Slashdot Mirror
House OKs Life Sentences For Hackers
ByteHog writes "The House of Representatives voted overwhelmingly Monday to create a new punishment of life imprisonment for malicious computer hackers. The article on MSNBC also mentions that police can conduct internet or telephone eavesdropping without first obtaining a court order. Says a Rep from Texas: 'A mouse can be just as dangerous as a bullet or a bomb.'" Other articles can be found here and the text of the bill is available.
Well, if hacking actually resulted in deaths, a life sentence would be applicable. Has it?
Build your own computer? You're a terrorist.
Run an "unsecured" operating system? You're a terrorist.
Share files? Terrorist.
Complain about corporate abuse? Terrorist.
Demand your Fair Use rights? Terrorist.
Fail to consume your fair share? Terrorist.
In 100 years, when they are picking over the ashes of our civilization wondering what went wrong, this will be the turning point day they decide on...the day when you could get LIFE in PRISON for using a computer.
So if I train my dog so it kills someone, I'll get a cushy 4 years in jail, but if I train my computer so it causes only fiduciary damages, I can get life in prison? That seems screwy to me.
The future isn't what it used to be.
I hope none of the 1 million Governement Snoops I read about via Drudge don't turn you y4nk33 haxxors in. (What happened to fighting the good fight with 'Hacker' vs 'Cracker', anyway?) Actually, its probably reasonable, if someone deliberately set out to kill people by screwing with Air Traffic Control or somethings. But there's a cold wind blowing from the hill.
If you read the text of the bill, life sentences are only allowed if the offender knowingly causes or attempts to cause death or serious bodily injury.
In other words, they are authorizing life sentences for attempted murder through hacking, which I think is very reasonable. Attempted murder can already get you a life sentence, I don't see why it should be any different if you attempt it through a computer than if you attempt it through any other means.
Says a Rep from Texas: 'A mouse can be just as dangerous as a bullet or a bomb.'"
This is true (Disney)
Says a Rep from Texas: 'A mouse can be just as dangerous as a bullet or a bomb.'"
If this is the case I see no reason why Best Buy should not be allowed to stock bombs.
Imagine the possibilities. This could bring smiles back to the faces of teens everywhere.
Build your own computer? You're a terrorist.
Run an "unsecured" operating system? You're a terrorist.
Share files? Terrorist.
Complain about corporate abuse? Terrorist.
Demand your Fair Use rights? Terrorist.
Fail to consume your fair share? Terrorist.
Shooting people to pursue political gain? Not sure. Depends.
Holding a population hostage via threats of violence? Depends who does it.
Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!
The funny thing is that the biggest threat to the internet right now is WorldCom itself....since they own UUnet and are going seriously bankrupt. Of course UUnet will stay alive somehow, either by WorldCom, sold to someone else, or through a government bailout. The major backbones and networks are really in a pretty powerful position, since they control major portions of the internet.
They'll just bomb your country.
What I don't understand about this is why there needs to be specific bills related to computer hacking.
As I understand it, the bill relates to the case of "if the offender knowingly causes or attempts to cause death or serious bodily injury."
Doesn't the USA have laws against this already? I mean, if I murder someone with a frozen banana, it's still murder, you don't need a law saying "you are not allowed to murder someone with a frozen banana". Surely knowingly causing or attempting to cause death or serious bodily injury is currently against the law anyway, however you go about doing it? Why is this law necessary?
That murder is usually a State, not Federal, matter. In the case of a hacker, who may be operating across State lines, it is proper for the Federal Government to get involved.
Best Slashdot Co
I like the "from the but-still-okay-to-rip-off-the-stock-market dept". That's fitting, given the posturing of congress to get tough on corporate crime.They paid lip service to it and raised some of the penalties but they've done nothing to increase the vigor with which these cases are prosecuted. To date, few of these cases have been prosecuted. When they do prosecute a company for cooking it's books, they'll be defended by the best lawyers money can buy. When a hacker is tried, he'll have the standard, substandard legal defense. The result is few corporate criminals will ever go to jail but lots of hackers will be railroaded.
Wansu, th' chinese sailor
Pray you never find out the hard way.
No Zen is good zen
Get what repealed?
IT'S A BILL
This still needs to go to the Senate and the Pres. Lobby them.
Today, the US Government passed a landmark bill that allows for life inprisonment for attempted murder through a computer. "Anyone can just sit down at their computer, push a button, and POOF! Instant erasure of the worst kind." says Attourney General John Ashcroft, "Not to mention most hackers can destroy the world economy from their parents basement."
Senetor Hollings also commented, "I believe this new legislation will act as a deterrant for would-be hackers trying to kill people with pirated music." he continues, "The reason why there aren't more people with broadband Internet connections is precisely because of things like this. How can the movie industry adopt a medium that can kill people with the push of a button? No, no one wants broadband if they know there's hackers out there that can kill them with a few mouse clicks."
A representative from the Bush Administration says that the new law will cut down on the rampant child pornography rings on the Internet by allowing Federal investigators to intercept any email containing questionable material and forward it directly to the President.
President Bush commented, "Al Queda is encrypting messages in porn sites all over the Internet. I plan to PERSONALLY put an end to this terrorist network."
-Riskable
"Those who choose proprietary software will pay for their decision!"
I'm not sure I see how the level of sophistication should affect the sentencing. Does this happen in other crimes? ("He shot her a bit amateurishly, so we'll only give him 5 years"). And why does it make a difference whether its a government computer or not?
Historically humans have always attacked and destroyed what they don't understand. That or they become religious and used religion to explain everything.
So hacking (cracking) is no different. Most people don't understand it. They see from movies that people can sink ships and fire nukes by playing with BASIC on their Apple IIe.
And yes I read that a life sentence is only for murder, but I'm sure a crime done through hacking will get a longer punishment than through "normal" means. There are examples of this happeneing already.
Outdoor digital photography, mostly in New Engl
SEC. 106. STRENGTHENING PENALTIES.
Section 1030(c) of title 18, United States Code, is amended--
`(B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.'.
If you try to kill somebody you might get a life term, no different to recklessly or knowingly causing death any other way. So you try to crash air traffic control computers you get thrown in jail for life - sorry if I'm not too sympathetic.
here is the focal point of this discussion:
`(B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.'. (my bold)
You may think of 'hacking' as an act in and of itself. This bill deals with various crimes that a 'hacker' might perform, using hacking as a tool or a means.
For additional perspective, refer to these acts mentioned in the bill:
(F) whether the offense involved a computer used by the government in furtherance of national defense, national security, or the administration of justice;
(G) whether the violation was intended to or had the effect of significantly interfering with or disrupting a critical infrastructure; and
(H) whether the violation was intended to or had the effect of creating a threat to public health or safety, or injury to any person;...
Examples of acts that are contemplated here: disabling a national defense warning system; flooding a city by opening the spillways on a dam; disabling the air traffic control system in a busy metropolitan area.
And for those who will quickly argue that these systems should not be connected to the Internet, note that the bill does not limit these acts of 'hacking' to access from the Internet. Hacking can also include access from inside a company or facility, dialup access to a piece of critical equipment, or even some acts of 'social engineering.'
These are not new criminalizations of innocent acts. They are simply expansions of existing principles to include new technology and means of hurting people and property.
you could get LIFE in PRISON for using a computer.
That's like complaining that you could get LIFE in PRISON for using a screw driver. If you use that screw driver to tighten screws, you're fine. If you stick it in someone's eye and wiggle it around, you may be facing LIFE in PRISON for the MURDER that you committed with your SCREW DRIVER.
Evil is the money of root.
Nicely put. But I'll add:
Peace: A situation where there hasn't been any overt terrorist activities, and the government decides it cannot afford to sustain the high-level of alert because of budget deficits and the coming elections.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Read the penalties section of the bill. Its life imprisonment for people who attempt to cause death through hacking. That is, if I hack into a control tower and try to make planes crash, I might be sentenced to life in prison.
Currently, that would be a weak case of attempted murder. We have crimes in the country that say "If you commit a crime, there's a penalty. If you commit a crime with a weapon, thats a more serious penalty." Well, when using computers as a weapon, its a weapon.
In most states of the US (and most developed nations) you are not allowed to operate an automobile without maintaining basic safety (and emissions) equipment. I expect sometime in the near future similar requirements may be made of systems connected to the internet.
Today the conversations may look like: .. I pay for this service and I'm not responsible / can't afford to fix it ...
ISP: Your system is being used for attack by an intruder, if you don't take it offline and get it fixed we will enforce our AUP and take you offline.
customer1: Ooops, sorry ok we'll spend the $$ / time to fix it
customer2:YOU CAN'T DO THAT
ISP: CLICK
Today, while it's feasible to keep systems patched / audited for a reasonable level of safety, many (most?) orgainizations don't have the skillset / funds allocated to keep their systems secure against even the 'kiddies, let alone a determined attacker. That's gonna have to change IMO either thru systems that are harder to break into in the first place or better practices.
Some of the provisions of this bill are also simple clarifications of existing statutes. For instance see the provision: Specify that an existing ban on the "advertisement" of any device that is used primarily for surreptitious electronic surveillance applies to online ads. -- apparently while it's illegal to advertise wiretapping equipment in print, this will extend the restriction to online ads also.
This explains why I've been seeing the adds and spame for keyboard keystroke recorders (shame on you thinkgeek!) and packet sniffers to protect (spy on) your kids or spouse.
Linux is Linux, if One need clarify their dist: <Dist>/GNU Linux
bsds are of course just BSD
I had the same "knee jerk" reaction but...
/jarek
"(B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.'."
This just acknowledges that computers are integral and vital parts of our lifes and can be used in malicious ways just as knifes or guns. Welcome to the global village and the on-line world people.
(G) whether the violation was intended to or had the effect of significantly interfering with or disrupting a critical infrastructure; and
(H) whether the violation was intended to or had the effect of creating a threat to public health or safety, or injury to any person;...
So if Joe sends an email to Jane and for some reason that email trigger some weird bugs that somehow cause some shitty system to go down and that system going down cause G or H then you can get life imprisonment for sending an email?
Ok that exemple is a bit extreme, but still, given how everthing is/can be interconnected through computers who knows how much unintended effects can result from some interraction with buggy software.
The 20 year penalty is for "an attempt to commit bodily harm". The Life sentence is for "an attempt to cause a death".
Nevertheless, the bill does not *merely* do what the news reports claim, and in that, it is alarming.
The interesting part is the definition of "protected system", which is taken from "18 U.S.C. 1030" (search for it in your favorite search engine), and the modifications made to it by the bill.
It does not involve only government computers, as the text of the bill itself implies. It also involves "any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954" -- most of which is public information these days, and available from many web sites containing information on basic high energy physics (apparently, congress-critters believe that if they can't figure something out without a crib sheet, neither can your average university-trained physicist or engineer, which is why they think they could successfully legislate against light switches).
Further, it includes records from "information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer", per "15 U.S.C. 1681".
This can be loosely interpreted to mean "any system which stores credit card numbers".
--
The real question that we should be asking is whether this is a Writ Of Mandamus... it seems so, since there do not appear to be practical restraints on use of information gathered under the terms of this bill (i.e. "We thought he was a terrorist; as it turns out, our justification was bogus, but we still get to use the evidence gathered to inform against him for that Metallica MP3 he downloaded").
From my reading, it's unconstitutional, under the 4th Ammendment.
Of course, since it passed by such an incredible amount in the House, there no reason to believe that it will not quickly become law: it clearly has wide bipartisan support, and will clearly get the White House's approval (see below).
What that effectively means is that it will remain law, until it is challenged by a perpetrator on the basis of constitutionality. Basically, the law will have to be violated to be tested, at considerable risk to the violators, given the tendency recently for the Federal Government to use the Bill Of Rights in place of toilet paper.
I guess the only thing we don't know is whether this is an overreaction to last September, or if its an overreaction to the lack of consumer confidence in the market, where they think if they can point to themselves "*doing* something about some real market risk", we will forget all about "the man behind the curtain", and not insist on substantive tort reform.
If you read the House Report version of the bill, you'd think the latter (e.g. reaction to "Enron")... almost all of the listed congressmen are from -- *surprise!* -- Texas.
The Constitutional basis for incorporation itself is to serve the public and shareholders interests (read the relevent USC on incorporation, if you don't believe me); this seems to have been reduced to nothing more than "fiduciary responsibility to protect shareholder value, and screw public interst". More fundamental reform is required: this is not about people not acting like a--holes for fear of the penalty, it's about people not acting like a--holes because they *aren't* a--holes.
-- Terry
My question is, why do we need a new law in the first place? Last time I checked all those things you mentioned are already illegal. My worry is someone will get life for doing something that doesn't "threaten" or whatever a human life. Well, it doesn't really matter anyways. It's not like he'll get a trail under our military tribunal system anyways.
(5) if the offender knowingly causes or attempts to cause death or serious bodily injury in a violation of subsection (a)(5)(A)(i), a fine under this title, imprisonment for any term of years or for life, or both.
they arent talking about a DoS attack & they arent talking about defacing someones website. they are talking about air traffic contol systems, stoplight controls on busy intersections, railway switching programs, nuclear powerplant software and other things that have the potential to cause graet harm...
they may have been watching to many movies, but I see where they are coming from....
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
First, survelliance without a court order is unconstitutional. This portion of the bill will surely be stricken down by the Supreme Court.
Second, the rest of the law is redundant and unnecessary. Crimes committed via the internet should receive the same punishment as those in the real-world, where the situation is analagous. For example, breaking and entering can be treated the same. Simply hacking into a persons computer is breaking and entering, even if it causes no damage; similarly, breaking/entering into a person's home, even if you do no damage or steal nothing (and don't damage the locks), is a crime.
When a hacker purposefully hacks into, say the USAF HQ, and steals top-secret documents on airplane design, then divulges them to China that's a crime just as it is in real life (treason). Similarly, it should be punishable just as it is in real life (by life in prison or death).
Another example, if a mob boss orders an underling to kill someone via an on-line e-mail, that's murder and conspiracy to commit murder. It should be punished just as it is in real life: by life in prison or death.
The fact that a crime took place over the media of the internet does not greaten or lessen its severity or lack-thereof. It simply creates a jurisdictional issue. The issue can be solved like such: if a crime is committed on the internet and its affect occurs in that state, then its the state's jurisdiction; if it occurs in one state and affects another (i.e., the mob boss in NY orders his hitman to kill someone in CA), then it should be under federal jurisdiction.
social sciences can never use experience to verify their statemen
'A mouse can be just as dangerous as a bullet or a bomb.'
Just great, now we'll have a five-day waiting period on mice, and export controls.
And now that he's equated mice with weapons, wouldn't the 2nd Amendment kick in to guarantee your right to keep and bear mice?
Last question in relation to that statement: If a cracker only uses the keyboard, is he safe from prosecution?
That's like complaining that you could get LIFE in PRISON for using a screw driver. If you use that screw driver to tighten screws, you're fine. If you stick it in someone's eye and wiggle it around, you may be facing LIFE in PRISON for the MURDER that you committed with your SCREW DRIVER.
Good point. We need a new screwdriver law.
Maybe so, but read some of L0pht's papers about the widely insecure remote access to power grids, city works (traffic controls, etc.), and other such things which are probably very hackable and not connected to the internet.
I must be out of the loop: the L0pht never released any white papers on infrastructure insecurity. They merely, at the behest of the NIPC, testified before Congress something to the effect of "if we wanted to, we could hack the nation inside of an hour" or some ridiculous hyperbole like that. They're good hackers and all, but the sane mind looks to the reasons why they said what they did without any proof as they'd be wont to provide in any other situation: the almighty buck. The FBI got its "cybercrimes" division and the L0pht merged with @Stake, who now performs federal contract work for... guess who?
Judges take intent into consideration. If I steal a car and intentionally run someone down, it will be treated differently than if I steal a car and accidentally hit someone; these laws handcuff the human element, turning judges from arbiters of law into life-sentence machines.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
While this bill is very worrying, given the increased power it gives to the DOJ (and that maniac Ashcroft...), it's not as bad as its made out to be. Basically, the extreme penalties are for those who knowingly commit acts that result in death or serious bodily injury. That only makes sense. Killing somebody by hacking into an important computer is just as bad as killing him any other way. Also, it increases the penalties for illegally intercepting electronic communications, which is a good thing. Maybe that clause can be used against the FBI and DOJ when they get a little too snoopy.
A deep unwavering belief is a sure sign you're missing something...
With commands like 'kill', 'killall', 'bash', 'dig', 'cut' and 'wipe' we have clearly frightened our legislators. And with commands like 'head', 'tail', 'latex' and 'gawk' they think we are perverts too.
The knee jerk reaction is right. When they throw "knowingly or recklessly" into the same phrase, its a tough one to beat.
Say you hack a website, that website feeds a stock ticker on another site, and because you've changed the page that stock ticker now shows a zero value for that company's stock. Some investor sees it, and thinking his investments are now down the toilet, jumps out the window to his death.
Now, your hack wasn't really malicious, you didn't think it would cause anyone's death. That's where the "recklessly" comes in; you didn't think of every possible outcome of your actions, thus they were reckless. That's what the prosecution is going to argue. Once the prosecution paints you as reckless, then the jury is swung to their side.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
Somehow this seemed appropriate:
The Conscience of a Hacker
by Mentor
Written on January 8, 1986
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him,what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school. I'm smarter than most of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer.
Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up.
Not because it doesn't like me...
Or feels threatened by me...
Or thinks I'm a smart ass...
Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened. A door opened to a world rushing through my phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.
"This is it... this is where I belong." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all.
Damn kid. Tying up the phone line again. They're all alike.
You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals.
We explore... and you call us criminals. We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all...
After all, we're all alike.
Copyright 1986 by Loyd Blankenship (mentor@blankenship.com). All rights reserved.
*Condense fact from the vapor of nuance*
People become terrorists because they are terrified. A Muslim whose education at a madrasas has consisted totally of reading the Koran for its power, is terrified by the powers we in the West gain from our books and films and (relatively) free communnications, so, terrified, they seek to return the terror to what they see as its source.
When I was training typical office workers in using computers back in the 80s, the most difficult hurdle was that most of them were terrified that the computer was sentient enough to become offended if they did something 'stupid' and intentionally punish them for their mistakes. Just as Muslims see a god in their book, even 'modern' Americans tend to see gods in their boxes - and both are terrified that those gods will punish them if they stray, even in ignorance, from their presumed commandments.
And now the Congress is terrified of computer networks, and seeks to terrorize those who appear to be favored by special powers by the new network gods, who must be made fearful of Congress's powers lest they reach out through the networks to strike them dead.
Lesson: Anyone whose power source is different from your own is guilty of witchcraft (whether that source is more or less advanced than yours makes little difference - thus 'modern' medicine derides 'witch doctors'). Since that witchcraft terrorizes you, you must hold the witches in check by terrorizing them in return. This is all simple anthropology.
Sometimes the witches (fundamentalist Muslims) are trying to kill you; sometimes they (sysadmins) aren't. The key to maximizing peace is overpowering the first group either with new culture or, if that fails, with containment or death; and overpowering your own paranoia regarding the second group, by whatever means are available. The tricky part comes if our own Congress continues towards behavior equivalent to that of fundamentalist Muslims. Our first course should be to ease their paranoia.
___
"with their freedom lost all virtue lose" - Milton
Winter 2010: With Glowing Hearts
It is interesting that Congress has approved a penalty usually reserved for murder for a crime that essentially amounts to expensive vandalism. If you deface a wall, you get a few hours of community service. If you deface a website, you get life. I would say that it is difficult to consider a society that can put people in prison for life for a crime that is more or less a misdemeanor a free society.
What about those Enron and Worldcom executives? When do they get life in prison or an even stiffer sentence? The crime they committed was premeditated stealing. That at least would be considered a felony in most cultures.
Moral:
If you are greedy and like to steal, Uncle Sam wants you to run a major corporation and write a book. If you are a teenager and have nothing better to do than deface a little property, better do it with spray paint, because if you use your computer, you can grow old in prison.
Nice message we are sending to young people these days. I suppose Gecko was right: "Greed... is good!"
All data is speech. All speech is Free.
B) Bush is NOT taking citizens on the grounds of unamerican activities or what have you. You're making a mountain out of a mole hill. We're talking about a handful of non-US citizens that are believed to be associated with terrorists (murderers, not mere philosophical disagreements). This is not "anyone." This is not on "any grounds." You are distorting the facts.
C) Open government and "due process" is a good thing. However, not all good things are better when carried out to their extreme. In fact, some are downright harmful. Some of the practices that made sense 200 years ago, when it was very difficult for an individual to kill thousands of people, really make little sense now when it's relatively easy to do the same. I'm sorry, but I'm absolutely opposed to the idea of releasing someone who sneaks into this country illegally, who is KNOWN to be involved with terrorists organizations, either back into this country on bail or to deport them, merely because we can't find sufficient evidence to convict them in a traditional court of the more serious crime that they're probably involved in. Now that's not to say that I give my government carte blanche (and they DON'T have it) to do whatever they want with these people, but you'd attack ANY necessary change.
D) As for history, this cuts both ways. History has shown time and time again that you can't placate bullies, whether they be dictators in charge of a country or a terrorist leader. Some of the same policies that Bush has enacted are policies that should have been enacted in WWII and are being attacked by people like you.
E) It's a blatant stretch to assert that Bush, or anyone in this government, is so far gone in their change of policy that they're beyond control of the people. What's more, these policies that have been enacted are relatively slight policies and are easy to enact, so that enacting them really gets you no nearer to a police state, in reality, than we were previously. The press is still readily attacking Bush. The political opposition still does, although they're more hesitant because they're afraid to waste political capital. I really don't think that you can say with a straight face that we're in any danger of slipping into a police state given all the facts (especially when you take into account the greater risk of a massive terrorist attack).