Slashdot Mirror
Hackers are 'Terrorists' Under Ashcroft's New Act
Carlos writes "Most computer crimes are considered acts of terrorism under John Ashcroft's proposed 'Anti-Terrorism Act,' according to this story on SecurityFocus. The Act would abolish the statute of limitations for computer crime, retroactively, force convicted hackers to give the government DNA samples for a special federal database, and increase the maximum sentence for computer intrusion to life in prison. Harboring or providing advice to a hacker would be terrorism as well. This is on top of the expanded surveillance powers already reported on. The bill could be passed as early as this week. I feel safer already."
Damn, we /.'ed the securityfocus server... that's a DOS attack, isn't it?
Quick, smash your DSL modems, clear your logs, and run for the hills before the Feds arrive!
Providing advice to a Hacker == criminal offense? Doesn't legal counsel count as advice? Isn't that protected under the 5th ammendment?
I am !amused.
All it takes is one bad customer relationship to cause a false accusation...
jeremiah cornelius
"Flyin' in just a sweet place,
Never been known to fail..."
Why in the world would they need DNA. I am pretty sure that no where in the specs for DNS or IPv4 is it required that my genome sequence be part of the string being sent out.
So, who wants to take bets that the RIAA get's copyright violaters termed as hackers?
Papa Legba come and open the gate
I don't mind increase survelance powers in order to fight terrorism. However, scrawling "I love you Crystal" or some such on some web page is not terrorism.
This thing needs to at least be tempered by a clause which adds or defines criminal intent. That is, if hacking is done with the intent to destroy or disable the United States government and/or make actual acts of terrorism (such as blowing people up) easier, then throw the bastards in jail. But defacing some web site doesn't harm the United States government; it's just annoying as hell. And annoying doesn't deserve life in prison without the possibility of parole--especially since actually killing someone is what I would consider slightly more annoying, yet many types of murder don't get anywhere near life.
I don't know much about how this bill would be interpreted were it to come to law, but it seems to me that making security bugs known to the general public could be construed as giving advice to a hacker since, well, it alerts the general public to security problems.
This is a perversion of what Ashcroft requested. Hackers who attempt to disrupt key systems that are vital to protecting human life, for example the FAA's radar systems, are terrorists. And they are.
-- "The best way to predict the future is to invent it."
Break into their computer, and you're instantly labelled a terrorist. Think there's any chance you'll get much less than the maximum penalty of life? Hell, my high school once informally accused me of piracy (which, incidentally, I was not guilty of) just on the basis that I knew enough and therefore could have done it. If there's anything that makes people paranoid, it's hearing that the Big Bad Hacker is right outside their computer's door.
Fair, no?
who are the victims?
stop and think.
if someone commits credit card fraud with said stolen numbers, then we know who the victim is. but we already have a law for that. until some other crime is committed, there was no victim of simply stealing the numbers.
just because a computer was used to commit the crime, it doesn't mean the crime is somehow worse than the same thing done without a computer. theft is theft, and should be treated as such. it's not like we have separate murder laws for guns vs knives...
This act and the DMCA are eerily similar. Both seek to address particular historical circumstances and events (e.g. Napster, terrorist attacks). Both sets of circumstances are genuinely complex and problematic. And, in both cases, there were already perfectly adequate laws more general laws which address the particular situation. We already have laws to address copyright violation, and we already have laws to convict violent criminals, spies, and yes...even hackers.
The DMCA and all these supposedly anti-terrorist laws, past and present, take a terribly backward approach to lawmaking. The best laws, like the best software, succeed on minimality and generality. Witness the excellent US constitution, which has been extremely effective considering how long it's been around. The constitution uses very broad terms -- "life", "property", "punishment", "vote" -- and very few specific terms. (Some parts are quite specific, like the quartering of soldiers bit. They seem very quaint now.)
Laws, like software, tend to break if they are designed in specificity but used in generality. The trouble with these new laws is that they create all kinds of special cases and extra circumstances designed for a particular moment in history, which we'll have to support for decades or even centuries. The new terrorist laws, in a way, are like the 640k RAM limit -- they seem good enough for now, but in the future, they'll cripple and break all kinds of things.
The difference is, in this case, it is our fundamental freedoms that are being to get crippled and broken. As always, please please please call your representatives and give them a piece of your mind. They are under a lot of pressure right now, and they need to hear from sensible people.
Basically, if this were to be passed, it would tell the public that cracking/hacking is considered to be worse than murder. They even go so far as to say that giving advice to a cracker/hacker can yield life in prison! Is it just me, or is something seriously wrong here? I could go off and murder somone and receive less of a punishment than someone who defaced a website, resulting in a few hours of repairs by the administrator and the fixing of a securty hole. I'm sorry, but that's just not right.
20 January 2017: the End of an Error.
Computer crime should be a crime.
But it already *is* a crime. The question is what is a just response to computer crimes. Some things which are *not* just:
- Sentencing someone to lifetime imprisonment without possibility of parole for a simple computer crime. Remember, if the crime really warranted such a sentence--for example, cracking air traffic control and causing planes to crash into each other; cracking a CIA computer and stealing national secrets--then the criminal would already be liable for serious punishment under existing laws--murder and espionage, in these cases.
- Retroactively eliminating the statute of limitations, allowing people to now be charged with computer "crimes" they committed decades ago.
What's even worse is the provision that giving advice or information which may be used to facilitate computer crimes is not only criminalized but subject to the same penalties.To put it another way, if this law passes then someone could be given life in prison without parole for documenting vulnerabilities which allow systems to be compromised by a cracker or a worm. Indeed, it isn't clear that, with the removal of the statute of limitations, they couldn't charge the people documented the vulnerabilities responsible for eg. Code Red or Nimda under this law.
This provision is like the anti-circumvention provision of the DMCA writ large. Whereas at least the DMCA only applies to access-control restrictions on copyrighted material, this law could potentially make all discussion of any vulnerabilities which allow systems or information to be compromised illegal.
These provisions are so utterly preposterous and out of proportion to the crimes (or so-called crimes) discussed as to boggle the mind.
Actually, criminal statutes have to be pretty explicit. You can't convict someone of a crime unless it's on the books. If goose-whacking is a crime, and you try but fail to whack a goose, they can't convict you of attempted goose-whacking, because there's no law against attempted goose-whacking. If you talk to people about your plans to whack a goose, they can't convict you of conspiracy to commit goose-whacking because there's no law against conspiring to goose-whack.
Naturally, it takes a politically-connected DA about a month to remedy the situation, particularly if goose-whackers are a mostly misunderstood minority...
How about growing marijuana?
That is an excellent example of a victimless "crime" that numerous goodhearted American people are rotting in jail for right now.
Ashcroft's new proposals, though, go far beyond making computer-crime 'crime'. It already is. What he's doing is making it terrorism. People could be jailed for life for the electronic equivilent of graffitti.
"I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."
The irony is that he wants to fight assaults designed to change the purpose of government by changing laws in direct response to a terrorist attack.
The long-term damage from the terror attacks will come from our leaders as they exploit public rage to slip new crap like this into federal law.
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
Anyone making life easier for a "hacker" (cracker) could be sentenced to life without parole?
Bill Gates had better pack his bags now! ("... the most cigarettes.")
Stupid job ads, weird spam, occasional insight at
I propose a new Constitutional amendment. The Three-Constitutional Strikes And You're Out amendment. If an elected official votes for three laws that are later found unconstitutional (no statue of limitation, applied retroactively), they are kicked out of office and barred from all government work for life. These people are supposed to know what they are doing and have no fucking excuse for voting for unconstitutional laws.
-- Will program for bandwidth
Testifying before the House Judiciary Committee, Ashcroft defended the proposal's definition of terrorism. "I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."
Seems like this bill needs to be broadened to include itself and John Ashcroft, both of whom seem hell-bent on changing the purpose of government.
Edith Keeler Must Die
Judiciary Committee List
Name, party, state, phone, fax, e-mail.
James Sensenbrenner, Chair, R-WI, (202) 225-5101,(202) 225-3190,sensen09@mail.house.gov
Henry Hyde, R-IL, (202) 225-4561, (202) 225-1166.
John Conyers Jr., D-MI, (202) 225-5126, (202) 225-0072,john.conyers@mail.house.gov
George Gekas, R-PA, (202) 225-4315, (202) 225-8440, askgeorge@mail.house.gov
Barney Frank, D-MA, (202) 225-5931, (202) 225-0182
Howard Coble, R-NC, (202) 225-3065, (202) 225-8611, howard.coble@mail.house.gov
Howard Berman, D-CA, (202) 225-4695, (202) 225-3196,Howard.Berman@mail.house.gov
Lamar Smith, R-TX, (202) 225-4236, (202) 225-8628
Rick Boucher, D-VA, (202) 225-3861, (202) 225-0442,ninthnet@mail.house.gov
Elton Gallegly, R-CA, (202) 225-5811, (202) 225-1100
Jerrold Nadler, D-NY, (202) 225-5635, (202) 225-6923, jerrold.nadler@mail.house.gov
Bob Goodlatte, R-VA, (202) 225-5431, (202) 225-9681,talk2bob@mail.house.gov
Bobby Scott, D-VA, (202) 225-8351, (202) 225-8354
Steve Chabot, R-OH, (202) 225-2216, (202) 225-3012
Mel Watt, D-NC, (202) 225-1510, (202) 225-1512, nc12.public@mail.house.gov
Bob Barr, R-GA, (202) 225-2931, (202) 225-2944, barr.ga@mail.house.gov
Zoe Lofgren, D-CA, (202) 225-3072, (202) 225-3336, zoe@lofgren.house.gov
William Jenkins, R-TN, (202) 225-6356, (202) 225-5714
Sheila Jackson Lee, D-TX, (202) 225-3816, (202)225-3317, tx18@lee.house.gov
Christopher Cannon, R-UT, (202) 225-7751, (202)225-5629, cannon.ut03@mail.house.gov
Maxine Waters, D-CA, (202) 225-2201, (202) 225-7854
Lindsey Graham, R-SC, (202) 225-5301, (202) 225-3216
Marty Meehan, D-MA, (202) 225-3411, (202) 226-0771, martin.meehan@mail.house.gov
Spencer Bachus, R-AL, (202) 225-4921, (202) 225-2082
William Delahunt, D-MA, (202) 225-3111, (202)225-5658, william.delahunt@mail.house.gov
John Hostettler, R-IA, (202) 225-4636, (202)225-3284, john.hostettler@mail.house.gov
Robert Wexler, D-FL, (202) 225-3001, (202) 225-5974
Mark Green, R-WI, (202) 225-5665, (202) 225-5729, mark.green@mail.house.gov
Tammy Baldwin, D-W, (202) 225-2906, (202) 225-6942, tammy.baldwin@mail.house.gov
Ric Keller, R-FL, (202) 225-2176, (202) 225-0999
Anthony David Weiner, D-NY, (202) 225-6616, (202)226-7253
Darrell Issa, R-CA, (202) 225-3906, (202) 225-3303
Adam Schiff, D-CA, (202) 225-4176, (202) 225-5828
Melissa Hart, R-PA, (202) 225-2565, (202) 226-2274, melissa.hart@mail.house.gov
Jeff Flake, R-AZ, (202) 225-2635, (202) 226-4386
I've had enough abrasive sigs. Kittens are cute and fuzzy.
It takes TEN letters (dead tree letters, email gets deleted immediately) for a Senatorial office to open an issue. TEN. (According to Illinois Senator Dick Durban.) And regardless of the advertising and commercials that politicians raise huge war chests to fund, on election day it is YOUR VOTE that decides who ends up in DC. (East Coast, you have no say over the West Coast one.)
I'd like to issue a call to everyone who posted something modded up to 3 or above: Write a letter to your representatives with the same level of intelligence and Interesting/Insightful content. Write it once and send it three times, once to your Congressperson, and once to each Senator. Fax it if you'd prefer. (Snail mail and fax are what they like the most.) Keep it to one page. Reference the Constitution. Refer to yourself with your most impressive title. (Professor, Ph.d, Senior Engineer, Graduate Student, Independent Developer) and as a registered voter. In the name of the Tux do not tell them that you don't vote, even if that's the case (in which case you should be ashamed of yourself). Then when the next election rolls around, ignore the commercials, take an hour to do your own research, and vote for the candidate that did not support revoking the 4th Amendment and violating Ex Post Facto. It works. (See also: Former Senator Alan Dixon)
For those of you in countries outside of the US, the same applies to you. The Canadian, British, Australian, French, German, etc. governments are all popularly elected as well. (At least the active parts of the British government, anyway.) Politicians are the same everywhere. The same tactics apply. Use them. If you don't, you have no one to blame but yourselves.
--GrouchoMarx
Card-carrying member of the EFF, FSF, and ACLU. Are you?
John Ashcroft announced today that the NSA has devised a fool proof deterance to E-terrorism. The new method is called Security-Through-Imprisonment, or STI.
The premise of STI is that civilian and military systems dont need to be secured, but instead laws need to be put in place that will require life sentances for so much as a failed telnet login attempt.
In response to our questions Ashcroft had the following statement: "Everyone is aware that securing Microsoft products is as futile as the war-on-drugs(TM), so we decided that rather than attempting to fix the systems - we will just send these E-Terrorists to prison for life for their crimes against Freedom(R). It is important for us to protect-our-children's(TM - H. Clinton) future in the wake of this terrible tragedy. Our new policy is called "If you cant do the right thing, then just do something"
Democracy is not a spectator sport. We have to get involved. Who do we write to? Who do we call? Who can we contact to see that this doesn't stand?
As David Quinn put it quite eloquently: Quite depressing, really. (The whole text can be found here, BTW)
But what can you expect when the whole world has bought into the idea that there is absolutely nothing that any one person can do to change things?
-- Shamus
Bleah!
I assume you know that *all* flight training is currently banned in the USA? Yes, that's right. If you are a flying instructor, currently *you cannot* train students.
Well, you won't go to jail. But the FAA will take your pilot's license away. If you are a pilot, that's nasty. Check out news://rec.aviation.pilots for more.
Without passing a law, without recourse to a *single* elected person, thousands of US citizens have had their source of income removed.
Well, that makes us all safe doesn't it?
Constitutionality will be questioned and laws like these, along with the careers of the idiots who propose them, will go the way of the dodo.
If we're lucky, the laws will go that way. I sincerely doubt that the careers of the idiots will, though.
What we need in the US is a law that punishes those who pass blatantly unconstitutional laws. Of course, since Congress routinely exempts themselves from legislation, they'd exempt themselves from this, too!
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
- it will be a long war
- it will be a secretive war
- the U.S. government will not necessarily reveal evidence against the terrorists they uncover.
- the U.S. government expects all other governments to comply and assist with its anti-terrorist actions.
now make hacking terrorism.now make assisting hacking terrorism.
now make hacking crimes retroactively punishable.
i've read bugtraq for years and have not informed the FBI about all the vulnerabilities released on that mailing list - will this make me negligent and punishable? will my punishment come in the form of an official court prosecution, or will special forces be sent in to take me out without ever letting anyone else know? if i move to Norway, will Norway allow the Navy SEALS to seize me?
Beware, that unmarked white van may be coming for you.
Yeah, sure, very paranoid to think that way, but consider history and consider how other police states have started their lives: will we be naive enough to let this one start as well?
-f
www.blackant.net
This list hardly seems to encompass "most computer crimes". For instance merely accessing or stealing non-classified information is not a terrorist act. Nor does it include breaking encryption ala DMCA. Defacing websites is not a terrorist act unless the computer belongs to one of the above categories and changing the website results in nontrivial financial losses. Writing viruses/worms is not a terrorist act unless you intentionally use it in a way that damages "protected" computers. (From the wording, I wouldn't interpret this to include merely releasing it into the wild, but a judicial ruling would have to clarify that issue). The crimes they are signaling out are pretty significant stuff and not just any old act of hacking. Let's not further contribute to the FUD.
What follows are excerpts of the laws in question:
From The Anti-Terrorism Act of 2001 (Draft 2)
http://www.eff.org/Privacy/Surveillance/20010919_
Sec. 309: "...the term 'Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate...1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)..."
From US Code Title 18, Section 1030
http://www4.law.cornell.edu/uscode/18/1030.html
(a)(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
(a)(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
(a)(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(a)(7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section
Under the same Section, part (d)(e)(2) and (8): (2) the term "protected computer" means a computer -
- (A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
- (B) which is used in interstate or foreign commerce or
communication;
(8) the term "damage" means any impairment to the integrity or availability of data, a program, a system, or information, that -Indeed, only crackers who attack "protected systems" (meaning .gov and .mil boxen - not the d00d who hax0rz the average web site) appear to be in line to get their asses handed to them on a silver platter under this Act, and those provisions I can support. (Hell, those are about the only provisions I'd support ;-)
You are so wrong you can't believe it. The CFAA defines a "protected computer" to mean a computer that is used in interstate commerce. This means any computer connected to the internet or a modem.
I have litigated CFAA civil actions, and I am here to tell you that virtually ANY unauthorized access where virtually ANY valuable information is received, or where ANY valuable data is modified or changed is quite arguably sufficient to lay down a prima facie case.
This bill is as bad as you first thought it was.
I read an interesting statistic the other day, in the UK there's about £270,000,000 of credit-card fraud a year, of which only £7,000,000 happens without someone physically presenting a card in a shop - i.e. that 7 mil includes not just all the internet fraud but all the stuff on the telephone as well.
Of course this is all well known. Best way to hack into a network? Get a job there as a Janitor and find a computer that wasn't logged out of.
Anyhow, criminal Laws can be divided into two categories, I've always though:
Laws that prohibit things that are bad.
Laws that might make it easier to enforce the former laws.
So, killing people is bad, so it's illegal.
Owning a gun isn't bad, but making that illegal is believed to make it easier to enforce the killing people law.
Copyright theft is bad. Being able to back-up an acrobat document isn't bad, and in Russia is actually a right, but DCMA is supposed ot mkae it easier to enforce the "no stealing copyright materials" law.
~~~~~ BigLig2? You mean there's another one of me?