Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawyers Say Hackers Are Sentenced Too Harshly

Posted by michael on from the hacker-crackdown dept.

Bendebecker writes "Cnet is reporting: 'The nation's largest group of defense lawyers on Wednesday published a position paper arguing that people convicted of computer-related crimes tend to get stiffer sentences than comparable non-computer-related offenses.' Finally, someone is listening..." The document makes the points that most computer crime cases involve disputes between an employer and employee, and that the seriousness of the offense is generally comparable to white-collar fraud cases.

17 of 430 comments (clear)

  1. Well by Bob+Abooey · · Score: 3, Interesting
    Since when are laywers a beacon for what a fair punishment should be? I thought a laywers job was to understand the law and to represent his/her client, not decide what's fair or not fair regarding the law.

    Quite frankly given the number of laywers who do their best to circumvent the true spirit of the law I don't want them making any public statements on my behalf...

    --

    All the best,
    --Bob

  2. Hmmm . . . by Gabrill · · Score: 5, Interesting
    Am I the only one who watches only to find out what kind of society I live in? And without any real hope of contributing to or affecting the overall state of affairs?

    On the other hand I AM glad that computer crime is possibly going to be recognized as a white collar crime instead of a terrorist threat.

    This one bombed a bus. That one stole a credit card. Kill 'em both!

    --
    Always going forward, 'cause we can't find reverse.
  3. "White collar crime" - a misnomer... by MosesJones · · Score: 5, Interesting


    Scenario A: man walks into a store with a gun, demands they empty the till, walks out with a hundred bucks.

    Net effect: 100 bucks for the store + mental anguish for people in there.

    Punishment: Ten years

    Scenario B: Man defrauds investors, pension funds etc out of millions or billions

    Net Effect: Pension funds slashed, thousands made unemployed

    Punishment: 5 years

    We all know that white collar crime gets punished a whole lot less, but is that right ? Why shouldn't execs from the likes of Enron, WorldCom et al be looking at life behind bars for the havoc they have reaked ? Well because there really is a different set of laws for the rich. Sure they might even get 15 years in the cases of these massive frauds, but is this enough given the damage they have caused ?

    So maybe the problem is that white collar crime is punished too little, rather than hacking is punished too much. Maybe having sentences for theft, fraud etc (of any kind not involving actual violent which already has punishments) should be related to the amount of money stolen.

    Maybe 1 year per $1000....

    --
    An Eye for an Eye will make the whole world blind - Gandhi
    1. Re:"White collar crime" - a misnomer... by byrd77 · · Score: 5, Interesting

      The error in your reasoning is the presumption that increased jail terms will deter this type of crime. Research shows that the vast majority of people who commit crimes like this don't think they'll get caught. It's highly unlikely they are even aware of what the potential sentence may be, so making it larger doesn't help.

      --
      - Carpe diem, quam minimum credula postero.
  4. Perhaps the hacking penalties are fine... by TopShelf · · Score: 4, Interesting

    And the white collar fraudsters should be hit harder? I think I'd rather see that myself. Send Skilling, Lay, and their ilk up the river for an age and a day.

    --
    Stop by my site where I write about ERP systems & more
  5. Read... by aengblom · · Score: 3, Interesting

    sipthe seriousness of the offense is generally comparable to white-collar fraud cases.

    Read: The fast-growing, little-punished type of crime that destroys the finances of thousands every year.

    "Hacking" is no more the refuge of the geek. True criminals have embraced it as a way to siphon off lots of money with little risk.

    Let's not charge people looking for CC#'s with terrorism, but let's not label it "annoying" and offer up slaps for people's wrists.

    --


    So close and yet so far from the world's perfect ID number
  6. The problem isn't the harsh sentences for hackers by Mothra+the+III · · Score: 4, Interesting

    Its the inability to impose proper sentences for violent criminals and drug offenders. I have no sympathy for people invading companies computers for whatever reason and they should be punished harshly. I have better things to do on my weekends then combat those assholes. But there is a need for reform in the way punishment is administered for violent criminals and longer sentences need to be handed out.

    --
    Worst. Sig. Ever.
  7. I agree by Visaris · · Score: 5, Interesting

    If I break into someone's house, I'll be charged with breaking and entering, and with trespassing.

    If I hack into someone's network and don't even do anything but look around, I'm charged with causing losses of millions. I'm charged with stealing any sensitive content I gained access to whether or not I even looked at it. Not to mention they'll slap all the cybercrime and terrorism laws they can find down on me too. It has nothing to do with the severity of the laws, just that you get pinned with so many of them.

    --

    I am a viral sig. Please help me spread.
  8. white-collar fraud by doubtless · · Score: 3, Interesting

    I can see that sometimes the claims of damage in online crimes can be ridiculously high. However, if the claims of damage is reasonable, I don't see why the punishment should be any lesser than any other crime.

    I think white-collar criminals are already getting far less punishments than they should. How could someone who screws up the millions of dollars from their employees be subjected to punishment comparable to shoplifters or burglars?

    --
    geek page at KY speaks
  9. 6th Grader Charged in Grade-Switch Caper by Anonymous Coward · · Score: 5, Interesting

    Check this out:

    Story (palmbeachpost.com)

    An 11 year old snuck into his classroom during lunch and changed some of his grades on his teacher's computer. He was caught and is now facing FELONY computer fraud charges. Tell me that's not a bit ridiculous.

    -Dan.

  10. Exactly backwards by fleener · · Score: 3, Interesting

    The issue isn't tough sentencing for hackers. The issue is that white collar criminals get off light.

    Hacking is not a white collar crime. When I think of white collar crime I see millionaire executives spending stolen money for blow jobs by preteens in foreign countries. When I think of hacker crime I see a trail of empty Mountain Dew bottles and Cheetos bags. Hackers need to become filthy rich before they can play the courts like the big boys do.

    Extreme cases aside, most hacking is like kids stealing cars to take 'em for joy rides. Sure, a few people get hurt by each crime, but it's not like you have a few hundred thousand stock holders who'll have to work 10 extra years before they retire because their portfolios are toast.

  11. Re:Have to exaggerate the problem... by FosterSJC · · Score: 4, Interesting
    The other side of the coin to this is that you get employers or "victims" or what-have-you artificially inflating the damages supposedly caused by a hacker.

    Kevin Mitnick, in his Slashdot interview, explained this in detail:

    However, the punishment in my case was extremely harsh and did not fit the crime. I equate my illegal actions not to a person who molests children or burglarizes a house (I heard these specious analogies before), but to a person who illegally copies software.

    The difference in my case is the software was proprietary. I was not an industrial spy, nor did I ever attempt to profit or damage any systems or information that I had illegally accessed. The government falsely claimed I had caused millions of dollars of loss, in an effort to demonize me in the press and the court. The truth of the matter is I regretfully did cause losses, but nowhere near a million dollars. The theory the government used to reach those numbers was to use the same formula for traditional theft or fraud cases. When a person steals money or property, the Federal Sentencing Guidelines use the value of the property lost, damaged, or destroyed as the loss amount. This formula works well with tangible property, but when the property at issue is information, or in my case source code, does the same formula reflect the true intended or actual loss? The government requested that my victims provide their research and development costs as the value of the information I either copied, or reviewed online (source code). Federal prosecutors simply added up all the R&D costs associated with the source code I had accessed, and used that number (approx $300 million) as the loss, even though it was never alleged that I intended to use or disclosed any source code. Interestingly enough, none of my victims had reported any losses attributable to my activities to their shareholders, as required by securities laws. Unfortunately, due to media hyperbole, the unknowing public believes I had caused these tremendous losses.

    Suffice it to say, we need to find a compromise where we can accurately represent the loss of intellectual property without undually exaggerating its (non-material) worth.
  12. But I'm angry now by ellem · · Score: 4, Interesting

    Well this is really quite simple.

    Computers are for "smart" people

    People feel marginalized when they don't understand even the basic concepts of what has happened

    Therefore when a CEO realizes they have been hacked/cracked (you fight that out) they feel even more violated since they don't even understand how someone could get past all the hardware they bought and all those 45-100K+ people they have running around purporting to be computer experts.

    Their anguish is then felt by atrtorneys who can't understand the crime, the criminals or why everyone is so upset. The one thing they do know is that THAT FAT GUY WITH THE UNKEMPT BEARD AND THE WIERD SHIRT THAT HAS THE FORMULA FOR HELL ON EARTH:

    #! /usr/bin/perl

    ON HIS SHIRT IS DEFINITELY GUILTY!

    And that's pretty much what happens.

    --
    This .sig is fake but accurate.
  13. I think.. by Maeryk · · Score: 5, Interesting

    That a lot of the problem here is due to double standards and lack of accountability.

    Joe Schmoe embezzles from his S&L firm for ten years, gets caught, and it is realized that he made off with 500K. He is slapped on the wrist, fired, made to "pay it back" on time deferred payments, or maybe stuck in a white collar prison/country club for a few years.

    Mike, the l337 hacker from down the street, defaces Stuff-Marts web page, pointing out that Stuff-Mart buys 80% of its stuff from china, where it is made in forced child labor camps at gunpoint, and it is repaired in an hour.

    Now.. Stuff Mart's lawyers tell the jury that they *potentially* lost MILLIONS due to the damage, (when in fact, they did not "lose" anything.. and there is no way to prove how many people would have bought during that time anyway). The SM lawyers also point out that it cost "an estimated 100K dollars to repair the damage!".. which means they just budgeted in A) the new server and colocation company to handle the site, B) the three person team who maintains and handles the site already, and C) all of their IT staff who received an Email about the "hack" and therefore were "working" on it.

    Its all about what the jury wants to hear, and all about language.. "potential" is used ahead of "we could have potentially lost BILLIONS in sales!" but the judge/jury does not hear the "potential". Nor do they realize that 99% of that IT staff was already working there, doing their routine jobs, and had nothing to do with the repair anyway.

    (Same reason a procedure at the hospital that took all of 15 minutes costs your insurance company as much as your house did.. funky accounting and everyone wanting to be "in" on the action.)

    I think a lot of "hacking" is a no harm no foul problem anyway.

    Maeryk

    --
    Feminine Protection? What is that? A chartreuse flame thrower?
  14. I agree by arvindn · · Score: 4, Interesting
    Personally, the thing that strikes me as most ridiculous is how clueless courts are when it comes to estimating how much loss the hacker caused.

    From http://www.savage.net/public_html/net/phrack.html:

    The following March a Federal grand jury was told that the document that Knight Lightning had printed in Phrack was worth 80 thousand dollars and was extremely dangerous to the public. The grand jury brought a Federal indictment against Knight Lighting. He faced 31 years in prison for the interstate transportation of stolen property, wire-fraud and violations of the computer fraud and abuse act.

    "In July of 90 we went to court...the witnesses took the stand to try and prove that I had not just committed the crimes they were saying i committed, but to prove that the actions I took were crimes in the first place. The defense never had to put on a single witness, by the end of the week, the governments case had completely fallen apart. The now famous 80 thousand dollar E-911 document was proven to be [publicly] available for no more than 13 dollars from Bellcore."

    This guy was accused of stealing 80 grand when in reality it was worth 13 dollars!!!

    Also see Kevin mitnick answers if you missed it.

  15. Re:Have to exaggerate the problem... by Lumpy · · Score: 3, Interesting

    the solution would be a requirement of PROVING damages. an invoice from "overpriced security fixer-uppers" for $21,985.31 to install W2K sp3 to fix that hole that script-kiddie4 used to get in are proveable damages... the "we lost $295,997,667,342.87 because he MAY HAVE copied a file" needs to be called bullcrap by everyone involved.

    if you cannot produce an invoice or legitimate quote for repair/losses then you are told to shut up would fix every bit of this.

    --
    Do not look at laser with remaining good eye.
  16. From the trenches by DarthWiggle · · Score: 3, Interesting

    The entire legal system is grappling with this new world. Too many lawyers are luddites who can barely program their phones, much less comprehend what "hacking" (sic) is all about. And, worse, so are the judges who oversee their trials. And the juries that weigh the evidence. And the media that covers the trials.

    I dunno, it's a little disheartening to be an aspiring lawyer when I've heard of a firm that prides itself on defending those accused of computer crimes has a password policy that mandates a particular format for your network passwords, and that your password always be provided to your assistant.