they're doing something about these hackers. I think I'm going to have to turn over my IDS logs to the FBI and get them to start locking up all the people probing me to infect with Code Red.

I wonder... Has anyone actually done that? They exhibited only tepid interest in clear child pornography when I tried to report it to them. If people are trying to hack my system, the FBI knows about it, and they do nothing, is there any recourse? I have to have thousands of individual hosts, all dutifully logged and timestamped. These are clearly hack attempts on my system. Why is this any different than some script kiddie "terrorist"?

Re:oh, crap...

[Mignon]

Someone addressed this general issue recently and to summarize - the FBI's response is in proportion to financial damage done. I would imagine that would be expanded to number of lives lost at this point.

Re:oh, crap...

[camusflage]

I suspect that you already know the answer,

You're right, I already know they'll tell me to fsck off.

but it demonstrates how far our government has come from simply keeping law and order.

It also forms a reasonable defense, both de jure and de facto, as any hacking prosecution can be considered selective prosecution. If I report hacking attempts, ones which carry a life sentence (I order from ThinkGeek, ergo my pc is involved in interstate commerce), and my complaints aren't even investigated while they zealously go after someone who 0wN's someone's boxen, how can this not be considered selective prosecution?

Umm, Thats not right...

[11thangel]

Providing advice to a Hacker == criminal offense? Doesn't legal counsel count as advice? Isn't that protected under the 5th ammendment?

Re:Umm, Thats not right...

[EnderWiggnz]

the bigger problem here, is ... whats advice?

teaching someone how to disassemble a program?

teaching assembly language?

using a non-MS product?

Re:Umm, Thats not right...

[Tackhead]

> Providing advice to a Hacker == criminal offense?

"If you have programming skills, get the fuck out of the States and take your skills with you. Your country obviously doesn't want you anymore."

(Am I now a felon?)

Re:Umm, Thats not right...

[Tackhead]

Hey, serves me right for posting without reading the act to which the article refers.

Moderators - please mod my original post original post down. As in, "(1, Didn't Read The Fscking Article Before Posting)"

Re:Somebody has to say it, but...

here in the U.S. the punishment is supposed to fit the crime. i can't think of any other nonviolent, arguably victimless crime that carries no statute of limitations and can get you life in prison.

Ouch!

[Jeremiah+Cornelius]

I conduct Penetration Testing and Vulnerability assesments for a living.

All it takes is one bad customer relationship to cause a false accusation...

jeremiah cornelius

Re:Ouch!

[fobbman]

Husband: No, it wasn't an affair, per se. I was actually conducting some Penetration Testing and Vulnerability Assesments on her.

Boy, was she vulnerable! Glad I was able to help her out, really!

Re:Ouch!

[kindbud]

I conduct Penetration Testing and Vulnerability assesments for a living.

That's why John Ashcroft will be needing a DNA sample from you.

Re:Ouch!

[Bishop]

I recently attended a conference session that discussed some of these issues. Here is a summary:

Use the law to protect yourself. Hire a decent lawyer to check the contracts. Insure that all target machines and ips are listed in the contract or a document referenced in the contract. Consider having the contracts notorized. Have a minimum of 2 people present at all times: One to perform the action, one to witness the action and result. Consider having a company rep present at ALL times durring activities. However do not let the company reps outnumber the penetration team.

Re:Ouch!

[Jerf]

The moderation on the parent comment, as I write this, is incorrect. It does not deserve "funny". What it really needs is "scary". "Interesting" would probably suffice.

Do you seriously think that cataloging everybody with the "skills" to commit one of these crimes is far behind?

Re:Ouch!

[Danse]

Life in prison? Things are pretty screwed up when the punishment in cases like these will likely far outweigh the crime.

Re:Ouch!

[greenrd]

You have to hope that no jury would ever convict with zero material evidence like in that case. However, history tells otherwise... :(

Re:Ouch!

[bfree]

Perfect! So the lawyers make a lot more money as do paper-pushers (company reps) and a few other punters (just kept around to say I saw what he did). The job just bacame about 5 times as expensive! What is the true threat of this terrorism? Is it the loss of human life or the loss of a viable economy as everyone adopts scaremongering measures. From the sounds of it your solution is useless anyway as he would just be done for teaching all the lusers watching him how to compromise systems.

Re:Ouch!

[Bishop]

If you were doing pen-testing you should have been following these practices all along. The terrorism act has nothing to do with it. All it takes in one bad job and you are screwed. This is nothing new. Just ask Sil at Antioffline. Sil didn't even take the job and got screwed.

Remember kids gaining unauthorized access to a computer system is a crime (as it should be). If that is what you do for a living, you better have a lawyer on hand to make sure that you are authorized to gain "unauthorized access." Do you think it would be the any different if a bank hired you to break in?

My DNA?

[Papa+Legba]

Why in the world would they need DNA. I am pretty sure that no where in the specs for DNS or IPv4 is it required that my genome sequence be part of the string being sent out.

So, who wants to take bets that the RIAA get's copyright violaters termed as hackers?

Re:My DNA?

[ttyRazor]

So they can get your DNA off of that public anonymous terminal keyboard you used to used, duh. Be sure to use rubber gloves and scrape dead skin off like in Gattica from now on.

Re:My DNA?

[Alpha+State]

It's so they can identify you when you crash your jumbo-jet into the whitehouse.

Re:My DNA?

[ReelOddeeo]

But when I visit a public anonmyous terminal keyboard, even if I do visit a pr0n site, I don't shoot any dna samples into the keyboard.

Six degrees of separation.

[AMuse]

Right now, the laws in this country have you by six degrees of separation. If anyone is determined enough, they can convict you and throw you away for life based on laws that reference laws that reference laws. . .

This is a perfect example. Decrypting DVDs under the DMCA is circumvention. Circumvention is hacking. Hacking is now terrorism.

Crack a copy of your new CD so you can have burned copies in your car instead of the originals (in case they get stolen), and you are now a terrorist.

Re:Six degrees of separation.

[dillon_rinker]

Actually, criminal statutes have to be pretty explicit. You can't convict someone of a crime unless it's on the books. If goose-whacking is a crime, and you try but fail to whack a goose, they can't convict you of attempted goose-whacking, because there's no law against attempted goose-whacking. If you talk to people about your plans to whack a goose, they can't convict you of conspiracy to commit goose-whacking because there's no law against conspiring to goose-whack.

Naturally, it takes a politically-connected DA about a month to remedy the situation, particularly if goose-whackers are a mostly misunderstood minority...

Re:Six degrees of separation.

[Dyolf+Knip]

If you talk to people about your plans to whack a goose, they can't convict you of conspiracy to commit goose-whacking because there's no law against conspiring to goose-whack.


Except the latest craze in DC is to consider talking about a crime as bad as actually commiting it, especially when it involves anything electronic.

Re:Somebody has to say it, but...

[caduguid]

Ok, computer crime should be crime.

But crime punishable by life in prison? With no statute of limitations? Doesn't murder have no statute of limitations and get you life?

There's a difference between 'crime is crime' and having some sense of proportion. geez.

Now hang on just a sec...

[w3woody]

I don't mind increase survelance powers in order to fight terrorism. However, scrawling "I love you Crystal" or some such on some web page is not terrorism.

This thing needs to at least be tempered by a clause which adds or defines criminal intent. That is, if hacking is done with the intent to destroy or disable the United States government and/or make actual acts of terrorism (such as blowing people up) easier, then throw the bastards in jail. But defacing some web site doesn't harm the United States government; it's just annoying as hell. And annoying doesn't deserve life in prison without the possibility of parole--especially since actually killing someone is what I would consider slightly more annoying, yet many types of murder don't get anywhere near life.

Re:Now hang on just a sec...

[abe+ferlman]

But defacing some web site doesn't harm the United States government

I agree with this statement, unless you hack a major commerce site (the government's revenue source) or a major news site (the government's propaganda outlet). In either of those cases, you're actually threatening the government. The safest thing to do is probably to hack a government information website, since there's very little of value there and most likely no one will even see it for weeks.

Bryguy

Re:Now hang on just a sec...

[Surak]

I don't mind increase survelance powers in order to fight terrorism. However, scrawling "I love you Crystal" or some such on some web page is not terrorism.

I've said this before, but it's worth repeating. The laws that apply in the real world should apply in the cyber world.

Defacing a web face is the same as spraying some grafitti on a wall. Stealing credit card numbers or private information is the same as theft. Bringing down a government web site is sabotage. These should be dealt with the same as they are in the real world.

Defacing a web site is vandalism, and therefore should be treated as a misdemeanor. Stealing credit card numbers or private information would be a misdemeanor or a felony depending on how much was stolen and how much it's worth. Sabotage, deliberate, willful destruction of government property, including websites, *is* terrorism and should be dealt with as such.

I don't see why this is so frickin' hard. :-)

Re:Now hang on just a sec...

[w3woody]

If I spraypainted, "I love Crystal" on your house wouldn't that be enough for you to want my ass in a sling?

Oh, sure; I'd want your ass in a sling. And as someone who recently had to spend two days rebuilding a web server knocked down by the Nimda virus, I understand first hand the annoyance that accompanies such a defacement.

However, the question really is not "should this be a crime"--clearly the answer is yes. The question is "is this crime terrorism, and deserving of a life sentence"? Murderers who kill in a fit of passion don't do life; taggers who may tag my house with "I love Crystal" with spray paint don't get life. So why should some script kiddy get life? I would understand it if he got 18 months or three years. But life?

Re:Now hang on just a sec...

[alienmole]

If I spraypainted, "I love Crystal" on your house wouldn't that be enough for you to want my ass in a sling?

I would assume that you were a misguided child or teenager, and I would want you parents to talk to you. But jail? Isn't that just a little extreme???

Most coders don't even give a second thought to how LONG it takes to prepare a PC for a user.

There are any number of ways to automate preparing a PC for a user, ranging from automated install scripts (we do this on both Linux and NT) to copying disk images, e.g. using Ghost. So if you're spending huge amounts of time preparing PCs for a user, perhaps you should take a closer look at what you're doing. Working harder instead of smarter may not cut it any more.

Just because a sysadmin wants someone's ass in a sling doesn't mean that's what should happen. There's fault on both sides. If you're employed professionally to prevent things like this from happening - e.g. to prevent children from defacing a company's website - and it happens anyway, well guess what - you didn't prioritize correctly, or slipped up some other way.

Intent plays a huge part in all of this, and it's unfortunately all too easy for the law to overlook, looking at the actions rather than the intent behind them.

Besides, you ought to have a clue about this: the slander that allegedly led you to lose your job could just as easily land you in jail in future, with laws like these. Be careful what you wish for.

Re:Now hang on just a sec...

[Rogerborg]

• Sabotage, deliberate, willful destruction of government property, including websites, *is* terrorism and should be dealt with as such

Since when was terrorism defined by action against a government? The American Revolution was terrorism? The coup in Panama was terrorism? Attacking goverment targets in Iraq (without a formal declaration of war) was terrorism?

Where are you going to draw the line? Burning draft papers was terrorism? They're government property, and you argue for no distinction.

By allowing any government to define terrorism as "Action against us!", you're removing all meaning from the word. You might as well just let them pass bills that say "evil is bad".

Re:Now hang on just a sec...

[alienmole]

Yeah I know this, but automation really depends on what the corporate controller says you can use as a desktop standard. [...] It really depends on where you work I guess. If you work for a company where IT isn't looked upon as a gigantic black hole where money goes and never returns, then yes, everything you outlined would be true. Believe me though, companies like the one you work for are a minority.

I'm a consultant, and getting clients to improve the way they run their IT operation is something I'm often involved with. It's often easier to initiate changes from the outside than from the inside, though.

If they look at IT as a giant black hole, then you could perhaps have some impact and get things working more the way you want by pointing out ways they can save money, and get more done for less, by streamlining the operation. If there are things they'd like IT to do that aren't getting done, point out to the appropriate person that you would have more time to spend on other things if, for example, they standardized on workstation hardware, or fixed some of your other pet peeves.

In cases where the wrong people are in charge (like the dev team), it can help to try to get support from outside IT. Again, this can be difficult as an non-managerial employee. At one company I worked with, I made a breakthrough when I managed to talk to one of the top sales managers, who had plenty of grievances about IT and was very willing to listen to ideas and pass them on higher up the chain, which got the CEO involved. Of course, if you're going to get into this sort of stuff as an employee, you'll need to tread very carefully! :)

>>Besides, you ought to have a clue about this: the slander that allegedly led you to lose your job could just as easily land you in jail in future, with laws like these. Be careful what you wish for.

I'm glad I actually took the time to read that, I almost mistook it for a flame but you're right! I must concede on that point alone.

Yeah, the problem with draconian laws is that they're usually designed to respond to a specific situation, with little thought to how they will be abused later on. I suspect we're going to see a fair amount of that in the coming months.

Umm..

[nebby]

Doesn't the CIA employ many, many crackers to bust into their stuff?

def con

[davey23sol]

this would make def con illegal... a convention of terrorists giving information to each other.

what next?

Re:def con

[aozilla]

The FBI will arrest America's best and brightest, crippling high-tech innovation.

No they won't. They'll only arrest those of the best and brightest who bother them. Others of the best and brightest will be threatened arrest and forced to help the government. And then the best of the best and brightest of the brightest won't break the law (or at least won't get caught) in the first place.

what about bugtraq?

[Bastian]

I don't know much about how this bill would be interpreted were it to come to law, but it seems to me that making security bugs known to the general public could be construed as giving advice to a hacker since, well, it alerts the general public to security problems.

Re:what about bugtraq?

[Phroggy]

I don't know much about how this bill would be interpreted were it to come to law, but it seems to me that making security bugs known to the general public could be construed as giving advice to a hacker since, well, it alerts the general public to security problems.

Security sites often post code that can be used to exploit a particular hole, so that the hole can be better understood and more easily patched.

What about tools like L0phtcrack?

perversion

[nodrip]

This is a perversion of what Ashcroft requested. Hackers who attempt to disrupt key systems that are vital to protecting human life, for example the FAA's radar systems, are terrorists. And they are.

Re:perversion

[Tackhead]

> This is a perversion of what Ashcroft requested. Hackers who attempt to disrupt key systems that are vital to protecting human life, for example the FAA's radar systems, are terrorists. And they are.

On that, we agree.

Upon reading the draft bill, I'm not happy with all of the provisions in the bill, but I really don't see anything that says "guy with programming sk1llz == terrorist."

I do see an expansion of The List Of Bad Things We Can Do To Felons (such as DNA sampling), but that's a far cry from "all [cr]ackers are terrorists", let alone "all Hackers are now terrorists and will have to give up DNA samples".

Indeed, only crackers who attack "protected systems" (meaning .gov and .mil boxen - not the d00d who hax0rz the average web site) appear to be in line to get their asses handed to them on a silver platter under this Act, and those provisions I can support. (Hell, those are about the only provisions I'd support ;-)

Earlier, I made a post that said "If you've got programming skills, get the hell outa here." I retract that post. This bill, while odious for many means, is not a declaration that American doesn't want its programmers anymore.

Serves me right for replying to /. before reading the fscking article ;-)

Re:perversion

[-=OmegaMan=-]

No, it isn't.

From the bill:

"(19) `protected computer' has the meaning set forth in section 1030

"(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.";

From Title 18 Chapter 47 Sec. 1030:

(2) the term ''protected computer'' means a computer -

(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication;

Used in interstate or foreing communication? How many of you connect to machines and/or through machines without crossing state lines?

Further from the bill:

""SS 25. Federal terrorism offense defined

"As used in this title, the term `Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate-

-snip-
1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)
-snip-

Okay, so now *maliciously* breaking into basically any computer system is a terrorist act. Couple this with the rest of the increases in anti-terroism this bill contains, and you're doing *LIFE* in FEDERAL PRISON (aka "no parole") because your Anti-CodeRed Perl script took down some dipshit's enterprise server. Meanwhile child molestors get time off for good behavior.

I don't think anyone thinks "computer crime" shouldn't be punished. Just not to this ridiculous degree.

Re:perversion

[aozilla]

Your right though, does interstate or foreign commerce or communication;potentially include hacking Hotmail?

Oh absolutely. That clause is just in there to protect the bill from being deemed unconstitutional. I hate the fucking interstate commerce clause of the constitution. I swear it is the most abused clause of the entire constitution.

Re:perversion

[anticypher]

According to my lawyer (HIAL, IANAL) 18USC1030(b) has been used in court to describe cisco routers, sun sparcstations with 2 or more communication ports, and various other pieces of comms gear. The catch is that at least one communication port must be connected to a circuit that has the potential for interstate or foreign communications. That includes any modem hooked to the phone system, any leased line from any telco, or any radio system.

The protected computer does not have to be cracked, or compromised, merely accessed, which includes passing normal traffic over it.

Security teams in the US can mention 18USC1030(b) to a fed when they want action to be taken for cracked systems. It is one of the few used in almost every cracker case, I'm pretty sure it was one of the charges brought against Kevin Mitnik.

Now even pinging a host on a leased line or tracerouting past a router could be considered an act of terrorism. Not that it will result in every computer user in the world being thrown in jail next week, but the law will be abused. Just the merest hint of life with no parole to a defence lawyer will get them into plea bargain mode, after that the poor skriptkiddie is really fucked.

You poor americans. I really feel sorry for you now, seeing how a small terrorist act can get the entire constitution and bill of rights overturned without much of a fight. The terrorists have won, with a loss of only 19 of their fighters they have turned america from the most open and free society in the world to the second most repressive.

the AC

Re:perversion

[Jerf]

but this law doesn't effect me, because i don't hack into financial or government computers. Hell I don't hack any computers.

Excuse me, but you are quite likely to be wrong. Was your computer, or any computer in your possession, infected with Code Red or Nimda? If so, and if it scanned any computers outside of your state, then it's not really a stretch to say that you were outside of the law.

OK, so as a Slashdot reader, you are less likely to be affected by the above. But how many of your friends were?

Also, this bill will eliminate the statute of limitations on these crimes and allow retroactive prosecution. Therefore, anybody who got Code Red or Nimda can quite plausibly be put in jail for life.

Would they win on defense? Maybe, but they're in jail until the trial is over. And maybe they won't win on defense...

This law hands the power to imprison damn near anyone running Windows IIS over the US government, such that only a lawsuit (inevitably protracted) would get them out.

Who still believes this is about preventing terrorism? What a sick joke! Frankly, I think those proposing this bill are traitors to the United States.

Re:perversion

[samantha]

Pay attention! The proposal does not distinquish by what kind of system is penetrated. It does not even distinquish cracking per se from other things that are or will be considered computer crimes. This proposal is much, much too broad and is a huge danger to everyone. Stop it while you still have the power to act.

Re:perversion

[samantha]

I would very seriously doubt that air traffic control radar is sitting on the Internet. If it is then it is poorly designed and protected to start with. It is vulnerable to just general net craziness with no terrorist anywher to be seen. It is a very poor example.

Re:perversion

[Jerf]

I'm not saying they could keep you in jail. But while you're in court, proving to the clueless judge that it was a virus you had no knowlege of, and that you had no intent to deny service to the White House web site, you're sitting in jail. Or putting up a quite-likely-huge bail. And you're certainly in court.

May not be life in prison, but it's impressive punishment nonetheless. Oh, and did I mention they've probably confiscated your computers and aren't in a hurry to give them back? And trashed your place in the process?

Too much power. I don't care who has it, this is just too much.

Re:perversion

[Jerf]

That's a worthy point, in a way.

But this is America. You're free to propose the DMCA. You're free to lobby your local Congresscritter to vote for it. It was subjected to an open debate. We dropped the ball entirely, but even if we hadn't, it might have passed. That's the way it works. No duress, no trickery, no truly unusualy chicanery. It may have been evil, but it wasn't terribly dishonest.

This bill has none of that. It's being promoted as a feel-good measure that restricts liberties and vastly expands governmental power, while being touted as merely a (implicitly temporary) terrorist control measure. It's not. That's why this is far more traitorous then merely passing the DMCA.

Re:Somebody has to say it, but...

[DeadMeat+(TM)]

Stab somebody with a knife and kill them, and odds are you'll spend 20 years in jail, tops. Maybe more if you use a gun, or stab somebody famous, but as any U.S. citizen can tell you, even life sentences for violent crimes rarely live up to their name.

Break into their computer, and you're instantly labelled a terrorist. Think there's any chance you'll get much less than the maximum penalty of life? Hell, my high school once informally accused me of piracy (which, incidentally, I was not guilty of) just on the basis that I knew enough and therefore could have done it. If there's anything that makes people paranoid, it's hearing that the Big Bad Hacker is right outside their computer's door.

Fair, no?

Here's the story.

[Water+Paradox]

Hackers face life imprisonment under 'Anti-Terrorism' Act Justice Department proposal classifies most computer crimes as acts of terrorism.

By Kevin Poulsen
Sep 23 2001 11:00PM PT

Hackers, virus-writers and web site defacers would face life imprisonment without the possibility of parole under legislation proposed by the Bush Administration that would classify most computer crimes as acts of terrorism.

The Justice Department is urging Congress to quickly approve its Anti-Terrorism Act (ATA), a twenty-five page proposal that would expand the government's legal powers to conduct electronic surveillance, access business records, and detain suspected terrorists.

The proposal defines a list of "Federal terrorism offenses" that are subject to special treatment under law. The offenses include assassination of public officials, violence at international airports, some bombings and homicides, and politically-motivated manslaughter or torture.

Most of the terrorism offenses are violent crimes, or crimes involving chemical, biological, or nuclear weapons. But the list also includes the provisions of the Computer Fraud and Abuse Act that make it illegal to crack a computer for the purpose of obtaining anything of value, or to deliberately cause damage. Likewise, launching a malicious program that harms a system, like a virus, or making an extortionate threat to damage a computer are included in the definition of terrorism.

To date no terrorists are known to have violated the Computer Fraud and Abuse Act. But several recent hacker cases would have qualified as "Federal terrorism offenses" under the Justice Department proposal, including the conviction of Patrick Gregory, a prolific web site defacer who called himself "MostHateD"; Kevin Mitnick, who plead guilty to penetrating corporate networks and downloading proprietary software; Jonathan "Gatsby" Bosanac, who received 18-months in custody for cracking telephone company computers; and Eric Burns, the Shoreline, Washington hacker who scrawled "Crystal, I love you" on a United States Information Agency web site in 1999. The 19-year-old was reportedly trying to impress a classmate with whom he was infatuated.

The Justice Department submitted the ATA to Congress late last week as a response to the September 11th terrorist attacks in New York, Washington and Pennsylvania that killed some 7,000 people.

As a "Federal terrorism offense," the five year statute of limitations for hacking would be abolished retroactively -- allowing computer crimes committed decades ago to be prosecuted today -- and the maximum prison term for a single conviction would be upped to life imprisonment. There is no parole in the federal justice system

Those convicted of providing "advice or assistance" to cyber crooks, or harboring or concealing a computer intruder, would face the same legal repercussions as an intruder. Computer intrusion would also become a predicate offense for the RICO statutes.

DNA samples would be collected from hackers upon conviction, and retroactively from those currently in custody or under federal supervision. The samples would go into the federal database that currently catalogs murderers and kidnappers.

Civil liberties groups have criticized the ATA for its dramatic expansion of surveillance authority, and other law enforcement powers.

But Attorney General John Ashcroft urged swift adoption of the measure Monday.

Testifying before the House Judiciary Committee, Ashcroft defended the proposal's definition of terrorism. "I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."

The Act is scheduled for mark-up by the committee Tuesday morning.

Re:Here's the story.

[ncc74656]

As a "Federal terrorism offense," the five year statute of limitations for hacking would be abolished retroactively -- allowing computer crimes committed decades ago to be prosecuted today

This can't be the case...haven't the people who thought this up run across this passage before?

No bill of attainder or ex post facto Law shall be passed.

- United States Constitution, Article I, Section 9, paragraph 3

You can't prosecute an action that wasn't a crime at the time the action occurred. Then again, with the body blows the Constitution has taken in recent times (mainly in various parts of the Bill of Rights, especially the First, Second, and Tenth Amendments), maybe the drafters of this legislation haven't run across this passage before.

Re:Here's the story.

[rossz]

I'm going to mail copy of the Consitution to Senator Feinstein (D-CA). It's obvious from her actions in the Senate that she has never set eyes on a copy in her life.

I propose a new Constitutional amendment. The Three-Constitutional Strikes And You're Out amendment. If an elected official votes for three laws that are later found unconstitutional (no statue of limitation, applied retroactively), they are kicked out of office and barred from all government work for life. These people are supposed to know what they are doing and have no fucking excuse for voting for unconstitutional laws.

Re:Here's the story.

[Amazing+Quantum+Man]

Then again, with the body blows the Constitution has taken in recent times (mainly in various parts of the Bill of Rights, especially the First, Second, and Tenth Amendments)

Don't forget the Fourth, Fifth, and Eighth.

Re:Here's the story.

[sharkey]

Yes, they have, but they run it through the "Modern Political Power Grubbing and Affirmation Grammatical Parser" which locates and finds any instance of phrases like "shall make no law" and "shall not be infringed", then replaces them them with phrases along these lines, "Must make despotic law" and "Must be abolished".

Re:Here's the story.

[ncc74656]

I propose a new Constitutional amendment. The Three-Constitutional Strikes And You're Out amendment. If an elected official votes for three laws that are later found unconstitutional (no statue of limitation, applied retroactively), they are kicked out of office and barred from all government work for life.

Take it a step further...since they've worked to deny us our rights, deny them theirs. Getting kicked out of elected office under such an amendment ought to count the same as a felony conviction or a dishonorable discharge, and should have the same losses—no vote, no guns, etc.

As someone else has already pointed out, though, your idea makes too much sense to ever become law. :-?

Re:Here's the story.

[dgroskind]

These people are supposed to know what they are doing and have no fucking excuse for voting for unconstitutional laws.

Actually, they do.

The Supreme Court is rarely unanimous on what is unconstitutional

The Supreme Court has overturned laws that have previously been ruled constitutional, e.g. Brown vs. Board of Education

The Supreme Court can strike down sections of a law while legislators must vote on the whole law.

The Supreme Court can interpret the Constitution in new ways, e.g. Miranda warnings.

Also, consider that the Supreme Court reviews laws many years after they have been passed when most of their original supporters have retired or been defeated.

There are already two constitutional procedures for dealing with unconstitutional law: judicial review and presidential veto. Also, voters can remove representatives who pass laws they don't like at the next election.

I think the Founding Fathers were way ahead of you here.

Re:Here's the story.

[dgroskind]

Then again, with the body blows the Constitution has taken in recent times...

The recent history of the Supreme Court has been to extend individual rights, not restrict them. Right to speedy trial, right to counsel during interrogation, abortion rights, right to travel abroad, publishing porn, publishing hate, publishing libel, now vastly exceed what was once permitted in the United States and are generally more advanced than other democracies.

People in the U.S. today are freer than at any period in American history both from legal restrictions and from social conventions. Much of this freedom comes from the Supreme Court striking down laws that had been accepted for decades.

The terrorist threat aside, the biggest threat to individual freedom at the moment comes from reduced privacy that results from new technology. It's an area where we need more legislation, not less.

Re:Here's the story.

[frknfrk]

good point! i'd also add that you can also have a low IQ and still be smart in the ways that count.

-sam

So...

[gwillden]

All those that detect and report security flaws in systems are terrorists because they comunicate these details to the Crackers (accidentally, but what does that have to do with it?).
Bummer...

Re:Somebody has to say it, but...

who are the victims?

stop and think.

if someone commits credit card fraud with said stolen numbers, then we know who the victim is. but we already have a law for that. until some other crime is committed, there was no victim of simply stealing the numbers.

just because a computer was used to commit the crime, it doesn't mean the crime is somehow worse than the same thing done without a computer. theft is theft, and should be treated as such. it's not like we have separate murder laws for guns vs knives...

Interesting question

[Archangel+Michael]

Does recommending LINUX count? Does Criticizing Windoze insecurities count? What about BugTraq?

Re:Somebody has to say it, but...

[Alan]

Depends on the crime. Cracking a big DB of credit cards yes, but how about reverse engineering say, a copyright'd protocol? Maybe the people who made programs like gaim, gnapster, knaptser, kicq, gnomeicu, etc should get thrown in jail for their evil "hacking"?

I'm not against bad things being a crime, but who gets to define what is a crime or not? And what about when new types of hacking/cracking come out? Maybe windows virus authors should be made criminals? How about websites that use cookies to track you (doubleclick anyone?).

The problem with computers and hacking in general is that it's very hard to narrowly define what is and isn't a crime. Mitnick is a sure sign of this, as is Dimitri. On one side ($$) it's a crime of epic proportions, on the other side it's harmless fun, investigation, proving a point, whatever. This has been a problem since phreaking and probably far before....

hmmm

[the_other_one]

Microsoft regularly gives advice to hackers with this thing called the Knowlege Base.

They even have a program (IIS) that aids hackers in break in attempts.

Their new advertisement advocates the destruction of buildings.

This is clearly one of the worst terror organizations

The US and it's allies must take action

Re:Somebody has to say it, but...

[benedict]

How about growing marijuana?

Hack chinese websites..

[tempestdata]

So now if script kiddi3s in the US, decide to deface chinese websites, the Chinese authorities could legitimately, accuse the US of harboring Terrorists???

God Damn, I hate John Ashcroft...

[Bonker]

Let's all remember that this guy lost an election to a corpse, please.

Seriously, I'm afraid that this line of reasoning is only going to continue under the Bush administration.

Anyone who violates the conservative faction's very narrow definition of legality and morality is going to face harsher and harsher penalties. It's the 'hackers' right now. I'll be charitable and say that that means anyone who illegally breaks into a computer system or network. It will be expanded in the very near future to include anyone who violates non-circumvention clause of the DMCA. Seriously, how far are those two apart?

It can be reasonably argued that violating copy protections will put illegal technology or information in the hands of terrorists.

The logical progression is pretty evident from that point on. Anyone caught breaking a copyright will be targeted, and then anyone who illegaly owns copyrighted material will be targeted.

Hmmm... I wonder if I should encrypt the stash of Anime fansubs on my HDD. Wait, encryption is going to be illegal to! I'm a terroist either way!

Congress will just keep passing laws to give Bush and Ashcroft what they want in the name of 'National Security'. Don't think for a second that they won't.

Re:God Damn, I hate John Ashcroft...

[Keeper]

Ashcroft used to be a good person, fighting the good fight. But if you've examined what the man has done over the last 10 or so years, you'll notice a that the kind of legislation/government he supports has changed. He's gone from a good guy to a person who would seem to prefer life in germany about 60 years back.

A backwards approach to legislation

[melquiades]

This act and the DMCA are eerily similar. Both seek to address particular historical circumstances and events (e.g. Napster, terrorist attacks). Both sets of circumstances are genuinely complex and problematic. And, in both cases, there were already perfectly adequate laws more general laws which address the particular situation. We already have laws to address copyright violation, and we already have laws to convict violent criminals, spies, and yes...even hackers.

The DMCA and all these supposedly anti-terrorist laws, past and present, take a terribly backward approach to lawmaking. The best laws, like the best software, succeed on minimality and generality. Witness the excellent US constitution, which has been extremely effective considering how long it's been around. The constitution uses very broad terms -- "life", "property", "punishment", "vote" -- and very few specific terms. (Some parts are quite specific, like the quartering of soldiers bit. They seem very quaint now.)

Laws, like software, tend to break if they are designed in specificity but used in generality. The trouble with these new laws is that they create all kinds of special cases and extra circumstances designed for a particular moment in history, which we'll have to support for decades or even centuries. The new terrorist laws, in a way, are like the 640k RAM limit -- they seem good enough for now, but in the future, they'll cripple and break all kinds of things.

The difference is, in this case, it is our fundamental freedoms that are being to get crippled and broken. As always, please please please call your representatives and give them a piece of your mind. They are under a lot of pressure right now, and they need to hear from sensible people.

Re:A backwards approach to legislation

[TWR]

No, a warrant is tied to a particular phone line. This made sense when the only way to get a phone was through Ma Bell, and it took 80 gazillion years to get a new phone number or line installed.

Now, I could get a new cell phone every day of the week. And each one would require me to get a trip to a judge to get permission to listen in.

Furthermore, if I'm under survaliance and just go and borrow your phone, it would be illegal for the cops to listen in, because then they could be spying on someone who they are not looking for (you). The mob has been doing this trick for years.

The wiretap portions of this law make a lot of sense.

-jon

Re:Harboring the hackers

[MadCow42]

Ok, does that mean that datahavens like Sealand are now suddenly Terrorist cells?

They harbor data, quite possibly for "crackers", along with other "questionable" sources (along with many legitamite ones too). If I were them, I'd be a little worried.

MadCow.

USA harbors terrorists!

[www.sorehands.com]

Lets see, Kevin Mitnick is a hacker, a hacker is a terrorist, Mitnick is in the USA = USA harbors terrorists. The USA did not execute him on site.

Is everone infected with Code Red a terrorist?

Silly huh? Well, people thought it was silly to say that the attack would be used as an excuse to abridge our rights further.

Re:Somebody has to say it, but...

Is intrusion necessarily terrorism? If I break into the DMV computer system and replace their web page with something silly, that is certainly criminal, but it's more like vandalism than terrorism. Besides, wouldn't you be a traitor and not a terrorist even if these things did apply?

Also, does this mean that we no longer need virus programs and firewalls? I mean, who needs to lock their door when burglary is illegal?

And of course, how does this bode for tech workers? I often have to gain access to a customer's servers. Does this mean a simple "here's some credentials for you to use" is no longer enough? Do I have to have the admin at the customer's site file a contract with his boss and have his boss and himself and myself sign it each and every time I help them out, even if I'm just entering to check their logs because -- hey -- someone might later say it was unauthorized?

Ashcroft can suck my cock -- but we all know these things will be passed. And projects like mozilla.org that have sections on "hacking the code" will become villified for contributing to terrorism. Welcome to the witch-hunts; i'm finding a new line of fucking work.

Giving advice to hackers

[Phroggy]

Does 2600 magazine qualify as an organization that gives advice to hackers, and would therefore be classified as a terrorist organization under this new bill?

Re:Giving advice to hackers

[Rogerborg]

• Does 2600 magazine qualify as an organization that gives advice to hackers, and would therefore be classified as a terrorist organization under this new bill?

I'd answer that, but by doing so, I'd leave myself and /. open to prosecution on the same grounds.

We badly need a "scary" mod to use instead of "funny"

Re:Somebody has to say it, but...

[Alan]

... so the entire IIS team will be in the slammer RSN huh? :)

Re:Somebody has to say it, but...

[A+coward+on+a+mouse]

Agreed, people who steal credit card numbers are bad and should be punished. But this law makes no distinction between cracking into a big ass server and stealing credit cards and cracking into a tiny ass server to write your name on the home page.

You wouldn't think it was fair to sentence someone who scrawled "Kilroy wuz here '01" on the bathroom wall of a pizza parlor to life in prison, would you? Because that's what this law states: Scrawl your name on any website without the author's permission and be punished as if you were Osama bin Laden's personal hackmeister.

Unconstitutional

[UserChrisCanter4]

Unfortunately, I can't read the actual article, because securityfocus is /.ed, so I'll have to go by the summary.

abolish the statute of limitations for computer crime, retroactively...

/me breaks out my copy of the US constitution...

From Article I, section 9, paragraph 3:
"No Bill of Attainder or ex post facto Law shall be passed".

Ex Post Facto refers to laws having a retroactive effect, for those of you wondering.

So, as always, IANAL, but this sure doesn't sound constitutional to me.

So murder is less of an offense than hacking?

[Ingenium13]

Basically, if this were to be passed, it would tell the public that cracking/hacking is considered to be worse than murder. They even go so far as to say that giving advice to a cracker/hacker can yield life in prison! Is it just me, or is something seriously wrong here? I could go off and murder somone and receive less of a punishment than someone who defaced a website, resulting in a few hours of repairs by the administrator and the fixing of a securty hole. I'm sorry, but that's just not right.

Re:So murder is less of an offense than hacking?

[statusbar]

Yes, murder is less of an offense than hacking.

Hacking a military site can affect THOUSANDS of lives and national security.

--jeff

Re:So murder is less of an offense than hacking?

[Maul]

Why exactly are military sites necessary to the national security of the United States accessible over the internet in the first place?

Re:So murder is less of an offense than hacking?

[Rogerborg]

• Hacking a military site can affect THOUSANDS of lives and national security

Yes, yes, because things are always in black and white.

I see a security hole in a military site that potentially leaves military details exposed. I mail the admin providing full details of the exploit, and get no response. I mail the NSA/CIA and get no response. I tell a newspaper, but without them trying the exploit, there's no story, and they know that the 1st Amendment is no protection in these cases. Weeks pass. I genuinely worry that Joe Terrorist is rooting the box and threatening uniformed lives.

So, I crack the site to demonstrate that it can be done, and again send full details of the exploit to the admin.

You're going to jail me for life? I willfully and deliberately damaged the site, and there is no provision in this bill for intent. Why not? Why do I have to trust the government to not overreact? Why do I have to be afraid of being an active patriot?

But heck, I don't even have to debunk your extreme example. If I crack any machine that is used in interstate communication (read: any internet connected machine), I go to jail for life. Amazon, Hotmail, a mail server in my old college, my friend's open Win98 box. Go to jail.

To go back to the murder analogy, we don't have one charge that says "Committing violence" with a maximum penalty of life imprisonment. We have different charges with clear definitions, and scales of punishment.

Any reason why we can't do the same for computer crime?

Re:calm down

[stuccoguy]

You are talking about the same country in which courts upheld the expulsion of a six year old boy from an east coast school because he kissed a girl on the cheek? After all, a no tolerance policy is a no tolerance policy.

Re:Somebody has to say it, but...

[GrenDel+Fuego]

Hey, why not impose a life sentence for ignoring the "Don't walk on the grass" sign. It's no problem because you're fine as long as you don't walk on the grass.

Re:Somebody has to say it, but...

[__aaahtg7394]

this is a bit more like spraypainting it in big letters on their corporate headquarters.

which would get you in deep shit if you were caught.

Re:Somebody has to say it, but...

[ToLu+the+Happy+Furby]

Seriously-- why _shouldn't_ computer crime be crime?

Computer crime should be a crime.

But it already *is* a crime. The question is what is a just response to computer crimes. Some things which are *not* just:

• Sentencing someone to lifetime imprisonment without possibility of parole for a simple computer crime. Remember, if the crime really warranted such a sentence--for example, cracking air traffic control and causing planes to crash into each other; cracking a CIA computer and stealing national secrets--then the criminal would already be liable for serious punishment under existing laws--murder and espionage, in these cases.
  
  
• Retroactively eliminating the statute of limitations, allowing people to now be charged with computer "crimes" they committed decades ago.
  
  

What's even worse is the provision that giving advice or information which may be used to facilitate computer crimes is not only criminalized but subject to the same penalties.

To put it another way, if this law passes then someone could be given life in prison without parole for documenting vulnerabilities which allow systems to be compromised by a cracker or a worm. Indeed, it isn't clear that, with the removal of the statute of limitations, they couldn't charge the people documented the vulnerabilities responsible for eg. Code Red or Nimda under this law.

This provision is like the anti-circumvention provision of the DMCA writ large. Whereas at least the DMCA only applies to access-control restrictions on copyrighted material, this law could potentially make all discussion of any vulnerabilities which allow systems or information to be compromised illegal.

These provisions are so utterly preposterous and out of proportion to the crimes (or so-called crimes) discussed as to boggle the mind.

Renting appartments might get hard...

[aralin]

No pets allowed and no internet access allowed.
We do not harbor terrorists!

Am I dreaming or is this country really THE America?

Re:Somebody has to say it, but...

[sulli]

Yeah, but that doesn't exactly suggest that life without parole would be an appropriate penalty.

I kmew this Ashcroft guy was trouble.

welcome to the New America

[Dr.+Awktagon]

Where disrupting business is a crime equivalent to murdering thousands.

And the recording industry was happy because they convinced people that unauthorized duplication was somehow equivalent to theft of property or stealing from ships on the high seas. Well, I think this tops that!

I think the USA should just take a tip from the Taliban and make all crimes punishable by death or corporeal punishment.

And the message is clear. If you're a high school student thinking of hacking a bank web site and stealing credit card numbers, forget it, KILL THOUSANDS OF PEOPLE INSTEAD! You'll get the same punishment anyway, so do something more stylish!!

It seems a tad broad to me...

[DragonPup]

So what exactly IS hacking according to the ATA?(how ironic, it's a acrynoum, for a computer term) Seriously, how long before the DCMA is included in this? Will I face federal prosecution for telling a friend about gnutella because the program can be used for illegal stuff? Could CmdrTaco and CowboyNeal be dragged from their homes at 6 in the morning and sent to jail because Slashdot had posted a story that talks about the Microsoft security problem of the week, since that could be concieved as giving advice to hackers? I am writing my senators about this asking them to reject the overly broad terms of the ATA and computer 'hacking'. I hope a number of you do the same.

-Henry

Re:Enough with the whining

[mattdm]

So therefore, one shouldn't complain about bad laws? How can bad laws possibly get changed if no one complains? How will we stop even worse laws from being passed?

Re:Somebody has to say it, but...

[DeadMeat+(TM)]

Well, yeah, that's the solution to any crime in an ideal world. But the U.S. justice system is (supposedly) based on the punishment fitting the crime. Given the public's (and justice system's) paranoia towards computer crimes, it's pretty damn likely that somebody could spend more time in jail for breaking into somebody's computer than for killing somebody and then stealing their computer outright.

But maybe you're right. After we all, we all know the goverment has the best intentions in mind when they pass laws about computer and high-tech crimes. (*cough* DMCA *cough*)

Re:Enough with the whining

[ksw2]

(Er, troll?)

Crime is crime, yes, but the punishment should fit the crime. Adding a few words to a web page as a publicity stunt should not be punished in the same manner as multiple homicide, or armed robbery, or collaborating on a terrorist attack.

I suppose you'd feel comfortable in a society where the judicial system lopped off criminal's bodyparts, as well? Or caned you silly? No thank you. As it is, I think prison should be for VIOLENT OFFENDERS ONLY. There are many ways to pass a sentence on non-violent offenders, without prison, and without impacting society in such a heavy-handed legal and financial way.

--ksw2

Re:Enough with the whining

[leereyno]

MUST?????

While there are many things in life that I MUST do, obey the law is not one of them. I think you're a bit confused about the meaning of the word must. Eating is a must, breathing is a must, doing what the state tells me to is not.

Lee

Re:Somebody has to say it, but...

[blkros]

Actually it's not hackers or crackers, it's 'computer tresspasers'--according to the language of the bill. And from what I could garner out of the rest of it--if you do anything that the government doesn't like "you might be a terrorist". Wahoo.

Re:Somebody has to say it, but...

[kilgore_47]

How about growing marijuana?
That is an excellent example of a victimless "crime" that numerous goodhearted American people are rotting in jail for right now.

Ashcroft's new proposals, though, go far beyond making computer-crime 'crime'. It already is. What he's doing is making it terrorism. People could be jailed for life for the electronic equivilent of graffitti.

"I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."

The irony is that he wants to fight assaults designed to change the purpose of government by changing laws in direct response to a terrorist attack.

The long-term damage from the terror attacks will come from our leaders as they exploit public rage to slip new crap like this into federal law.

Re:Enough with the whining

[Popoi]

Segregation used to be a law too. The point being that if you think a law is wrong, you try to get it changed. Y'know, civil disobedience, lobbying, "The price of freedom is eternal vigilence" and all that..

Does that include ... ?

[Lumpish+Scholar]

Anyone making life easier for a "hacker" (cracker) could be sentenced to life without parole?

Bill Gates had better pack his bags now! ("... the most cigarettes.")

is it just me...

[fanatic]

...or is securityfocus.com one of the slowest, ugliest websites anywhere?

Did terrorist actually use anything hightech?

[Tachys]

I just want to know as anyone found any evidence of terrorists using anything "high tech" for WTC?

The highest tech I have heard of is using email at Kinko's.

Re:calm down

[leereyno]

What about the hundreds of politicians in Washington who do nothing but look for innovative ways to hurt the party opposite their own?

Party politics and blind partisanship is the root cause of an awful lot of bullshit in our government.

Lee

The difference

[snilloc]

This is not ex post facto because the acts performed were crimes at the time they were committed.

It's still stupid though.

Re:The difference

[ncc74656]

This is not ex post facto because the acts performed were crimes at the time they were committed.

<devils-advocate>
Assuming for the moment that somebody in the distant past did commit some sort of computer crime that was on the books at the time (or any other crime, for that matter), if the statute of limitations has already expired, wouldn't conjuring up a law to extend/abolish the statute of limitations for the purpose (express or implied) of going after such an individual still run afoul of something? If not the prohibition on ex post facto laws, isn't there something else that would apply?
</devils-advocate>

(IANAL, of course, so I could be completely off-base on this.)

Re:Well Gee

[ichimunki]

Your post would be more believable is you hadn't confused Mississippi with Missouri.

Re:Hmmmm...

[Pedersen]

Actually, parole was something mentioned in the article. You see, it seems that the federal justice system doesn't have a concept of parole. I may have to leave the country sometime soon, just to have any shred of freedom left. Anybody got any suggestions?

Re:Somebody has to say it, but...

[TheAJofOZ]

why _shouldn't_ computer crime be crime?

The problem here isn't so much that they're saying that computer crime is illegal - more that the punishment is ridiculously severe. When deciding on a punishment, you have to decide what the aim of punishment is and how best to achieve that aim. In this case however, the law makers seem to have the aim of getting votes and the best method is to be tough on terrorism of any kind. It pulls at the heart strings of the nation so of course it gets votes.

Besides the political goals though, there are two main aims people have for utilising jail terms as punishment. The first is to remove the villian from society so that we can all forget about them and feel safe again - the death penalty is much more effective at achieving this aim so why not just use it? Some countries take this approach and it works, there is almost zero crime because people know if they commit a crime they are either executed or deported. The problem with this approach is twofold, firstly it expects everyone to lead a near perfect life and never make a mistake (think of how many teenagers commit once off offences to look cool and later learn from their mistakes and go on to be useful to society. The other problem is that eventually you punish the wrong guy and there's no way to set him free again.

The other aim for imprisonment is to teach people a lesson so they can rejoin society and live happily with everyone else again. Countries such as the US and Australia (and many others) with long jail terms don't acheive this goal at all well. The revolving door prison system is well known - most offenders wind up committing more crimes and going back into the system. However, countries which use shorter jail terms tend to have much lower crime rates. Instead of being locked up for 20 years and becoming bitter against society, you spend one or two years in a correctional facility where you are taught skills to help you survive in the world, go through drug rehabilitation if needed and work with councellors to deal with a disturbed past that may be haunting you. After that you have a much better chance of coming back out into society and not only abiding by the law, but also contributing to the community. If you think the cost of this approach is just too great, think about the cost of keeping people in prison for those extra 18 years and you'll find it works out a lot cheaper. It is not a 100% effective measure, some people will recommit and you need to have ways to deal with that - either through different methods of punishment or by longer imprisonments. It does however give criminals a chance to learn from their errors and adopt new skills to remove the temptation to recommit. After all, isn't that what punishment is all about?

Re:The answer is simple

[BlowCat]

I really wish that I had mod points to mod you up. But please keep in mind that it's sometimes very hard to prove that you had only good intentions when you were posting an exploit to a mailing list after some bastard uses it to blow up a shopping mall before Christmas.

Re:oh jesus...

[PM4RK5]

It is the same problem people had with the outbreak of school violence. They immediately went to blame violent video games as the 'sole' cause. Also, take cell phones and automobile accidents for example. People blamed those, even though they are one of the smallest causes.

In essence, people look for the easiest thing to blame, which usually ends up being technology, since its 'new,' it must be the source of 'new' problems like terrorism, even though there is no true solution or source to blame for such occurances.

Re:The answer is simple

[Laplace]

It isn't that simple. Consider the case of Randall Schwartz. In my opinion, he clearly broke the law and paid for it. The ruling was fair, he learned his lesson, and he still manages to make many positive contributions to society.

What you're saying is that smart people like him, who sometimes use a little poor judgment, should be given life sentences in prison? You're saying that was Randall did is on the same level as murder?

Not broad enough!

[kindbud]

Testifying before the House Judiciary Committee, Ashcroft defended the proposal's definition of terrorism. "I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."

Seems like this bill needs to be broadened to include itself and John Ashcroft, both of whom seem hell-bent on changing the purpose of government.

List of contacts

[GigsVT]

Judiciary Committee List
Name, party, state, phone, fax, e-mail.

James Sensenbrenner, Chair, R-WI, (202) 225-5101,(202) 225-3190,sensen09@mail.house.gov
Henry Hyde, R-IL, (202) 225-4561, (202) 225-1166.
John Conyers Jr., D-MI, (202) 225-5126, (202) 225-0072,john.conyers@mail.house.gov
George Gekas, R-PA, (202) 225-4315, (202) 225-8440, askgeorge@mail.house.gov
Barney Frank, D-MA, (202) 225-5931, (202) 225-0182
Howard Coble, R-NC, (202) 225-3065, (202) 225-8611, howard.coble@mail.house.gov
Howard Berman, D-CA, (202) 225-4695, (202) 225-3196,Howard.Berman@mail.house.gov
Lamar Smith, R-TX, (202) 225-4236, (202) 225-8628
Rick Boucher, D-VA, (202) 225-3861, (202) 225-0442,ninthnet@mail.house.gov
Elton Gallegly, R-CA, (202) 225-5811, (202) 225-1100
Jerrold Nadler, D-NY, (202) 225-5635, (202) 225-6923, jerrold.nadler@mail.house.gov
Bob Goodlatte, R-VA, (202) 225-5431, (202) 225-9681,talk2bob@mail.house.gov
Bobby Scott, D-VA, (202) 225-8351, (202) 225-8354
Steve Chabot, R-OH, (202) 225-2216, (202) 225-3012
Mel Watt, D-NC, (202) 225-1510, (202) 225-1512, nc12.public@mail.house.gov
Bob Barr, R-GA, (202) 225-2931, (202) 225-2944, barr.ga@mail.house.gov
Zoe Lofgren, D-CA, (202) 225-3072, (202) 225-3336, zoe@lofgren.house.gov
William Jenkins, R-TN, (202) 225-6356, (202) 225-5714
Sheila Jackson Lee, D-TX, (202) 225-3816, (202)225-3317, tx18@lee.house.gov
Christopher Cannon, R-UT, (202) 225-7751, (202)225-5629, cannon.ut03@mail.house.gov
Maxine Waters, D-CA, (202) 225-2201, (202) 225-7854
Lindsey Graham, R-SC, (202) 225-5301, (202) 225-3216
Marty Meehan, D-MA, (202) 225-3411, (202) 226-0771, martin.meehan@mail.house.gov
Spencer Bachus, R-AL, (202) 225-4921, (202) 225-2082
William Delahunt, D-MA, (202) 225-3111, (202)225-5658, william.delahunt@mail.house.gov
John Hostettler, R-IA, (202) 225-4636, (202)225-3284, john.hostettler@mail.house.gov
Robert Wexler, D-FL, (202) 225-3001, (202) 225-5974
Mark Green, R-WI, (202) 225-5665, (202) 225-5729, mark.green@mail.house.gov
Tammy Baldwin, D-W, (202) 225-2906, (202) 225-6942, tammy.baldwin@mail.house.gov
Ric Keller, R-FL, (202) 225-2176, (202) 225-0999
Anthony David Weiner, D-NY, (202) 225-6616, (202)226-7253
Darrell Issa, R-CA, (202) 225-3906, (202) 225-3303
Adam Schiff, D-CA, (202) 225-4176, (202) 225-5828
Melissa Hart, R-PA, (202) 225-2565, (202) 226-2274, melissa.hart@mail.house.gov
Jeff Flake, R-AZ, (202) 225-2635, (202) 226-4386

I'd love so see some of these bastards go down

[twitter]

Yes, I'd get a real kick out of seeing some script kiddies get hauled off. I hate all of the port scans I get, especially considering the reason is generally to set up a warez site. Distributing MS trash or "Planet of the Apes" by compromised computer is a double crime! You can throw in all those pesky syadmins from @Home while you are at it. Oh, if only we could spank the folks who write cracker tools. I'd like to consider my little subnet a collection of "protected computers" and see my government smash the folks that would abuse it.

I doubt this bill would give me that and I'm not willing to pay the price asked even if it would. Uncle Sam will make his own definition of "protected computer" and it aint me. Enforceability? What a joke. Why should I trade non existent protection for further erosion of the security of my property, papers and personal effects from unreasonable search and seizure?

Anger and vengence are poor advisors and they make bad laws. This set of laws are hyserical.

So let's do something about it

[GrouchoMarx]

OK, a lot of people are crying that the sky is falling, that the jack-booted Nazis are at the gates in Washington (both the East Coast one and the West Coast one), that the totalitarian Big Brother is at hand. Is it? Hell, I don't know, but I'd rather not find out. This is still a democracy, folks, that means YOU have power. Even between elections, you have power. Because politicians, whatever else they are interested in (money, power, actually helping people, getting blowjobs from secretaries), are interested first and foremost in one thing: Getting reelected. Make them think that if they pass something asinine and unconstitutional, that there WILL be repercussions. Yes, scare the bejebers out of your congressman/woman and senator.

It takes TEN letters (dead tree letters, email gets deleted immediately) for a Senatorial office to open an issue. TEN. (According to Illinois Senator Dick Durban.) And regardless of the advertising and commercials that politicians raise huge war chests to fund, on election day it is YOUR VOTE that decides who ends up in DC. (East Coast, you have no say over the West Coast one.)

I'd like to issue a call to everyone who posted something modded up to 3 or above: Write a letter to your representatives with the same level of intelligence and Interesting/Insightful content. Write it once and send it three times, once to your Congressperson, and once to each Senator. Fax it if you'd prefer. (Snail mail and fax are what they like the most.) Keep it to one page. Reference the Constitution. Refer to yourself with your most impressive title. (Professor, Ph.d, Senior Engineer, Graduate Student, Independent Developer) and as a registered voter. In the name of the Tux do not tell them that you don't vote, even if that's the case (in which case you should be ashamed of yourself). Then when the next election rolls around, ignore the commercials, take an hour to do your own research, and vote for the candidate that did not support revoking the 4th Amendment and violating Ex Post Facto. It works. (See also: Former Senator Alan Dixon)

For those of you in countries outside of the US, the same applies to you. The Canadian, British, Australian, French, German, etc. governments are all popularly elected as well. (At least the active parts of the British government, anyway.) Politicians are the same everywhere. The same tactics apply. Use them. If you don't, you have no one to blame but yourselves.

Re:So let's do something about it

[GrouchoMarx]

The Washington on the West Coast, not the DC on the West Coast. The West Coast Washington is a state, a state in which there is a city called "Redmond", in which is another evil anti-consumer entity. You may have heard of them.

I'd Complain But...

[Greyfox]

We're already at the point where everything not prohibited is mandatory and there's no way you can go through your day-to-day life without breaking some law or other which may or may not be enforced arbitrairly against you. If our technological edge slides too far and the USA seems like it's in danger of becoming a third world country due to these stupid laws, I'll just move to some more sensible country.

Of course Congress is also showing quite a bit of reason in the face of Ashcroft's demands, too, so maybe calmer heads will prevail. Though I tend to be a glass-is-half-empty kind of guy when it comes to such things.

security through imprisonment.

[_ph1ux_]

John Ashcroft announced today that the NSA has devised a fool proof deterance to E-terrorism. The new method is called Security-Through-Imprisonment, or STI.

The premise of STI is that civilian and military systems dont need to be secured, but instead laws need to be put in place that will require life sentances for so much as a failed telnet login attempt.

In response to our questions Ashcroft had the following statement: "Everyone is aware that securing Microsoft products is as futile as the war-on-drugs(TM), so we decided that rather than attempting to fix the systems - we will just send these E-Terrorists to prison for life for their crimes against Freedom(R). It is important for us to protect-our-children's(TM - H. Clinton) future in the wake of this terrible tragedy. Our new policy is called "If you cant do the right thing, then just do something"

Sure, but what can we do?

[Rimbo]

Democracy is not a spectator sport. We have to get involved. Who do we write to? Who do we call? Who can we contact to see that this doesn't stand?

Re:Sure, but what can we do?

[unformed]

How the hell is this funny? Insightful, yes, but not funny.

(I'd mod you up for Insightful but I don't have any mod points....)

Re:Sure, but what can we do?

[Rimbo]

if freedom is something that we have to proactively go after, then WHY THE F**K cant the people setup to be representatives go after the peoples opinion.

The answer is obvious, and was well-known by the Founding Fathers of our country: Because power corrupts. Among the other philosophers, the founders of the USA were fans of Thomas Hobbes, who had a dim view of human nature.

This is why "the cost of freedom is eternal vigilance" (Jefferson). Freedom in life always implies responsibility. And in this country, the individual freedoms we enjoy demand individual responsibility to ensure that those freedoms are defended, and not just through voting once every two or four years.

It's just like when you first move away from home and discover that no one will do your laundry and cleaning for you. When you live in a democracy someone WILL make policy for you -- but if you don't get involved, expect it to be a policy you don't like.

Re:Somebody has to say it, but...

[1010011010]

I suppose I could go to jail now over that stupid cuecat stuff.

Sigh.

Re:Somebody has to say it, but...

[frank_adrian314159]

Depends on the crime. Cracking a big DB of credit cards yes...

Oddly enough, according to the bill the deciding determiner of whether the unlawful act is a terrorist act is whether or not it was done for financial gain. So hacking a DB of credit card info ISN'T a terrorist act, while snooping around because you want to learn something IS.

I'm sure that violation of the DMCA will be covered under this act soon, as well...

What bothers/scares me...

[AtariDatacenter]

Is that for IT support staff that have really good skills, some activity may inadvertantly be redefined by others as 'hacking'. (For example, putting a screen saver on the computers in the computer lab.)

That alone is scary enough, but now even stronger punishments, and treatment as what I am going to guess is a capital crime? Ouch. IT is looking even scarier.

(Is scarier a word?)

This is nothing new...

[Hacker+Cracker]

It's nothing more than the same old reactionary garbage legislation that's been coming down the pike. And it's not surprising that this is what congress has come up with either--after all, if it didn't work last year, then do more of it next year...

As David Quinn put it quite eloquently:

When the Israelites escaped from Egypt in the 13th century B.C., they were literally a lawless horde, because they'd left the Egyptian list of prohibitions behind. They needed their own list of prohibitions, which God provided--the famous ten. But of course ten didn't do it. Hundreds more followed, but they didn't do it either.

No number has ever done it for us. Not a thousand, ten thousand, a hundred thousand. Even millions don't do it, and so every single year we pay our legislators to come up with more. But no matter how many prohibitions we come up with, they never do the trick, because no prohibited behavior has ever been eliminated by passing a law against it. Every time someone is sent to prison or executed, this is said to be "sending a message" to miscreants, but for some strange reason the message never arrives, year after year, generation after generation, century after century.

Naturally, we consider this to be a very advanced system.

Quite depressing, really. (The whole text can be found here, BTW)

But what can you expect when the whole world has bought into the idea that there is absolutely nothing that any one person can do to change things?

-- Shamus

Bleah!

Flying Instructors

[chazR]

I assume you know that *all* flight training is currently banned in the USA? Yes, that's right. If you are a flying instructor, currently *you cannot* train students.

Well, you won't go to jail. But the FAA will take your pilot's license away. If you are a pilot, that's nasty. Check out news://rec.aviation.pilots for more.

Without passing a law, without recourse to a *single* elected person, thousands of US citizens have had their source of income removed.

Well, that makes us all safe doesn't it?

Re:Flying Instructors

[pjbass]

Hmm. CNN had a great piece on last night (Sunday) that the FAA has approved flight training planes to be allowed to fly again... The only catch is that no solo flights; the instructors must be in the plane at all times with the students. So, I won't discredit your statement, since it was very valid, and your larger point is VERY well taken. I just wanted to point out that people are flying/training again; they just have a bit more restrictions on student freedoms.

It's all starting to make sense

[Zen+Mastuh]

• Headlines stating "Computer Crime costs U.S. business $X Billion" when a single attack causes a salaried admin to work longer hours ($0 additional cost) to install patches & virus files that are provided for free or at nominal cost with the purchase of the product.
• Remember when someone DDOS'd cnn.com & ebay.com? The DoJ head (Reno?) said that the companies suffered millions of dollars in lost revenue, when the revenue was merely postponed by fewer than 24 hours.
• Reagan's War on (Some) Drugs functions by seizing and selling all assets of anybody suspected of a drug offense, leaving the person unable to afford legal defense. Congress waited through nearly 20 years of constant complaints from Civil Liberties groups before admitting that the practice violates 4th Amendment rights. In the mean time, billions of dollars have been shifted to federal, state, & local police and our prison population is the world's largest by far.

Our (U.S.ians) government has its secret agenda, which is closer to the agenda of Corporate America than yours or mine. Their media (five companies) only disseminates the information favorable to its own outcome. Welcome to the machine.

Interstate commerce

[wnissen]

The only reason it restricts itself to only governments and military computers is that the US Gov't doesn't have jurisdiction over crimes that happen to other computers. See the interstate commerce clause in the Constitution.

However, it's a rare computer that isn't involved in some kind of interstate commerce. Probably you're safe if you stick to the .edu domains, but anything else is asking to test a very tricky boundary.

Walt

Divide and Conquer

[Sloppy]

All arguments for treating crackers like a special, would apply to any other type of criminal or suspected criminal. So why not apply the same bitchslapping against rapists, murders, etc?

This is definately a "divide and conquer" style attack. The old "they fucked x but I wasn't x so I didn't say anything .... and then they fucked me, and no one was left to speak up" applies here. Crackers are x today.

Canada's too close!

[Robber+Baron]

Hey, I LIVE in Canada and right about now Ireland is looking mighty inviting. Only 20 miles separate me from the US...not enough IMO!

Re:Somebody has to say it, but...

[digitalmonkey2k1]

More importnantly i think there is an overlooked injustice. By merely providing informaion to a "hacker" it is covered under the same law, as if to make knowledge in its self illegal to know. What limits will they stop at, will siply consorting with a "hacker" be enough or will they try to argue the point of posting information freely being in direct violation. This all seems a bit too similar to the beginings of the Loft situation that happened, if they actually suceed this time it can go down hill fast. We are looking at the potential of wrongfull inprisonment of anyone posting security flaws! This may even bring more issues to the open source debate, they have already tried to claim it unsecure because everybody being able to se how everything is done, with ibm servers now running linux there could be very strong motions to have even that evaluated!

Re:Why shouldn't hacking be considered terrorism?

[ttyRazor]

As I said in an earlier post, compared to what happened in New York and Washington, "cyber-terrorism" is a trivial and pointless video game. The "damage" caused by stupid DoS attacks is a mere annoyance compared to being ripped apart by randomly placed explosives or kamikaze airliners.

Nice troll, you almost had me until you called IIS "elegant", but just in case you actually convinced someone I figured I should feed you anyway.

in Calif. we have "USE a GUN go to jail"

[Archfeld]

among several other MORONIC laws passed by grandstanding Politico's seeking reelection.
RANT
Someone needs to educate ASSCROFT, but Ghandi and Mother Theresa are both dead, and few others would have the patience to deal with a person who makes a BOX of ROCKS look gifted.
/RANT

Re:Somebody has to say it, but...

[overunderunderdone]

I'm not against bad things being a crime, but who gets to define what is a crime or not?

Um, Legislators? That is the entire, whole, and only point of a legislator.

Well (all in a huff) who decides who the legislators are? Well that would be all of us collectively. Some things that you think should be O.K. will sometimes be made illegal because the rest of the people don't agree with you that it is O.K. or don't care enough about it to change thier representation.

On one side ($$) it's a crime of epic proportions, on the other side it's harmless fun, investigation, proving a point, whatever. This has been a problem since phreaking and probably far before....

Cracking into someone elses computer system, intentionally writing a destructive virus, etc. are all crimes and they should be treated as such. I don't particullarly care if someone breaks into my house and goes through my papers for "harmless fun, investigation or to prove a point" I want them arrested - the same goes for someone who breaks into or intentionally damages my computer.

Hehe... hey, Beavis!

[BOredAtWork]

He conducts Penetration Testing for a living!

Sorry, couldn't pass it up :-).

Oh, and about your sig... I'm still 100 times better than you are! Woho!

Re:no it isn't

[nodrip]

I'll repost here so everyone has a chance to argue the point. God damn US Law is spagetti code!!! :)

Piecing it together:

Sec. 2510. Definitions -
(17) ''electronic storage'' means -
(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication; and
(18) ''aural transfer'' means a transfer containing the human voice at any point between and including the point of origin and the point of reception.
(19) `protected computer' has the meaning set forth in section 1030; and
(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.

This area relates to making it legal to listen in on computer communications. e.g., the fbi and cia under these provisions are not commiting a crime. no big deal.

On the next (big) point:

from the proposal:

1030(a)(1), (a)(4), (a)(5)(A), or (a)(7)
(relating to protection of computers),

You sited A-2, note A2 is not mentioned.

From section 1030 a1, a4, a5a, and a7 -
(http://www4.law.cornell.edu/uscode/18/1030.html)

(a) Whoever -
(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section

Hacking Hotmail or any other communication system for fun, would not fall under this bill.

Re:Somebody has to say it, but...

[Foogle]

Um, you were willfully circumventing their network security. Clearly file-sharing over the network had been disabled, yet you decided that you knew better than the Network policy-makers.

Hey, maybe you did know better than them. But it doesn't change the facts, which are that you installed a program with the intention of getting around restrictions that were deliberately placed on the network.

It's not hard to think of reasons why Network Admins wouldn't want FTP daemons running on systems connected to the network.

How is that different ?

[Archfeld]

Both are cases of Vandalism or even maybe destruction of public property because it is on the VERY PUBLIC NET. The only mitigating factor is the cost of the damage and clean-up. Why don't we enforce the laws we have, instead of pushing for new foolish ones ? Easy, because no Politician will get KUDOS for enforcing old legislation, but they will get BIG PUBLICITY for enacting new legislation in the current climate...

Re:Somebody has to say it, but...

[unitron]

If your co-worker had a legitimate need for the file why couldn't you call up the IT department, tell them the problem, and tell them to do their job and fix the problem?

If they wanted to give you a song and dance about "the server's down, you'll just have to wait", tell them "here's a way around that", if they balk, go over their heads and tell whoever's got power over them that their incompetance is costing the company time and money.

Re:Nobody has to say it, but...

[Amazing+Quantum+Man]

Constitutionality will be questioned and laws like these, along with the careers of the idiots who propose them, will go the way of the dodo.

If we're lucky, the laws will go that way. I sincerely doubt that the careers of the idiots will, though.

What we need in the US is a law that punishes those who pass blatantly unconstitutional laws. Of course, since Congress routinely exempts themselves from legislation, they'd exempt themselves from this, too!

Re:Hacking IS A COMPUTER CRIME YOU STUPID IDIOT!!!

[Mashiki]

And we should make the gaining of knowledge though legal means a crime as well? That's what this law implies. It's one small step to go from "hacking is a crime" to any "hacking related events are illegal" aka Defcon, 2600 gatherings. Or better yet, anything that is not taught by the goverment in sancitioned classrooms is a crime punishable by "life in jail".

Mashiki
--
Assholes, I'm surounded by Assholes!
--

Very disturbing, but not quite as bad as it seems.

[Dr.Dubious+DDQ]

The specific sections of "computer crime" law that appear to be reclassified as "terrorist acts" appear to be only:

1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)

Which are:

• (a) Whoever -
  (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;[...]
• (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
• (5)
  (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
• (Interestingly, they don't seem to include B and C under this act as "terrorism", which are similar to section A, and are almost identical to each other - I have no idea why they have them. "B" says "(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage;". C is word-for-word the same, except without the word "recklessly". ANy idea why they have them both?)
• (7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section.

In short, the only "computer crimes" listed as "terrorism" by this act are stealing US Gov't, Inc secrets by computer, maliciously hacking into a system with intent to steal valuables (aside from CPU cycles), and using threats of malicious computer hacking to extort.

The only one that concerns me very much here is 5A - it seems like high-paid corporate lawyers could easy "prove" that for example, if 1337D00D@scriptkiddy.com maliciously hacks into www.microsoft.com and puts a link to his website on the index page, that he's obtained at least $5000 worth of advertisement...

Come to think of it, I'm a little leery of the "or exceeds authorized access" bit in (4) - if one "accesses" a computer to purchase and legally download some proprietary "protected" piece of music or video, and finds a way to convert it to a nonproprietary format for personal use, has one "exceeded authorized access" and is therefore not merely a DMCA Criminal but a full-fledged DMCA Terrorist? It's a bit of a stretch, but I think a wealthy corporation can buy enough lawyer-approved powerpoint slides "proving" this to a non-technical jury...

Re:Somebody has to say it, but...

[friscolr]

also consider Bush's recent comments concerning the New War on Terrorism:

1. it will be a long war
2. it will be a secretive war
3. the U.S. government will not necessarily reveal evidence against the terrorists they uncover.
4. the U.S. government expects all other governments to comply and assist with its anti-terrorist actions.

now make hacking terrorism.
now make assisting hacking terrorism.
now make hacking crimes retroactively punishable.

i've read bugtraq for years and have not informed the FBI about all the vulnerabilities released on that mailing list - will this make me negligent and punishable? will my punishment come in the form of an official court prosecution, or will special forces be sent in to take me out without ever letting anyone else know? if i move to Norway, will Norway allow the Navy SEALS to seize me?

Beware, that unmarked white van may be coming for you.

Yeah, sure, very paranoid to think that way, but consider history and consider how other police states have started their lives: will we be naive enough to let this one start as well?

Re:Who is the greatest financier?

[Dr.Dubious+DDQ]

Fact: The Bush Administration gave the Taliban ~$43 million only four months ago to "curtail opium production".

I'd be quite interested in the details of this. If that's accurate, not only would the legislators who voted for it be supporting a terrorist state, but it would also demonstrate the funny-yet-sad possibility that the hysteria of the "War on Drugs(tm)" has been working AGAINST the "War on Terrorism(tm)(Pat.Pending)"...

Now 15 year old pranksters can get life...

[Maul]

While rapists and perpetrators of other violent crimes that do physical damage to others get off easy. God Bless America!

Re:Enough with the whining

[UnknownSoldier]

> The DMCA may be evil, but while it is law you must obey it!

*Bzzt* Wrong. Thank you for playing today though!

1) US law doesn't apply to many /. readers
2) To paraphrase Augustine's famous remark "an unjust law is really no law at all."
3) We have the moral right of civil disobediance to strike down unjust law(s).

> Why is it that every slashdot poster is some sort of liberal hippy freak?
A broad claim based on what data??!

However, there are certain liberals posting on /. because they AGREE with the founding fathers views. Namely,

"The issue today is the same as it has been throughout all history, whether man shall be allowed to govern himself or be ruled by a small elite." - Thomas Jefferson

"Those who give up essential liberty, to preserve a little temporary safety, deserve neither liberty nor safety." - Ben Franklin

Cheers

Re:Enough with the whining

[Amazing+Quantum+Man]

Why? Whining is about the only right we'll have left if Ashcroft gets his way.

<SARCASM>
Don't you know? Complaining about unconstitutional laws is the mark of a terrorist! They're going to give life imprisonment for that next!
</SARCASM>

This is seriously upsetting

[alsta]

On one part, Ashcroft is doing something to cover for the alledged Chinese hackers who wish to circumvent electronic security and go after the perps. While action on this part is definately welcome, there are a few more things one should consider.

On the other hand, it is one more way for the corporations with big bucks to insist on severe punishment for 14 year old kids. And no, there is no limit for how old a person must be to be labeled "terrorist".

If somebody successfully steals a database with credit cards, the company that created that database should be indicted just as well as the cracker. Why? Because they are NOT SUFFICIENTLY protecting their database. When my Egghead account was compromised I got pissed at them, not just the guys who cracked their security. If a company that wishes to have my credit card number and SSN or whatever, on electronic file, they should damn well protect that information. There are instances where people have been convicted by clause of negligence, or comparable negligence. Why is this any different? I mean, if I leave a white plastic bag with a million dollars on the curb outside the Marriott in San Francisco and I find that somebody took it, why is it that I am negligent? Because I didn't take good measures in protecting that which I meant to keep to myself!

But by all means, beef up the security around Government computer installations. I'd be happy to let my congressman pass a bill for another $5 billion to do this.

However this bill is undoubtedly going to make many people "terrorists", just because they circumvented the copy protection of Windows XP or something like that. I do not support this bill.

Alex

Re:Somebody has to say it, but...

[Genom]

"you might be a terrorist"

Sounds like a scary parody of the Jeff Foxworthy "...you might be a redneck" standup bit.

Re:The actual Anti-Terrorism Act bill

[Amazing+Quantum+Man]

and bear in mind it is a proposal, to be rewritten by lawyers sensative to people's rights, and later passed by capitol hill before it becomes law

The same way that the DMCA was rewritten by lawyers sensitive to people's rights?

When petty crimes overshadow serious ones

[fishbowl]

Making "computer crimes" rise to the same legal level
as say, cutting a stewardess' throat and crashing a plane
into a building, does NOT serve to increase the magnitude
of "computer crimes", it rather LOWERS the magnitude of
the truly serious crimes. If you can expect the same punishment for something like defacing a web page
as you can for blowing up a car bomb, then that means
a car bomb suddenly isn't such a bad crime.

It's like saying Marijuana is the same thing as Heroin.
It doesn't make marijuana "worse", it implies that heroin
is somehow no more or less acceptable.

There might be parallels in the abortion==murder campaign as well.

Draft letter to legislator

[wytcld]

Please reject all parts of Ashcroft's terrorism bill that deal with computer
use, as they are almost entirely misconceived, repressive and overly
punitive measures that have little if anything to do with any threat from
real terrorists. Computer professionals depend on knowledge and skill. Just
as medical students sometimes commit pranks, so do computer students. When
those pranks cause losses, those losses can be dealt with through
conventional legal penalties. But lumping them with the deadly acts of
terrorists is the surest way to alienate the good young minds we need in the
computer profession, particularly those with the knowledge of security
measures needed to keep our systems secure - which can only be gained by
testing the limits of those systems.

Re:Somebody has to say it, but...

[fishbowl]

>When deciding on a punishment, you have to decide what >the aim of punishment is and how best to achieve that aim.

The aim of any punishment in our current system
is to increase the revenue of the Prison Industrial Complex.

That's right, prisons are profitable, and the more people
they lock up, the more profitable they are. And the whole
time they can complain about how much it costs to incarcerate someone, without putting that costs side by
side with how much money goes INTO the prison system.

Stupidity

[Ogerman]

I'm sure all the hardened foreign *crackers* are just running in fear now that the US proposes stiffer penalties for attacking computers residing in.. *errhh.. wait a minute.. where is the geographic location of the machine with that destination IP address again?!... darn packet filters, anonymizers, and misconfigured routers. Geez, these guys must be routing through 20 machines or something.. *POOF* darn.. lost 'em again. Good thing we'll nail some clueless, immature middle/high-school/college kids for little mischievious acts, though. Gotta stop terror at it's source.

And writing viruses? Isn't that a 1st Amendment violation in the first place? The first 'viruses' were born in an academic environment surrounding the research of 'artificial life.' And ever consider that a binary sequence that represents a "virus" in the context of one operating environment could very likely be a benign set of instructions in another? (especially if you bitwise shift left or right or perform other transformations on the data such as compression). Try this if you have access to a windoze box: Load up a bunch of common virus scanners and then try to download some tarballs of your favorite source code. I guarantee you'll get "virus warnings" at random--some based on heuristics, some as direct matches. Computer viruses, like biological ones, can only co-exist with vulnerable hosts. Maybe instead we should outlaw operating systems without reasonable security and access controls. *cough*windows*cough*.

We might need some new laws to help fight terrorism, but this is NOT one of them. May I suggest: 1.) Repealing the restriction on US supported overseas assassinations 2.) Cockpit "airlock" (2 doors) and non-lethal defense mechanisms on all passenger aircraft 3.) More stringent background checks on immigrants and airport employees.

What I see...

[smack_attack]

What I see, is more people getting laid off...
from the airlines
and the airplane makers
and the airports

What I see, is George Bush spouting more rhetoric...
things are gonna be hard
we have to make some sacrifices
go back to work and be productive

What I see, is executives of companies...
still getting big paychecks and bonuses
living in their big house
driving their big suv or lexus
hecho en mexico

What I see, is more laws taking away our rights...
turning us into a police state
protecting corporate interests
and making more laws from a knee jerk reaction

What I see, is a long road ahead of us...
where our fellow Americans die
to protect Starbucks and McDonalds
protecting our corporate profits and earnings

What I see, is the bomb being dropped...
but not by us
because we can't do that
we're too civilized

I hope we have something worth fighting for after everything is finished.

Here is the applicable United States Code

[PenguiN42]

From our proposed bill:

"SS 25. Federal terrorism offense defined

As used in this title, the term `Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate-
...1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)... "

And here are the sections from the US Code that it refers to:

"Sec. 1030. Fraud and related activity in connection with computers

(a) Whoever -
(1) having knowingly accessed a computer without authorization
or exceeding authorized access, and by means of such conduct
having obtained information that has been determined by the
United States Government pursuant to an Executive order or
statute to require protection against unauthorized disclosure for
reasons of national defense or foreign relations, or any
restricted data, as defined in paragraph y. of section 11 of the
Atomic Energy Act of 1954, with reason to believe that such
information so obtained could be used to the injury of the United
States, or to the advantage of any foreign nation willfully
communicates, delivers, transmits, or causes to be communicated,
delivered, or transmitted, or attempts to communicate, deliver,
transmit or cause to be communicated, delivered, or transmitted
the same to any person not entitled to receive it, or willfully
retains the same and fails to deliver it to the officer or
employee of the United States entitled to receive it;

(4) knowingly and with intent to defraud, accesses a protected
computer without authorization, or exceeds authorized access, and
by means of such conduct furthers the intended fraud and obtains
anything of value, unless the object of the fraud and the thing
obtained consists only of the use of the computer and the value
of such use is not more than $5,000 in any 1-year period;

(5)
(A) knowingly causes the transmission of a program,
information, code, or command, and as a result of such conduct,
intentionally causes damage without authorization, to a protected
computer;

(7) with intent to extort from any person, firm, association,
educational institution, financial institution, government
entity, or other legal entity, any money or other thing of value,
transmits in interstate or foreign commerce any communication
containing any threat to cause damage to a protected computer; "

now IANAL, but this seems to make the following things terrorism:
1) Getting or transmitting any information that can be a threat to national security via computer (ie classified stuff)
2) Knowingly and intentionally doing damage to a computer system of at least $5000
3) Making and spreading viruses and computer worms
4) Threatening to do any of the above (within federal jurisdiction), with the intent to do it.

That's my interpretation, and it's probably wrong. I'm mainly posting this for easy reference.

Re:Somebody has to say it, but...

[sfe_software]

As others have said, the punishment should fit the crime. If you walk into a bank and (this is probably a bad example) physically steal a box of credit cards, you most certainly would not get life in prison. But intoduce a computer into the mix, and suddenly you are an evil "hacker" deserving life in prison.

Computer crime should be a crime; however, the punishment should be fair. You can kill someone and get potentially 20 years, sometimes less. Kill a man's credit rating, get life? (I wonder if temporary insanity would be a valid plea in computer crimes?)

It seems that every time the internet is mentioned, everyone goes nuts. See the PGP story from earlier for a prime example. See all the other stories regarding encryption back doors etc.

Regarding issues such as this, my opinion is that the "hacker" (or "cracker" to be more appropriate) should be *appropriately* punished, and the company who was broken into should be investigated. If it turns out the exploit could have been prevented (eg, a patch has been available, or poor security measures were used), they should be held liable as well. This will be especially important when Passport starts to become popular... if fear of a bad reputation doesn't push companies to establish solid security/privacy policies, maybe fear of legal action will.

Software companies/service providers have been getting away with EULAs that allow them to be negligent, relieving them of any responsibility whatsoever. This will have to change. No other industry is run like this...

NOT After Every Hacker

[dragons_flight]

There are only 4 computer related offenses that would be designated under the ATA as "Federal terrorism offenses". Of these 4, the first deals solely with stealing or communicating classified information. The second requires the hacking be used for monetary or material gain beyond just gaining unauthorized access to the computer (unless access is valued over $5000). The third requires that one intentionally cause damage (exceeding $5000, in most cases) to a protected computer, where "protected computer" means US Government, financial institutions, interstate and foreign commerce and communications. The last involves threatening a computer system for purposes of extortion.

This list hardly seems to encompass "most computer crimes". For instance merely accessing or stealing non-classified information is not a terrorist act. Nor does it include breaking encryption ala DMCA. Defacing websites is not a terrorist act unless the computer belongs to one of the above categories and changing the website results in nontrivial financial losses. Writing viruses/worms is not a terrorist act unless you intentionally use it in a way that damages "protected" computers. (From the wording, I wouldn't interpret this to include merely releasing it into the wild, but a judicial ruling would have to clarify that issue). The crimes they are signaling out are pretty significant stuff and not just any old act of hacking. Let's not further contribute to the FUD.


What follows are excerpts of the laws in question:

From The Anti-Terrorism Act of 2001 (Draft 2)
http://www.eff.org/Privacy/Surveillance/20010919_a ta_bill.html

Sec. 309: "...the term 'Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate...1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)..."

From US Code Title 18, Section 1030
http://www4.law.cornell.edu/uscode/18/1030.html

(a)(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

(a)(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

(a)(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(a)(7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section

Under the same Section, part (d)(e)(2) and (8): (2) the term "protected computer" means a computer -

• (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
• (B) which is used in interstate or foreign commerce or communication;

(8) the term "damage" means any impairment to the integrity or availability of data, a program, a system, or information, that -

• (A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals;
• (B) modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals;
• (C) causes physical injury to any person; or
• (D) threatens public health or safety;

Re:NOT After Every Hacker

[VivianC]

So tell me if I'm reading this wrong:

(a)(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

This section would make Napster users who downloaded copyrighted files terrorists? I know that the RIAA considers the songs to be something of value and the TOS of Napster specificly states that you are prohibited from trading copyrighted materials. So you have exceeded your authorized access to obtain something of value thus defrauding both Napster and the RIAA.

And if the law is allowed to be retroactive (in violation of ex post facto), then you have about a million terrorists from the height of the Napster days.

It may sound a bit far fetched, but the section is vauge enough to allow it and we've seen what companies can do with vauge laws.

Re:NOT After Every Hacker

[dragons_flight]

I excised the bit where they defined "computer":

"...the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device ..."

The song and the CD it is on are not data processing devices. Furthermore they certainly don't meet the standard of "protected computer" which refer to computers used by US Government, financial institutions, interstate and foreign commerce or communications. Also, remember people have granted you permission to access their computers via Napster, it's only the files that carry copyright protection. Breaking copyright is still a DMCA issue but I doubt you could apply any of the ATA terrorism provisions.

Ex post facto doesn't apply to extending statute of limitations. You aren't allowed to make something illegal retroactively, but you can change the punishments and way things are prosecuted when they were already illegal. Provided the person hasn't already been tried and sentenced (double jeopardy). Incidently, collecting DNA isn't a punishment, rather a law enforcement tool and thus neither argument applies against it.

Re:NOT After Every Hacker

[kreyg]

Well, when you put it that way, it's a little less terrifying...

Of course, the real questions are a) would this law have prevented terrorist activities and b) will it prevent future terroist activities?

I fail to see how stiff sentences are going to be a deterrent to the suicidal. Most of the commentary shortly after the WTC attack was to the effect that the U.S. had been focusing too much on high-tech terrorism, and that is why this attack slipped through. How does focusing even harder on technology help in this case?

I think this is a prime example of how legislation cannot solve every problem. Unfortunately, politicians need to make new laws to justify their existence, and the expectation of the population is that the politicians will make laws and then everything will be OK.

A lone voice cries out (OK, rants) too far down the thread to matter...

Oh well, it's not even my country, I'll survive for a while. :-)

Re:NOT After Every Hacker

[Rogerborg]

• The third requires that one intentionally cause [loss aggregating at least $5,000 in value during any 1-year period] to a protected computer, where "protected computer" means [...] interstate [...] communications. This list hardly seems to encompass "most computer crimes".

I believe case precedent allows companies to count cleanup and consultancy costs as "loss" for damage purposes, not just physical damage and loss of income. $5000 is chump change at specialist consultant rates, and this bill covers any machine that's sent or received a packet across state lines.

It is as bad as it looks. Why pass a bad law then rely on the courts to apply it reasonably? There's no need for it.

Re:Somebody has to say it, but...

[dragons_flight]

The part about giving advice only applies to advice given while knowing or intending that the knowledge be used to violate the law.

The ATA advice clause appends Title 18, Sec 2339A to include expert advice and training as criminally punishable aid and federal terrorism offenses as crimes applicable to this section.

Also the law only applies to relatively major crimes (with perhaps a couple provisos), for a discussion see my earlier post.

I don't think that's true about conspiracy...

[Ungrounded+Lightning]

If you talk to people about your plans to whack a goose, they can't convict you of conspiracy to commit goose-whacking because there's no law against conspiring to goose-whack.

I was under the impression that - at least back in the Vietnam Un-War era - there are/were blanket conspiracy statutes that made conspiracy to commit a crime (even a misdemeanor) a felony.

It was a particularly noxious law. In addition to upping the ante, it criminalized talking about a crime *without committing it*, and made hearsay admissible.

IANAL so maybe somebody who is can comment.

Re:Somebody has to say it, but...

[dragons_flight]

The ATA would allow life imprisonment as a possible punishment for some computer crimes, that doesn't mean it automatically gets applied. All other remedies still remain possible. In fact courts have a history of reducing punishments that are unduly harsh.

For a description of what those crimes actually are (as opposed to the article's FUD) see my earlier post.

Later folks!

[Squeeze+Truck]

I've been living and working in Japan this past year. I had been thinking about going back to the US and buying a house or some such.

Not after reading about this and the national ID card though. You all enjoy your fascist dictatorship. In the interests of myself and my family, I'm defecting -- to one of those "free" (as in speech) countries.

Re:Somebody has to say it, but...

[Squeeze+Truck]

now make hacking crimes retroactively punishable.

Isn't congress forbidden under the constitution to pass ex-post-facto legislation?

Ironic Terror

[fm6]

The irony is that he wants to fight assaults designed to change the purpose of government by changing laws in direct response to a terrorist attack.

There's nothing ironic about it. That's the way terrorism works. You don't think OBL murdered 6,000 people just for the fun of it? He did it to provoke a reaction. The bigger and nastier, the better. Which is probably why he waited for a Republican administration before launching this attack.

Re:Somebody has to say it, but...

[fishbowl]

> Say someone hax0rs an air traffic
> control system, do they deserve life
> imprisonment?

Yes, they do. For attempted murder, not for
computer crime. They should be tried and executed
or imprisoned for the crime, not for the means.

If we raise the computer crime to the level of a
capital offense, we DIMINISH the meaning of the
capital offenses we already have.

ex post facto law

[El]

Doesn't retroactively abolishing the statute of limitations violate Article 1, section 9 of the U.S. Constitution: "No bill of attainder or ex post facto Law shall be passed."

Does willfully acting to violate the U. S. Constitution make Ashcroft guilty of treason?

You made a typo.

[roystgnr]

So only attacks against state and financial institutions, and computers used for interstate or foreign commerce and communication can be deemed terrorism.

You've mixed up one of your logical operators, there; there's a big difference between "and" and "or". The correct operator is "or". As you quoted the first time:

which is used in interstate or foreign commerce or communication

Only computers used for interstate communication, huh? That would be everything that has an IP address...

Re:This about computer CRIMES, not hacking...

[defile]

A close friend of mine spent 6 months in prison after plea-bargaining his case because he committed the destructive act of electronic graffitti.

Oh, and he was treated as an adult even though he was 16 at the time. If the case had gone to trial, he faced 30 years imprisonment and probably a $1 million fine.

He still has to pay a $20,000 fine. He's 18 now.

Kids will be reckless fuckheads. It's a given. There's no reason they need to be imprisoned for life just because of some stupid thing they did that the victims won't remember in 3 weeks anyway.

The laws they're being punished with today seem to have been written with terrorists in mind. Making them even more severe is grounds for every American to practice their 2nd Ammendment rights.

Unauthorized Access == Terrorism

[werdna]

I have represented parties in civil lawsuits where CFAA violations have been pleaded as counterclaims. I am here to tell you that the courts have treated virtually ANY alleged unauthorized access of a computer as a CFAA violation that will be likely to survive a motion to dismiss and summary judgment. It is, to me, chilling that such naked allegations as "he wasn't supposed to do that" could be sufficient to put an individual away for life.

CFAA Applies TO EVERY COMPUTER

[werdna]

Indeed, only crackers who attack "protected systems" (meaning .gov and .mil boxen - not the d00d who hax0rz the average web site) appear to be in line to get their asses handed to them on a silver platter under this Act, and those provisions I can support. (Hell, those are about the only provisions I'd support ;-)

You are so wrong you can't believe it. The CFAA defines a "protected computer" to mean a computer that is used in interstate commerce. This means any computer connected to the internet or a modem.

I have litigated CFAA civil actions, and I am here to tell you that virtually ANY unauthorized access where virtually ANY valuable information is received, or where ANY valuable data is modified or changed is quite arguably sufficient to lay down a prima facie case.

This bill is as bad as you first thought it was.

Re:CFAA Applies TO EVERY COMPUTER

[Syberghost]

To support your post, werdna, I call everyone's attention once again to Randal Schwartz' felony conviction.

Under this act, he could have gotten life in jail for this, had they decided to go after him for federal violations instead of Oregon state.

Is that really the kind of power we want to hand to Ashcroft right now? Do we want some kid with brown skin and Muslim parents to get life in jail because he defaces a web page in protest of some government excess?

Or would we rather he get the kind of punishment he'd get if he'd defaced a meatspace billboard instead of a computer one?

What about spam?

[Polo]

How does this apply to:

open-relay abuse spam

I would think it would abolish it (for U.S. citizens)

Ex post facto

[Frank+T.+Lofaro+Jr.]

Isn't retroactively changing the statute of limitations an "ex post facto" law and hence unconstitutional?

Any laywers care to comment?

Re:Somebody has to say it, but...

[Frank+T.+Lofaro+Jr.]

Couldn't that be considered treason? That is punishable by DEATH (or life or any term of years).

Evidence of a social breakdown in the US?

[Futurepower(tm)]

Yes, the U.S. may be becoming a police state. Not only does the U.S. have at least three agencies that police the entire world, the NSA, the FBI, and the CIA, but the U.S. has the highest percentage of its citizens in prison of any country ever, in the history of the world.

Here are the official December 31, 2000 prison statistics from the U.S. Department of Justice. Sorry about the formatting. The lameness filter is lame. It won't let me post enough leading dots.

People in federal and state prisons... 1,312,354
People in local jails... 621,149
People on probation... 3,839,532
People on parole... 725,527


Total number of citizens... 6,498,562

The total population of the United States, projected to September 24, 2001 at 6:34:55 PM PDT is 285,218,008. Therefore, 2.3 percent of the entire U.S. population is in prison or involved with the criminal justice system. But remember, many of those are babies or children. About 3.1 percent of all adult U.S. citizens are in prison, jail, or on probation or parole.

An April 20, 2000 ABC News article, U.S. Prison Population Rising says that the percentage of growth of the U.S. prison population is rising.

There is other evidence of social breakdown: An August 19, 1998 BBC News article, The United States of murder, says that the city with the highest murder rate, Washington, D.C., has a murder rate 170 times higher than the city with the lowest murder rate, Brussels, Belgium. The nine U.S. cities in this study of murder rates all were in the list of the 12 cities with highest murder rate.

There is evidence that the secret agencies of the U.S. government and the weapons manufactureres have too much control: What should be the Response to Violence? .

Re:Evidence of a social breakdown in the US?

[someone247356]

Actually, I believe that the large numbers of people in prison is a direct result of the "War on Drugs".

If you look into those statistics you've quoted, I'm sure you'll notice that the largest proportion of inmates is in prison for NON-violent crimes. Specifically drug related. The current insanity has lead to pot smokers getting minimum 20 year sentences while killing someone while you were drunk driving may get you probation.

Obviously people have forgotten the lessons learned under prohibition. You remember that one don't you? We made alcohol illegal, even passed a constitutional amendment. What happened? Grandmothers became criminals, prison populations went up, and we provided the funding for the Mafia. We had to pass another constitutional amendment to undo the one we passed to make alcohol legal again.

Parallels anyone? How about pot, cocaine, etc. being illegal. Otherwise law abiding citizens are now criminals, prison populations going up, and we are funding the "Triads", "Columbia drug cartels", "Yakuza", "Jamaican posies", maybe even the "Mafia"

Now that we are treating "intellectual property" as real property, (Hint: it isn't) reading, writing, copying, learning are now criminal activities. Even more otherwise law-abiding citizens will be criminals, prison populations will grow even faster, life will generally suck more.

Oh, and I don't think that the "weapons manufactureres"[sic] have too much control. I don't think they have anything to do with it. If you gave every man and woman in the country a gun, I don't think that the murder rate would go up any, who knows, it along with other crimes might even go down.

Murder, theft, rape, physical property destruction, etc. should be crimes. Prostitution, gambling, smoking (tobacco, pot, etc.), doing other drugs (alcohol, cocaine, ecstasy), "intellectual property" misuse (if that's possible) shouldn't be.

Just my $0.02 (Canadian, before taxes)

Also, know what you are talking about

[dragons_flight]

The article that started all this is largely FUD, and a poor representation of the legislation being past. If you are going to write to Congress at least read the intelligent posts on this page, if not the legislation itself. Making statements which are factually wrong will more than likely cause them to dismiss the whole letter without considering your opinion.

If you look around at the other posts, you'd realize these modifications only applies to 4 of the more severe computer crimes for which we have laws (though one can be legitimately concerned about stretching them to cover less serious crime than what were intended). Also it allows life sentences to be applied but it doesn't mandate them, and any applicable lesser sentence can also still stand. Ex Post Facto doesn't apply because it's not making things illegal retroactively, only removing the time limits on how soon actions that were already illegal can get prosecuted.

Finally, remember that the computer provisions are only a small part of ATA, and I for one don't mind tougher rules for kidnapping congressmen or attacking nuclear power plants, etc. Know what you are upset about and have good reasons why.

Re:Also, know what you are talking about

[samantha]

Precisely what parts do you consider FUD? Terrorism is not well defined in the proposal (not legislation yet thank God). Computer crimes are mentioned but not well enough delimited for me to fee very safe. Whatever is able to be called terrorism now or in the future is proposed to be prosecuted with no statue of limitations and precious little judicial review or due process. Do you deny any/all of these allegations or are there specifics you believe are hunky-dory?

What other posts? Quote the original relevant material and some credible interpreters of it. There is nothing in the proposal that serves to limit expanding what is to be terrorism. That is one of the most frightening aspects of it. Even more dangerously, what aiding and abetting "terrorists" does and does not mean is also not defined. So what do we do? Pass this blank check and wait for case law to define what it does and doesn't mean?

In this country we spend many months scrutinizing what kind of sex a President did or did not have in the oval office yet we are asked to run a blank check like this potentially impacting all of our freedoms through Congress in a week? Does anyone actually believe that what is proposed will make an extremely short term difference in stopping terrorism? No? Then why not scrutinize this proposal and its repurcussions for at least a month or more? I think our freedom is worth that little bit of extra care.

Don't you?

Re:Also, know what you are talking about

[dragons_flight]

Terrorism is well defined as any of the already existing crimes listed under section ATA Sec. 309.

To know what those crimes are you would have to reference the original legislation that made them crimes. I discuss the computer crimes in this post. To expand terrorism statutes would require additional laws, not just a drop of the hat.

That advice clause of ATA refers to the Sec. 306 modifications of US Title 18, Section 2339A which makes giving "expert advice" or "training" illegal if done so with the "knowledge or intent" that this information be used in a terrorism offense. There is no culpability if you believe that your advice is being used for legitimate purposes.

Actually it does contain provisions to allow one to continue holding foreign nationals believed to be associated with terrorism, which is immediately relevant. But for the most part, okay lets review the thing for a while. Sure. Sometimes I think the government would be well served if they offered interpretation of proposed law, so people didn't make stupid conclusions about it before they could argue where the intended interpretation disagreed with the letter of the law.

Re:Somebody has to say it, but...

[Velox_SwiftFox]

"I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."

My brain is an organic computer.

Where do I file charges against John Ashcroft for assaulting my intelligence?

What's Ashcroft really saying here?

[Velox_SwiftFox]

Well, let's analyze what Ashcroft is doing.

He's conflating vandalism ("willful or malicious destruction or defacement of public or private property") with major violent crime by using the term "assault" in other than its normal legal sense - a threat or attempt to inflict offensive physical contact or bodily harm on a person (as by lifting a fist in a threatening manner) that puts the person in immediate danger of or in apprehension of such harm or contact.

In effect he's raising the status of a collection of hardware and software to the legal status of a person, if not trying to imbue it with human emotions.

In other words, he's making a total ass of himself. Let us strive to prevent him from doing the same to the legal code, shall we?

Re:Ask ex-cops....

[Velox_SwiftFox]

Ironically, A.G. John Ashcroft seems to be opposed to this particular law, according to this article at The Center to Prevent Handgun Violence.

What more is there to say about a U.S. Attorney General who is more concerned about web pages being defaced than people being blown away by firearms, in the hands of convicted criminals and others who've been judged a danger by the courts?

Shifting blame

[Animats]

All this looks like an attempt by Ashcroft to shift the blame for the FBI's failure to prevent terrorism. Remember, the FBI was under heavy criticism for dropping the ball in some important cases.

Whistleblower protection with real teeth would be more effective in cleaning up inept government agencies. So would giving the federal Inspectors General the power to fire Federal employees. But no, Ashcroft's not asking for that.

We're not terrorists..

[defile]

..but passing this bill will turn us into terrorists.

I wonder how many other terrorist groups started out like this. It really puts things into perspective.

In retrospect, it's so obvious that we're becoming society's new scapegoat. Amazingly, some people have held that belief all along (Emmanuel Goldstein, since about 1985)

Re:Somebody has to say it, but...

[kilgore_47]

good argument, but the bill in question is specific about electronic devices.

Re:Somebody has to say it, but...

[Wansu]

And projects like mozilla.org that have sections on "hacking the code" will become villified for contributing to terrorism. Welcome to the witch-hunts; i'm finding a new line of fucking work.

Yep, it looks as though the bean counters, bureaucrats and politicians have finally gotten a hold on the internet and technology. That's a sign that it has matured. It's less fun, less of a frontier and more of an institution. The people pushing this are fearful of change and of uncertainty. They seek to eliminate both at their source. In the short term, that will boost corporate profits. In the long run it will stifle innovation. It's a cheap shot to use the WTC attack as a justification for doing this.

Re:Somebody has to say it, but...

[IronChef]

...until some other crime is committed, there was no victim of simply stealing the numbers.

And if I drive home drunk and get away with it, what's the harm?

But giving advice about murder is not illegal

[Gorimek]

But this law specifically makes giving hacking advice illegal, and classes it as terrorism. I don't think there is a similar law for murder.

Listen Up, Speak Up, Act up

[samantha]

This stuff is extremely dangerous. While the country is reeling from 9/11 Ashcroft and company are seeking to do an end run around due process, legislative considerations, the Bill of Rights and, potentially, the freedom and security of all of us. What does "terrorism" mean? Why, it means whatever Ashcroft and company say it means this week, or next week or next year. And of course all future definitions are retroactively effective. This week it covers amorphously "computer crimes" which we all know are so well defined there is no confusion there right? Anything and everything any of us geeks/nerds do is, or will be if this or that bill is passed, a "computer crime". If you somehow manage to escape the ever-broadening net of what is a computer crime and therefore "terrorism" then you better be real careful of who you trade code with or date or give tips to before you are accused of aiding and abetting a terrorist!

These people aren't fooling around. They can take everything you own and lock you up for as long as they wish by this proposal without even necessarily charging you!

Please, PLEASE pay attention and do what you can to fight this now while you still have the ability to do so. At this rate it will not be so easy very shortly.

Call your congress critters. Write editorials. Inform your friends. Demonstrate. Support any/all organizations fighting this before they get accused of aiding and abetting terrorists!

The time for vigilance is NOW.

Re:Why shouldn't hacking be considered terrorism?

[IronChef]

Wow, that "IIS" sounds fantastic, since I need an elegant industry-standard application platform. Do you have any brochures?

Re:Somebody has to say it, but...

[Velox_SwiftFox]

Interesting point. So it's still legal to break into any optical computer that may be developed, evidently.

Seriously, "assault" is an absurd concept to apply to a machine. Vandalism, certainly.

(Deep sigh)

[Kasreyn]

Is anyone else getting this feeling of being overwhelmed by sadness and pity? I'm a U.S. citizen, watching laws be considered that would have made the Brown Shirts proud. I'm a compassionate human being who was horrified by the terrible violence brought home, not only to my country, but to close friends of mine in NYC.

But nothing horrifies and saddens me more than seeing such laws even be CONSIDERED in the United States of America. In the U.S. I grew up believing in, the Land of the Free and the Home of the Brave, such a law would have been laughed right out of the Capitol building. In the america I grew up believing in, Patrick Henry was one of our heroes, with his fiery "Give me liberty or give me death!" We even have a state whose motto is an even more extreme, "Live free or die!" And then at the slightest fear, at the slightest hint that the price of all this freedom - death, of course - might actually have to be paid, and these Free, Brave americans roll over like mewling puppies and - beg! - for the shackles to be applied. These horrible feats of mislegislation and unconstitutionality are not being forced through against opposition, they're tripping over themselves to write it because Americans are screaming for it.

So I don't know which I'm more ashamed of. Egotistical men with no understanding of their own margin of error, recklessly wielding powers they neither deserve nor understand. Or the people who are meekly letting them do it, because they're too afraid to stand up like men and retain their freedom. I'm going to bed now, and if I could cry I would. I'm just too appalled.

-Kasreyn

discover a LAN, go to JAIL

[TheGratefulNet]

could it ever get to that?

I work in the network management industry. we like to draw maps of networks (sometimes in pretty pictures).

its a frequent technique that you ping a whole subnet (or network range) to discover which boxes are alive, maybe which services run on each box, etc. to do this, you probe.

you might do a slight portscan by trying to discover if the box is a host or a router (or whatever). you may even do this in net.ranges that may or may not belong to you (perhaps you might overlap since you might be thinking of class-c when in fact, its subnetted larger or smaller than that and you didn't know that).

so if I discover a network (again, a fairly typical thing to do in the netmgt field) and I happen to set off some alarms, and someone gets overzealous, could I end up being "bubba's bitch in the big-house" for life?

doesn't the conceivable abuse of this law seem totally shocking to anyone in the computer industry?

Re:discover a LAN, go to JAIL

[TheGratefulNet]

I found this text (from 1030(a)(1), (a)(4), (a)(5)(A)):

(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

so, does this also mean that if I happen to ping some windows box and maybe it crashes when I ping it (that doesn't surprise me, does it surprise you?), and that windows box belongs to some whitehouse bigwig, am I now a terrorist?

Re:Terrorism only applies to "protected computers"

[Cederic]

>> interstate or foreign commerce or communication

I'm reading Slashdot from the UK. So there's foreign communication going on. If someone hacks Slashdot, they have hacked a protected computer.

See also: Microsoft

Re:Somebody has to say it, but...

[biglig2]

I read an interesting statistic the other day, in the UK there's about £270,000,000 of credit-card fraud a year, of which only £7,000,000 happens without someone physically presenting a card in a shop - i.e. that 7 mil includes not just all the internet fraud but all the stuff on the telephone as well.

Of course this is all well known. Best way to hack into a network? Get a job there as a Janitor and find a computer that wasn't logged out of.

Anyhow, criminal Laws can be divided into two categories, I've always though:
Laws that prohibit things that are bad.
Laws that might make it easier to enforce the former laws.

So, killing people is bad, so it's illegal.
Owning a gun isn't bad, but making that illegal is believed to make it easier to enforce the killing people law.

Copyright theft is bad. Being able to back-up an acrobat document isn't bad, and in Russia is actually a right, but DCMA is supposed ot mkae it easier to enforce the "no stealing copyright materials" law.

They are after *Every* Hacker

[IIH]

The third requires that one intentionally cause damage (exceeding $5000, in most cases) to a protected computer, where "protected computer" means US Government, financial institutions, interstate and foreign commerce and communications.

Emphasis mine. In other words, a "protected computer" is any computer on the internet worldwide. Every computer on the internet is "used in interstate communication", isn't it?

Defacing websites is not a terrorist act unless the computer belongs to one of the above categories

Can you list any web site that *doesn't* belong in the "protected computer" category as outlined above?

Also, that under this act it won't be "defacing a web site", with the overtones of "graffati", it will now be defined as "attacking a protected computer", with the overtones of "terrorism".

It's all about perception in the public eye, the ordinary person will hear "attacked a protected computer", gasp, and call for a severe punishment, even if he has no idea what the wrongdoing entailed.

My letter to my congressmen

[wurp]

Sen. Phil Gramm,
Sen. Kay Bailey Hutchison,
Rep. Joe Barton,

A second attack on the freedoms of Americans is happening right now, and you're on the front lines. Please help defend my freedom.

I know that times like these compel one to try to do something about it, to fight for our freedoms and security. I can only assume that this urge is what is driving the current push for laws that ostensibly increase our national security, but in fact restrict our freedoms without measurable increase in security.

You are doing more than your fair share to fight for the American way if you resist the urge to pass oppressive laws in a time of crisis. Please don't let national law be driven by current events. The strength of our nation lies in the freedom it grants its citizens, not the power of the government to control those citizens.

That said, I would like to list some laws which I believe are currently under consideration, and which I feel gravely impact the freedoms on which America is founded.

1) The Mobilization Against Terrorism Act a.k.a. Anti-Terrorism Act proposed by Attorney General Ashcroft. If I understand this bill correctly, it would for example treat computerized graffiti (defacing a governmental web page) as an act of terrorism punishable by life in prison. While defacing government property is obviously a crime, there are already laws on the books with reasonable punishments for these crimes. This bill also appears to violate our ex post facto protections granted by Article I, Section 9 of the Constitution.

2) Amendment S.A. 1562 of H.R. 2500, the Combating Terrorism Act, sections 816, 832, 833 and 834. This bill appears to grant broad rights to government agencies regarding computerized wire taps. There are already mechanisms for obtaining the right to a wire tap (warrants). I feel this act is an abridgement of our fourth amendment protections against unreasonable search and seizure.

3) The draft Public Safety and Cyber Security Enhancement Act (PSCSEA). Restrictions on cryptography can only hurt legitimate uses, never criminal or terroristic uses. Cryptographic algorithms are well known and software providing strong encryption is easily obtainable, regardless of US law. If its use is criminalized, will that stop criminals from using it? Also, encrypted communications can NOT be identified if the communicating parties use commonly known methods of steganography. The kind of messages that terrorists would send back and forth could easily be hidden undetectably in any public internet forum, video stream, photograph, sound or other file. Criminalizing encryption will only restrict law abiding citizens from protecting personal and financial information.

4) The draft legislation titled "Security Systems Standards and Certification Act" (SSSCA). This law grants unprecented rights to intellectual property holders (including virtually eliminating Fair Use rights, first sale doctrine, and public domain rights). At the same time, it increases the cost of all computer systems and eliminates an entire computing industry founded on openness and freedom. (There is publically available software which allows one to operate a computer while legally paying no license fees. This software and any like it would be untenable since anyone could alter the program to disable the copy protections required under the SSSCA. This software (Linux) is an incredible boon to students, non-profit organizations, and low income users everywhere.)

I am a computer software developer. Intellectual property is my livelihood. Please follow the guidelines given by the founding fathers in our Constitution with respect to IP. The limited monopoly on intellectual property is a sacrifice we make to satisfy the real goal.

From the US Constitution: "To promote the progress of science and useful arts by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries." The goal of intellectual property rights is to promote the progress of science and useful arts, not to guarantee income in perpetuity.

How you vote affects how I vote. Please help protect the freedom of American citizens.

Regards,
Bobby Martin
CEO NavTools Inc.

Here is a list of articles further enumerating the concerns about current legistlation:
http://www.securityfocus.com/news/257
http://www.aclu.org/action/liberty107.html
http://www.politechbot.com/docs/hollings.090701. ht ml
http://www.eff.org/alerts/20010921_eff_wiretap_a le rt.html

Re:Somebody has to say it, but...

[Rogerborg]

• The ATA would allow life imprisonment as a possible punishment for some computer crimes, that doesn't mean it automatically gets applied

Sure, and while we're at it, let's do away with all those confusing "assault", "aggravated assault", "manslaughter" and "murder" distinctions, and just have one charge of "violence" with a maximum sentence of life. After all, it's far too hard for elected legislators to have to deal with these issues. Far better to leave it to unelected judges who don't have to whore for votes every four years.

Terrorism?

[Richard_at_work]

Hold on, im in no way an expert on this, but isnt what this bloke Ashcroft is doing actually terrorism in itsself? I mean, reading a lot of posts on /. makes the under lying fear of those people making the posts widely seeable. A lot of people are actually afraid of this law, so isnt that terrorism? If not then how are we defining terrorism? And dont go and sya its different because only those who break the laws have to be afraid, i think by now that laws designed for one purpose can easily be made to fit all other purposes :/ Makes ya think doesnt it?

Attrctive nusience

[budgenator]

If you tape razor blades to the bottom of your car stereo, and someone breaks in and cuts him finger when stealing it you've broken the law in most place i.e. attractive nuscience laws. therefore if you use windoze are you guilty?
Seriously this had to happen, just look at your sever logs over the past month. I guess that this will prevent us from using an active defense on our machines. I was wondering what would happen if an request for defualt.ida fired a counter-attack script, now I know I go to jail for life!

Ashcroft arrested

[Hard_Code]

"I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."

Immediately after the bill was passed Ashcroft was arrested under terrorist charges under the very same bill, for "changing the purpose of government".

Re:Somebody has to say it, but...

[SnapShot]

So, unfortunately, I guess that spamming is not going to be considered a terrorist act since it is done for financial gain? Damn, Ashcroft could have actually accomplished something useful here.

On a more serious note, I'm really worried about that first high school student who installs SETI@Home in the school computer lab who spends the rest of his life in jail because some clueless school administrator thinks that qualifies as "hacking".

Re:Somebody has to say it, but...

[frknfrk]

I think I will become a monk somewhere

as long as you are talking about becoming a perl monk, that's cool :)

-sam

Re:Nobody has to say it, but...

[Shotgun]

At one point, people laughed at the idea of outlawing a weed that grew naturally and profusely along the Potomac river (the one that runs through Washington, DC, America's capital, for the non-US and geographically challenged amoung us).

After a few years and a media blitz to create some uninformed public hysteria, workers were sent out to eradicate the weed, marijauna (notice the Spanish/Mexican pronunciation of the 'j' and try to guess who the real targets of the law were), and so began America's war on drugs. We still have laws and demonic misconceptions about a weed that produces a mild hallucagenic (sp?) that is no worse than alchohol, with people that the powers that be don't like going to jail for possessing.

Don't ever believe for one second that idiots and their laws will go away without a hard and sustained fight. Ashcroft, like most other leaders, is a meglomaniac. He believes that the world can be made safe if only he were allowed to be in controll. It's not that he is evil, it's just that he has an idea of what the world should be like, and he is motivated to make it that way. Unfortunately, the Taliban and BinLaden also have a vision and motivation. The only things seperating the two are our elected representatives, our right to be heard before laws are made, and our right to have our cases heard before a panel of our peers. These sort of laws attempt to make an end run around these protections.

This wouldn't be so bad if...

[Guppy06]

... they just got around to calling unsolicited e-mail an electronic attack (which I feel it is). I wouldn't mind having the Feds kick down doors and drag off the people that keep flooding my mailbox with e-mails they pretend I asked for.

What Next?

[warp+tek]

I can see it now, the next set of anti-terrorist laws requiring a big brother program on all computers in the US. One where if you download a mp3 file off the internet or visit a hackers web site you'll get a message like this, "You have broken the US Anti-terrorist laws, an Anti-terrorist task force is being notified at this time. Please wait at this computer until they come and pick you up, any attempted to escape will be meet will extreme force. Thank you and have a nice day :) and remember big brother is always watching you." Boy I feel safer already.

Re:Somebody has to say it, but...

[aozilla]

All it takes to show "intent to distribute" is whatever the agents/judge think is more than one person can consume...

What is your argument here, that someone who doesn't have intent to distribute will be considered by a judge to have it? Show me one single case of an individual who spent a single day in jail over federal drug charges without distributing those drugs. Let alone life.

I don't agree with this nation's drugs laws, but they're simply not used to infringe upon your right to cultivate and consume cannibus in the privacy of your home without interference from the federal government. The constitution is cut and dry on this issue, the federal government does not have jurisdiction.

Further, I doubt there was ever a case where an individual spent life in prison based on state law for the private home cultivation and consumption of cannibus. Sure, it's technically illegal in some states, but so is doing 56 miles per hour in a 55 mile per hour zone. Hell, you could go to jail for failure to pay use tax on your internet purchases. Doesn't mean anyone ever has, or ever will.

I fully support repealing all drug laws on all levels of government. In fact, if I happened to live in one of those states which had jail time for personal home cultivation and consumption I'd be working on its repeal. But anyone who tries to tell you that you could spend life in federal prison over the private cultivation is simply pushing an agenda which I support through lies which I don't support.

Re:Somebody has to say it, but...

[kilgore_47]

...It's a good example of people who broke a law because they wanted to get toasted...very little else. (The occasional "medical" case...) So many pro drug people make them sound like victim saints, and they occasionally need a reality check. I broke the law...I was prosecuted...I am a victim....right. It's not a hard law not to break folks...it's not like jaywalking or something. If you need it so bad that you can't wait until a legalization effort reaches a conclusion, and risk so much, then you've already made their point that you have a problem.

Why shouldn't people "get toasted"? Hows it hurting anyone else? It's a bad law! It was written in a different time (for different reasons, too, if you want to go into those...) and should be changed. Why should my tax dollars pay for thousands (probably millions) of people to be jailed for something I don't see as a crime? These people are in jail because they got caught doing something I do on a regular basis. Pot is less harmfull to your health than liquor, and doesn't lead to domestic violence. It leads to sitting around grinning. Whats the harm in that? You tell me why I shouldn't be allowed a bongrip after a long day a work! Now onto your next insight...

If the government hurts the people, their rage will shift to the government. They aren't stupid docile animals

Sadly, many people are stupid docile animals. You, for example, sugest that people who enjoy pot should "wait until a legalization effort reaches a conclusion". People accross america with that same mindset will happily bend over when GWB asks them to "sacrifice a little freedom". And you'll probably respond to this post and tell me marijuna is bad because "its the law". Are you sure people aren't stupid docile animals?

Re:Yes they are ! Re:NOT After Every Hacker

[dragons_flight]

monetary or material gain to me != loss to the company. There is plenty of precedent for costing the company large amounts of money without any personal gain.

Schartz was tried under Oregon law not US, and without knowing more, I would doubt that attacking an internal network would meet the standard of "protected computer" which applies to (a)(4) as well as (a)(5)(A), although I didn't mention it in my summary. Secondly it's not clear that Schartz gained anything of value to him for what he did? If you wanted to attack him as terrorist I'd guarantee you a much harder case than the easy Oregon law.

You are confusing (a)(4) which deals with only my gains, with (a)(5)(A) which can deal with your losses. I'd dare say I could challenge your $5000 figure and the fact that your server at home qualifies as a "protected computer". Oh an also note that the damages only count intentional losses, losses dealing with unintentional/reckless acts fall under (a)(5)(B,C) which are not terrorist statutes. If you want to prosecute me for attacking you then there are other non-terrorism laws that make more sense and would be easier for you to win in court.

Re:This about computer CRIMES, not hacking...

[defile]

Computer intrusion can be a serious matter, but not all computer intrusions are serious matters.

Paraphrasing another post: I hack an air traffic control system and use it to crash an airplane into a heavily populated area. Thousands die. I can think of a large number of laws on the books right now that would put this person away for life, without ever going into computer crime laws.

Tougher computer crime legislation will do absolutely nothing to prosecute the guilty and only make life difficult for people committing harmless offenses, or even people who are completely innocent.

If someone breaks into someone else's computer, you prosecute them on the actual crimes they've commited, not just the act of breaking in. A kid spray paints his tag on a wall and he gets what? A fine? Community service? A kid defaces a web site and he faces years in federal prison sharing cells with rapists and child molestors who will get out before he does. Give me a break.

Re:Somebody has to say it, but...

[kilgore_47]

I never said it was a GOOD law...please...quote where I said that? Don't get overdefensive there...go have a "bongrip" and calm down. I am not going to defend things I didn't say.

No, you didn't say it was a good law. But you critsized people for breaking that law, and sugested they stop. This could either mean you (a) agree with the law, or (b) think people should be docile and do what they are told even if the law sucks.

I am kinda puzzled as to why you are still on the pot issue, as my second and third statements had exactly nothing to do with it.
Because it is an excellent example of citizens being docile in regard to losing their liberties, and that has very much to do with your comments.

My own views on it are definitely not what you would find favorable, but I can debate that subject with more arguments than just saying that it's against the law.
You say you can but you don't. The only solid argument you can make on the pot issue is "its the law". You mock people who are prosecuted under this law (" I broke the law...I was prosecuted...I am a victim....right.") but you can't give a good reason the law exists in the first place! Make your argument. I want to hear it!

Well...my take on it, is that there is a RIGHT way to approach a problem, and a wrong way. The wrong way to approaching the drug debate is by just doing them all over the place anyway, and then crying "victim" when you get caught. Actually..."sitting around grinning" seems to be a pretty docile approach...

I agree those who smoke "all over the place" are taking unneeded risks. I smoke in the comfort of my home. But people should be able to sit down in the park and have a puff! What happened to the pursuit of happiness?

Pot is ilegal for a number of reasons, but one of the biggest is taxation. If pot was legal, people could grow it all over the place (it's not called 'weed' for nothing!). Liquor and Tobacco can't be so eaisily produced, so most consumers purchase those items through traditional means. As such, they pay taxes on it! Pot is so easy to grow, it would be much harder to tax.

This is another law that is to the advantage of government, not the people being governed.

Re:The answer is simple

[Laplace]

Have you looked at the case? Randall was violating Intel security policies. Intel said "stop it right now, please." Randall said "ok," the proceeded to continue violating the policies. Intel hit him hard. They were kind the first time. They weren't the second time. What more do you want?

Impeach Bush?

[a9]

If he attempts to violate the constitution?