Slashdot Mirror
European Law Could Give Hackers Mimimum Two-Year Sentence
judgecorp writes "A proposed European law would apply a minimum two-year prison sentence for hacking across the region. This is a step up for nations including Britain, whose Computer Misuse Act currently has a two-year maximum sentence."
Judges hate minimum sentences. Legislators should stop making them.
Does "Hacking" include typing the URL wrong?
The proposal also targets tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences.
So, what would the scope of such a prohibition be? Would pen testing tools commonly used by security professionals be prohibited in Europe? Would you need a license to possess or use such tools? This sounds like an overreaching law. And since when did the European parliament get the authority to impose mandatory minimum prison sentences in its member nations?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Should be illegal for the government.
Just watch and wait: it'll be the kid who takes apart his iPod to replace the broken battery who gets charged.
I am John Hurt.
These ideas are all traps put in place by corrupt lawmakers and special interest groups that benefit from for profit prisons. Don't get it twisted.
Why does it seem that laws like this would do nothing except scare away responsible White Hat hackers who report security flaws, leaving only the Black Hats who profit from their computer crimes?
These minimum sentences should not exist. It's bad enough that peoples lives can easily be ruined by hacking in general but it's even worse if they lose 2 years of their life. This would kill them professionally as they'd have no way to explain their gap in resume.
It's only a matter of time before hackers are treated like sex offenders, just wait and see.
Part 2 is; Hacking is defined as anything we don't want you inspecting too closely. We'll be using the first million prisoners to build the prisons for the next million and so on and so on. Once society is imprisoned, people will be much more easily controlled.
Governments everywhere, rejoice!
I have a suspicion that they will count jailbreaking/bypassing DRM as hacking too. It's just a small step from outlawing IP spoofing.
How about sentencing hackers based on the damage they have done instead of another witchhunt against technology?
Only demonstrating a vulnerability: no sentence or a few month of community service; destroying data or sabotaging systems: monetary fine based on the losses that occurred if the guy can't pay then prison; stealing and selling or making public user data: long long years of prison.
So, given applying the same logic to the physical world. Every kid who steals a radio from a car should get a minimum of 2-years - not that I'm against that - and all locksmiths should be jailed. The same goes for makers of crowbars or anything used in a smash-and-grab...
The article from the first link says that the law in question would require member states adapt a maximum penalty of at least two years. This doesn't sound like what we would normally call a "minimum sentence".
"If hacks are outlawed, then only criminals will have hacks." --- I'll guess we'll have to rely upon Microsoft to investigate and fix any holes in the software. (In other words like calling the police on 911; no defense at all.)
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
when i was 16 while learning how to program i created a cheating engine for an online game which i was then arrested and charged for at 18 under the computer misuse act. as it stood i was given a £300 fine and some community service, considrring i was unaware of the fact breaking TOS was illegal (i was a kid, and cheats have always been in games, or things like gameshark that injected into games so i consider
ed it akin to that) hoeever this new law would have seen me goto prison for two years.
this is just a stupidly thought out blanket law in my opinion. hopefully it doesnt go through or thrre will be a big spree of teenagers in jail for petty things like that.
As if prisons aren't overcrowded enough. Instead of giving brilliant hackers employment and an opportunity to do good in the world, they would much rather imprison them and have tax payers pay for their lively hood. Basically, these intelligent people who can learned how to "take things apart" will be completely useless in society and depend on tax payers to pay for everything while they are in prison. The government is seriously retarded.
Why punish hackers for exploiting poorly written software, when the onus should be on the software companies to provide well written, secure and robust software that is fit for use and fit for purpose.
Can someone please explain why software consumers are willing to accept that the product they paid for has so many bugs and holes that they need to (in the case of companies especially) spend a significant amount of their own time updating and patching against yet another security hole.
I say punish the software vendors with time in jail for negligence. If you leave your door open with nothing but a fly-screen as security.....
Dutch lawmakers have never been able to pass a criminal law with a minimum jail sentence for very good reasons. Leave it to the Eurocrats to wreck the Dutch judicial system.
was the Computer Fraud and Abuse Act of 1986. The law is incredibly vague, and thats the only thing they could get him on. They couldnt get him on 'espionage', because he didnt commit espionage. they couldnt get him for 'false statements to the FBI', because he didnt make any. they couldnt get him for 'obstruction of justice', because he didnt obstruct justice. The only thing they could get him for was improperly accessing information on a govt computer. Which basically could be used arbitrarily against almost anyone in the government who does their day to day job because of the vagueness of the law and the reality of how computer systems work in government. Millions of govt contractors and employees unknowingly violate this law all the time. Ever shared a password with someone because your access hadn't been granted yet, but you had to get a job done anyways, and your boss let you use theirs for a few days? Yeah, thats against the law.
You should read the act some time (google it at cornell). The first part, the 'Computer Espionage Act', is essentially the ordinary anti-spy Espionage Act rewritten to include not only 'defense information' but 'foreign relations' information. . . this law is one of the reasons they could claim Bradley Manning violated the law for leaking innocuous state department emails about things like Icelandic Bank Fraud (the reykjavic 13 memo for example).
this is not about 'anti hacking'. well, its intent might be. but the real effect will be an arbitrary hammer to smash against people the government doesnt like. who doesnt the government like? people pointing out its flaws. thats who.
How do you define a 'Mimimum'?
When did the UE gain authority on criminal offences? I thought this was a member states prerogative. This un-democratic monster is getting uglier every day.
It appears that they have Bradley Manning pretty much dead to rights.
Not so much ambiguity there.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
I say its time to drop the f*cking hammer. This sh*t has to stop... That LULZSEC crap was ridiculous...
As part of a working group of a small political party we advised on (/against) that proposal criminalizing hacker tools to some EP's, of course the major critical point here was that regular usage of tools that are required to assess the vulnerability of systems also is affected by such a law. Even if the person using the tools was not affiliated with the party that complained it could be a legal use: ie to expose vulnerabilities in a critical system. One such example would be that of a journalist in The Netherlands who used such tools to illustrate the vulnerability of a public transport pass. Another example would be that of the numerous open source tools made for pen-testing in general - would they all be liable ? - bad idea for the security of systems in general: the only way to be safe is to be prepared and test systems. Judges are still out on this one, but rest assure not the complete EP is in favor of such draconian laws.
European Law Could Give Hackers Mimimum Two-Year Sentence
so many debates and no spell checks
I lost a boot drive for a workstation recently, and with it the activation for some very expensive professional software products.
More than one vendor subsequently refused to let me reactivate the software (the same legitimate copy of the same software on the same machine except with a fresh OS installation on a new drive) because they had records showing that my software key was registered to someone else, sometimes not even in the same country. Eventually, after multi-week hassle and in some cases literally sending photos of the boxed package with serial numbers etc. and the original sales invoice, everything was working again.
It's not as if they even apologised for messing me around entirely because of their own over-zealous copy protection and poor record keeping/registration checking, and certainly no form of compensation was offered for the downtime. And yet, the disruption and direct loss income from that downtime because I work from home was surely at least as bad as having someone break into the workstation and install some sort of malware, which I could at least have fixed within a day by nuking and reinstalling everything, but which would have been a criminal offence on their part.
I want the people who were directly responsible for authorising and operating those copy protection schemes to be personally and criminally liable, the same way they would be if they had cracked my network and remotely wiped the software. I understand why companies want to copy protect their code, but there's no way a mini-company like mine can afford to sue a global corporation to recover a week's lost income, so there needs to be some other form of deterrent. Locking up the guy who types my serial number into the remote-deactivation script would be a good start, I think, and a hell of a lot more justifiable than any nebulous law that covers obviously inadvertent access, "hacking" tools with legitimate uses for sysadmins/software developers, etc.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Europe doesn't have a constitution, it's not even a nation or anything like that. There was an attempt at a European constitution, but it was voted down in referendums in several countries in the EU.
I was promised a flying car. Where is my flying car?
That's nothing, in Alabama you'd be burned at the stake for witchcraft and electrickery.
I was promised a flying car. Where is my flying car?
Can't do anything about China (and others) breaking into every system they can...okay, let's hit our own citizens hard because we can then at least we can say that we're doing SOMETHING about the 'hacking problem'.
Just like Intellectual Property and counterfeit producs. Can't get the real problems solved, hit those within reach.
blindly antisocialist = antisocial
It is as if we reward programmers by how many lines of code they write.
A JUDGE is supposed to JUDGE something. We put all these extra detailed rules on everything to employ more lawyers while removing as much actual decision making as possible.
When we take out the common sense of a HUMAN who can put situations into context and deal with specifics of each situation while a GENERIC blanket statement of law is just a brain dead policy. It is literally brain dead and if we keep defining more detail it will not be impossible to train some new IBM machine to replace judges too.
Law is NOT a bill of some kind of payment. We have to stop this MBA mindset being applied to every aspect of life. It hasn't been helping our economy in modern times that well either; but it surely is out of place everywhere else. The purpose of a law is to get compliance of some sort - not to make you "pay a debt to society" with prison time. Where did that idiotic phrase come from anyhow? Rules sometimes need breaking-- we allow self defense as an exception and it is coded into the rules but all exceptions are not thought of nor are they equally applied simply because more details are added.
Democracy Now! - uncensored, anti-establishment news
The proposed law says that in each EU member state, the nominal value of the penalty cannot be less than two years. Says nothing of a madatory minimum (EU does not even have the right to impose mandatory minimum, as all jurisdictions in the EU do not recognize them).
You'd think someone posting on slashdot would know the true meaning of the word hack...
"Computer Misuse Act ", while misusing the word "Hacker".
That should be a crime in itself. :)
---- Booth was a patriot ----
Minimum sentences have also contributed significantly to making the US the most "criminal" place in the entire world.
(I put "criminal" in quotes because we all know it's about money, not crime.)
"Hacking" just seems far too broad a category of crimes to slap a minimum sentence on, it really calls out for flexible sentencing to fit the exact nature of what was done.
I wonder if anyone has the guts to use this against China.
Or MINIMUM sentences either...
The term Hacker has a fairly wide definition these days... misused a lot. Also it has a negative connotation that it should NOT have.
You changed settings in your smart phone? HACKER! Two years in jail minimum!
You purchased a product and altered it so it would do what you wanted it to do? HACKER! Two years in jail minimum!
You copied a DVD you legally own to a device so you could watch it the way you want to? HACKER! Two years in jail minimum!