Slashdot Mirror
Lawyers Say Hackers Are Sentenced Too Harshly
Bendebecker writes "Cnet is reporting: 'The nation's largest group of defense lawyers on Wednesday published a position paper arguing that people convicted of computer-related crimes tend to get stiffer sentences than comparable non-computer-related offenses.' Finally, someone is listening..." The document makes the points that most computer crime cases involve disputes between an employer and employee, and that the seriousness of the offense is generally comparable to white-collar fraud cases.
defacing a web page != stealing credit cards.
they shouldn't have equal sentences, but that isn't to say one of them isn't deserving of what they get...
There are some odd things afoot now, in the Villa Straylight.
In many cases, the victim would be ignored if s/he didn't over-state the actual damages. I've heard victim after victim (right here on slashdot) state that they've went to the FBI/local officials, and were denied help because the actual damages didn't add up to a certain amount.
No wonder victims are overstating the problem, it's because they don't like being ignored.
--sex
Very popular slashdot journal for adul
I thought a laywers job was to understand the law and to represent his/her client, not decide what's fair or not fair regarding the law.
Who says they are deciding. They are stating their opinion. It is up to legislators to create and modify the law and judges to uphold it. Lawyers just happen to be the most intimitately involved with both types of cases and therefore are qualified to state an opinion.
I would also point out that they are as free to state their opinion as you are.
>the guy goes to jail for 30 days and people are .... what justice is that.
>out of work
Absolutely zero:
How much time did the MIS manager and CTO do? They share the responsibility for not securing the system. If the risks are that great, then not adequately protecting against those risks is criminal neglect.
Quoth the Rave,,, err, Anonymous Coward:
"Oh, well, in that case, since it's ONLY fraud, might as well let them go free."
You didn't understand the argument, or didn't bother to read it, at least. They're not saying computer criminal should "go free," but that the harshness of their punishments should be similar to the punishments meted out for similar crimes not involving computers. Is that really so difficult to support?
However, lawyers have a more intimate knowledge than any of us (as proven by the number of IANAL comments) since that's their job.
Also, this particular group of lawyers are defence lawyers, so it's their job to defend crackers and fight for their rights, which would include the whole fairness issue.
And also, these people might be judges someday, so then it will be their job to determine what fair judgement is.
Are hackers sentenced too harshly, or are "comparable" criminals not sentenced harshly enough?
--
Think Green... Burn only 100% recycled dinosaurs in you car.
It's because lawmakers have no idea what hacking is. All they know is that the news and their handlers and their real constituents (donors) say it's very bad. It's just like way back in the day when people were put in institutions for being depressed. No one knew why they were depressed so they just put them away.
Now, I'm not saying that hacking others' equipment is good. I'm just saying that the punishment should fit the crime, not get 10 years in jail because you made the RIAA website say they love mp3s instead of money.
1) Judge (often a lawyer)
2) Prosecutor (lawyer)
3) Defense Attorney (lawyer)
Also, think about this. Whenever the two sides work out a plea bargain rather than going to court, you basically have 2 lawyers hashing out what is a fair penalty for the crime involved.
So, in response to your statement, I would have to say that lawyers have always been the beacon for what fair punishment should be since the modern criminal system came into being.I'm sure it's fun to take potshots at lawyers, but you need to realize that they do run the system to a large extent.
IANAL
Overrated Moderation: This posts sucks... because.
Am I the only one who watches only to find out what kind of society I live in? And without any real hope of contributing to or affecting the overall state of affairs?
No. I vote.
...are the hackers of today.
"... McOwen was charged under Georgia law with computer trespass. Facing up to 120 years in prison..."
A man installed a program that for all intent and purposes is a screen saver and he could have been forced to serve 120 years in prison had he not plea bargained. Clara Harris killed her husband with her Mercedes, was found guilty of 1st degree murder, and was only sentenced to 20 years (she'll get out in 10).
I think something is wrong with a system that gives you more time for installing a program that doesn't do any damage than it does for murdering a person in cold blood.
...more year in prison than the average raper ?
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
If that logic is pursued, just make every crime, from littering and jaywalking on up, a capital offence. That would deter ALL crime. Sounds idyllic, doesn't it?
The point the lawyers are making is that the penalty should be in relation to the harm caused, not multiplied merely because it somehow involved a computer. Whether you defraud using a fountain pen or a PC, the penalty should be the same.
So if I am distracted while I am driving and I accidently run over someone and they die, I should get the chair because "hey, the crime of killing a person is equal to the crime of killing a person"? Hacking into someone's webserver and adding the line to their webpage that I own their box should equal a punishment but that punnishment should not be the same as hacking into a computer and deleting their harddrive or changing the balance in my bank account. It's like saying that every theif should get ten years in prison regardless of what they stole; it sound nice on paper but do you really think anyone should go to jail for ten years for stealing a candybar?
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
"The (majority) of the offenses are generally disgruntled employees getting back at the employer or trying to make money."
And how is this not serious? Destruction and blackmail are extremely serious and should not be tolerated in society.
Prison is not just rehabilitation. It is a deterrent. If there were little or no consequences to, say, wiping out a server just because you are mad you got fired then many many more people would do it. Consequentially companies would crack down hard on everyone and treat all employees like assumed criminals.
Most of the world we live in is based on trust. Most homes and businesses are relatively easy to break into. And if the consequences for such actions were light then more people would be trying it just for fun. And then home owners would have to put bars on their windows and constantly worry about keeping their house secure.
In fact, this is essentially what Slashdotters are recommending people do to their computers. Most people have better things to do with their lives than worrying about locking down their computer from hackers. How about the hackers say on their own boxes and stay the heck away from everyone elses!! If someone breaks into my computer, it is not MY fault the computer was easy to crack. It is the hackers fault for doing something they weren't supposed to do. And the hacker should go to jail for it, just as they would go to jail for breaking into my house and checking out all my stuff. I don't care if they steal anything or not, it is an invasion of my life and privacy!
I am sick of the hypocrisy Slashdot getting all up in arms about the Patriot Act and then worshipping Kevin Mitnick. At least I can vote against the Congressmen who supported the Patriot Act. I can't vote to keep Mitnick wannabes off my computer, except to vote to put them in jail where they belong.
Brian Ellenberger
What if you were to break into a bank vault? Not take anything, just break in and look around? You'd be up shit creek without a paddle. How about breaking into a military base "just to look around"? How about breaking into a casino's back rooms?
In case you haven't noticed, you can't just go where ever you want just to look around.
No, it isnt ridiculous at all that he face the charges. He knew what he was doing was against the law when he did it. He comitted felony computer fraud, and is being charged with it.
What would be ridiculous would his being tried and convicted as an adult, and spending 10 years in a max security prison. But that wont happen, he'll get the warning and the incident will go into his sealed juvenile record.
IMO there's too much 'juveniles shouldnt be punished after all they're just kids' sentiment. Youngsters know this, and commit more and more crime knowing they wont be severely punished.
It would be ridiculous if the teacher gave him permission to use the computer, and in doing so he accidentally formatted the C: drive, or something like that. But if he knowingly committed a crime (which it would seem he did), he should be prosecuted for it.
I don't need no instructions to know how to rock!!!!
If they suffered a loss, let them document it and then charge the "hacker" with criminal damage, fraud, or whatever. Why should "hacking a corporate network" be such a heinous crime in itself?
My (ex-)girlfriend works at a bank. Her bank branch has never been robbed before, but take the following into account:
a) Most Bank robbers wouldn't know what bait/dyepacks would look like if it was sitting in front of their face
b) If the tellers just grab their bait, the robber's getting away with ~$83 per teller
c) Some Bank Tellers have their own 'valuts' (Bank tellers buy and sell money from the bank vaults to their cash drawers. Some banks differ in how much money they're permitted to have in their drawer, or don't permit their tellers to have locked valuts.
Let's say I'm Jon-BankRobber. I walk in with my gun, flash it around, walk out with ~$300 bucks (~$80 x 4 bank tellers), caused some bank tellers to quit their jobs/go into therapy/become really depressed. I go to Court, visit the Judge, who gives me ten years.
Now, let's look at Joe-31337h4x0rd00d. I break into my bank's tellering system, create an account, and either blatently (to the fact that it comes up on the next day's report) or sneakily (penny-slicing) steal money. I can get away with much much more, but for the sake of keeping things same, I only take $300.
When Joe-Hacker goes to the judge, he's going to get a max of 6 months. Non Violent Crime, Under $500 (no felony), no gun. (this is assuming that they don't get him with electronic tresspass)
If they're looking to give hackers/crackers a free ride, it won't happen. If they're trying to equal things...just make the same crime punishable by the same punishment. Rob a bank or Crack a bank, go to jail for up to ten years.
I know some of you will poke holes in this, but the average white-collar-criminal just doesn't go to prison, unless you've pissed someone really off, or really f*cked up.
Replies will be answered.
ONUCSGeek
I disable sigs...do you?
figuring for both files lost, cleaning it from systems, and a prorated amount
for the effort/energy/and money poured into the creation of patches/antivirus software.. can we apply the death penalty to the virus author?
63 years, times 365 days, times 24 hours, means 551,880 hours
every day http://en.wikipedia.org/wiki/Special:Random
Certainly. Furthermore, there should be some inquiry into how much damage was actually done by the theft of the credit cards. Say you broke into Visa, downloaded their entire database of usable cards, and stored it on your computer. Now what?
If you immediately deleted the database, and sent Visa an explanation of the vulnerability, you should certainly be less liable than if you posted it on your FTP site, or wrote a small shell script telling Amazon.com to send every Visa holder a copy of "Curious George Goes to the Potty."
As things stand now, the prosecutor would just brew up an "analysis" showing that you cost Visa $500,000,000, point out that you're a terrorist, and sentence you to life in solitary (so that you don't manage to escape, gain access to a payphone, and start a nuclear war).
You want the truthiness? You can't handle the truthiness!
So now schools get to pick and choose which cases they turn over to the cops? It's ok for someone to be the victim of a Assault and Battery, but it's a FELONY to cheat now? And that's all this was, remember, cheatting. It's not a felony to use a pencil to alter your grade in the paper gradebook. Why is it a felony to do it on the computer?
Punishment should have been handled by the administration and the kids parents this was NOT a metter for the cops.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Changing grades (in that school district) is punishable by detention, suspension, expulsion...at the discretion of the principal/school board.
Doing it on the teachers computer brings it up to the level of a felony. 'Altering intellectual property' or some such.
IMHO, that is not right.
Yes, the kid should obviously be punished. Does doing via the PC warrant far more severe punishment, vs doing it in a paper grade book?
Can I bring suit against any and all spam and popup purveyors? After all, they ARE altering the contents of my PC (cookies and unwanted email) without my permission.
>> The guy who hacked me should face at a minimum the legal penalty for breaking into my house and rifling through my file cabinet.
I agree he should be punished, but it isnt the same as breaking ito your house and rifling through your file cabinet. Break and enter is generally treated by cops and DA's as a violent crime - because burglars very often have every intent on harming someone who may be at home at the time.
A better analogy would be the clerk at the gas station who lifts your Visa number, or the guy who looks over your shoulder at a payphone or ATM to get your calling card/pin numbers. But hackers also have an element of trespassing and harassment. So maybe mix in a little of the guy who makes obscene phone calls in the middle of the night, or dumps his garbage on your lawn. Or maybe a postman who reads your mail (thats a big federal no-no as well)
In any case, saying the sentences are 'too harsh' or 'too light' is wrong IMO. This is what judges are for, to decide what punishment is appropriate on a case by case basis. Thats their job.
I don't need no instructions to know how to rock!!!!
100 years ago before the automobile became dominant, society & the economy depended quite a bit on horses. As such, you would be hung for stealing a horse, not because it's such a horrible offense, but because if the punishment wasn't really stiff excess horse theivery would probably have actually undermined the stability of society. Who would want that!
The same forces are probably in effect here.
Keep passing the open windows...
The real question is whether justice is state-surrogate revenge or to keep the public order.
If you immediately deleted the database, and sent Visa an explanation of the vulnerability, you should certainly be less liable than if you posted it on your FTP site, or wrote a small shell script telling Amazon.com to send every Visa holder a copy of "Curious George Goes to the Potty." As things stand now, the prosecutor would just brew up an "analysis" showing that you cost Visa $500,000,000, point out that you're a terrorist, and sentence you to life in solitary (so that you don't manage to escape, gain access to a payphone, and start a nuclear war).
Right... Visa should take a hacker's word that they've deleted the database and that they didn't leave any backdoors to get back in again later, because we all know someone who'd break into your system is someone you should trust.
Visa would be extremely neglectful if they didn't take every action at their disposal to minimize damage in the wake of an intrusion. This means reissuing all the compromised cards, reinstalling every machine even remotely related to the one compromised, implementing new policies to detect a similar intrusion in the future. None of this is cheap.
You are not doing Visa a favor by breaking into their system because you're costing them almost as much as it would cost them if someone broke in and did exploit the hell out of those card numbers. Think about it.... do you want someone throwing rocks through your windows (breaking them in the process) just to show you the vulnerabilities in your house?
NO CARRIER
I'd look at it this way; you broke into the house to steal a TV, but on your way out you slipped into the china cupboard and accidently broke a Han Dynasty era vace worth 1.2 million.
I suggest you actually READ the PDF. Your $1.2 million vase is NOT broken. The entire point of the article is that computer related law is broken.
If some kid sneaks in, watches some TV and leaves. he does NOT berak your vase. The crime is a misdemeanor. The economic damage is zero. This is sentenced as a "Base Offense Level" 6 misdemeanor. Perfectly reasonable.
Now lets look at what computer law does:
The kid didn't touch your cupboard or vase, but you decided you needed a cupboard with a lock for $5000. This counts against the kid and he gets +2 on the base offense level for $5000 in "damages". It now becomes a FELONY.
Then there is a +2 on the offence level for using a "special skill".
Then there is a +2 on the offence level for using "sophisticated means".
The kid did he not intend to cause any harm. The kid in fact did not cause any harm. So now a harmless prank that is supposed to be a level 6 misdemeanor is actually treated as a level 12 felony. THAT is the point they are making.
They also want to make sure this harmless prank doesn't get sentenced as TERRORISM. They don't go deeply into this topic, but they are also opposing certain "computer-terrorism" laws and proposed laws. They essentially make it terrorism for a kid to throw a snowball across state lines at a supermarket. The DOJ claims this is acceptable because they promise it will only be used in "appropriate cases". Pardon me, but I don't think a misdemeanor harmless prank should EVER be within the scope of a terrorism law.
Another problem they mention is one that came up in the Mitnick case. The kid takes a photo of your vase. The kid never shows the photo to anyone. Here's how computer law meaures this "vase theft": You paid $1000 for the vase, but you bought it on a $50,000 vacation. You later realize the vase is worthless and give it to the salvation army for free. According to computer-law taking the photo caused $51,000 in economic damages.
In the Mitnick case he copied software. If they had to spend money repairing damage Mitnick had done then there would be economic damage. If Mitnick had sold or given the software away then there would be economic damage from last sales. Yes, Mitnick broke the law, but the fact that he was charged and punnished based on tens or hundreds of millions in economic damages when the actual figure was zero damage was absurd.
And yes, one of the companies did in fact decide to give the software away for free (and it had nothing to do with Mitnick). Care to explain how he caused millions of dollars of damage by making a single copy of $0 software?
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.