European Law Could Give Hackers Mimimum Two-Year Sentence

judgecorp writes "A proposed European law would apply a minimum two-year prison sentence for hacking across the region. This is a step up for nations including Britain, whose Computer Misuse Act currently has a two-year maximum sentence."

Minimum Sentences

Judges hate minimum sentences. Legislators should stop making them.

Re:Minimum Sentences

[elucido]

Minimum sentences as well as private prisons should be entirely unconstitutional.

Re:Minimum Sentences

[sg_oneill]

Judges hate minimum sentences. Legislators should stop making them.

Yeah, you can see how this will go wrong. Someone finds an open facebook at a netcafe, and decide to post some dopey comment on the unsuspecting security-ignoramasus page. The person flips out and calls the cops, and the cops charge him, because technically it is hacking.

The judge hears the case and goes "Well I have to find this guy guilty, and normally I'd give him a $50 fine and tell him to quit being a dick, but instead he's going to jail for 2 years and having the rest of his life ruined because of a harmless prank.

Yes indeed, theres a very good reason judges hate mandatory minimums.

Re:Minimum Sentences

[interkin3tic]

Simpletons are the only ones who like mandatory minimums. You have a mechanism to investigate crimes on a case-by-case basis, looking at all the evidence, the factors that went into the crime, and setting the punishment to fit the case. That's the job of the courts. It's not perfect, but one-size-fits-all justice is usually not justice. The mandatory minimum sentence should be zero in ALL crimes.

Re:Minimum Sentences

[Kat+M.]

The article is not entirely clear on the minimum sentence part. From the body of the text it appears that it's that the maximum sentence should be at least two years (which makes sense, given that individual member states would be free to set higher maximum sentences if it's a directive), and five if there are aggravating circumstances. Also, given that petty offenses should not carry criminal sanctions at all does not mesh with a minimum two year sentence.

The only part that mentions a two year minimum sentence is the summary paragraph, which may be the result of poor editing.

There's a video recording of the committee meeting, but I don't really have the time to search through it to find what was actually decided. I guess it'll become clearer within the next few days.

Re:Minimum Sentences

[TheGinger]

I agree, the first article paints a very different picture from the second. first article talks about maximum sentences being at-least 2 year or 5 years for aggravated circumstances, the 2nd article they have becomes minimum sentence. In the first article there is also a section (under IP spoofing) stating 'However, no criminal sanctions should apply to "minor cases", i.e. when the damage caused by the offence is insignificant.' This could be very significant

Re:Minimum Sentences

[sqrt(2)]

The death penalty for murder hasn't ended murder in the US. There is strong evidence that it hasn't even reduced the rates (comparing murder rates among populations in states that have and don't have the death penalty). Being killed by the state is a much higher risk than two years in prison, and even that doesn't work, so why would you believe a lesser deterrent would be effective if the ultimate penalty isn't even enough?

Re:Minimum Sentences

[Skidborg]

Of course part of that is that the "death penalty" is more of a "rot in prison for a decade or two and then we might kill you penalty", and by the time the executioners get around to offing anybody the public has completely forgotten about both the original crime and the murderer, and the execution doesn't even make the news.

A punishment of any kind can't serve as a warning to would-be criminals if it's carried out in a way that nobody knows or cares about.

Re:Minimum Sentences

[interkin3tic]

Which is an argument that it should be abolished, since rushing the job and massively increasing the risk of executing an innocent person is not an option.

Re:Minimum Sentences

[Ihmhi]

A punishment of any kind can't serve as a warning to would-be criminals if it's carried out in a way that nobody knows or cares about.

Because of all those public executions that happened around the world stopped crime dead cold, right?

Re:Minimum Sentences

[jd2112]

Of course part of that is that the "death penalty" is more of a "rot in prison for a decade or two and then we might kill you penalty", and by the time the executioners get around to offing anybody the public has completely forgotten about both the original crime and the murderer, and the execution doesn't even make the news.

A punishment of any kind can't serve as a warning to would-be criminals if it's carried out in a way that nobody knows or cares about.

Of course, there were no murders back in the bad-old-days when people were hanged for minor offenses after a short (and often optional) trial, right?

Re:Minimum Sentences

[SuricouRaven]

Private prisons do create some conflict of interest. Repeat offenders mean repeat customers.

Re:Minimum Sentences

[davester666]

Yes, you, a reasonable person with neither an axe to grind or a political point to make.

But in reality, things like"I've had too many of these stupid hacks screwing up the wifi at the coffee shop I go to. Find the guy doing it and nail his balls to the wall for 2 years." Or it's a funny hack that goes viral, giving it lots of publicity, so the prosecutor has to follow through "because it's the law and we don't want to encourage this behaviour".

Re:Minimum Sentences

[Carewolf]

Minimum sentences are pure insanity and pandering to the voters.

The problem is that it takes away the option of the prosecutor and judge to give fair sentences, and forces them to hand out minimum sentences for cases where the minimum sentence was never intended.

Examples are plentiful everywhere they have been implemented. 10 year prison for teenager for taking nude pictures of themselves, 4 year prison for _reporting_ child-pornography on web to the police (reporter have it cached on your computer, so in his possession)... The list goes on, it should be unconstitutional to protect politicians from being tempted to introduce this insanity.

Re:Minimum Sentences

[Carewolf]

Ahh.. Yes. The people who actually UNDERSTAND the cases, and who knows ALL THE DETAILS gives out smaller sentences than people who HAVE NO CLUE would like..

A "funny" experiment was made a few years ago. A random group of people where selected they were first asked if they felt punishment for crimes were too soft, most agreed. They then looked at specific cases with all the details, and in each case when presented with all the evidence - most felt the punishment was too harsh.

Re:Minimum Sentences

[cold+fjord]

So please explain how prisons run by corporations for, and regulated by, the state create repeat offenders whereas a state run institution wouldn't?

Re:Minimum Sentences

[SuricouRaven]

The state has a clear incentive to make sure the prisoners don't offend again: Each prisoner means more expense, and politicians (well, in theory) don't like wasteful spending. Thus they have a reason to focus on rehabilitation - getting the prisoners educated, keeping them from creating a prison culture that glorifies crime, controlling gangs. Private prisoners, on the other hand, get paid by the prisoner - they have no incentive for rehabilitation. Quite the opposite: If a prisoner serves his time, is released, reoffends... that's just another profitable inmate the prison will get paid for.

The real situation is more complicated though. There are other factors too, not least of which is the public bloodlust: People have a sense of social justice and a desire to see offenders suffer, so rehabilitation often faces political opposition.

Re:Minimum Sentences

[imakemusic]

Yes this is why the middle east is such a peaceful area.

what about www.eu.com/doc_with_password.xls

Does "Hacking" include typing the URL wrong?

Re:what about www.eu.com/doc_with_password.xls

[rastos1]

Does "Hacking" include typing the URL wrong?

(In a few months:) That would require to un-hide the address bar in first step. Only hackers do that.

Also prohibits hacking tools.

[BitterOak]

From the article:

The proposal also targets tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences.

So, what would the scope of such a prohibition be? Would pen testing tools commonly used by security professionals be prohibited in Europe? Would you need a license to possess or use such tools? This sounds like an overreaching law. And since when did the European parliament get the authority to impose mandatory minimum prison sentences in its member nations?

Re:Also prohibits hacking tools.

[X0563511]

I used wireshark to fix a bug today. Apparently I would be a criminal in the UK, with a minimum sentence of 2 years.

This is fucked.

Re:Also prohibits hacking tools.

[walkerp1]

I used wireshark to fix a bug today. Apparently I would be a criminal in the UK, with a minimum sentence of 2 years.

Nothing so elaborate is required. I've perpetrated some beautiful felonies with netcat one-liners.

Re:Also prohibits hacking tools.

[cpu6502]

>>>since when did the European parliament get the authority to impose mandatory minimum prison sentences in its member nations?

Since when did the American congress get the authority to impose mandatory minimum prison sentences on its member states' courts? ANSWER: When both the parliament and congress usurped the power through decree. This is the natural progession from a union of independent states into a central authority that tries to control everything down to the smallest level (even your home).

At least in the U.S. we have a 10th amendment and a Supreme Court which forbids congress from exercising powers never granted to it (such as nullifying the mandate forcing individuals to buy insurance). I am unware of a similar mechanism to check the power of the EU parliament, so their power will continually grow and grow. An "ever-closer union" until all laws come from Brussels.

Re:Also prohibits hacking tools.

[gstoddart]

At least in the U.S. we have a 10th amendment and a Supreme Court which forbids congress from exercising powers never granted to it

There's amendments with lower numbers they ignore all the time.

Why should the 10th be any different?

Re:Also prohibits hacking tools.

[martin-boundary]

I used wireshark to fix a bug today. Apparently I would be a criminal in the UK, with a minimum sentence of 2 years.

This is fucked.

No, no! That's good news! In Texas, you'd get the death penalty...

What is illegal for the citizenry...

[NemoinSpace]

Should be illegal for the government.

Re:What is illegal for the citizenry...

[cold+fjord]

What is illegal for the citizenry...Should be illegal for the government.

Because every citizen needs their own standing army, blue water navy, air defense artillery & missiles with the right to govern their own airspace, the ability to capture and imprison their neighbors for acts ranging from buggery to murder, the power of personal approval over new cancer treatments, and the ability to make treaties with Japan, Canada, Fiji, and Peru. Or is it nobody and no government needs that? I forget.....

I enjoy Slashdot because on occasion you read fine minds in elevated discourse. Unfortunately sometimes that means simply moving from 3rd grade to 5th grade discussions.

Re:What is illegal for the citizenry...

[gnapster]

I negotiated a treaty with Peru just last week, you insensitive clod!

Queue the misapplications of this law

[lightknight]

Just watch and wait: it'll be the kid who takes apart his iPod to replace the broken battery who gets charged.

Re:Queue the misapplications of this law

[girlintraining]

Just watch and wait: it'll be the kid who takes apart his iPod to replace the broken battery who gets charged.

He hurt a poor, defenseless, for-profit corporation. Taking two years of his life for slightly modifying a thing he already owns is getting off easy -- the kid is a monster.

Minimum sentences, three strikes, all traps

[elucido]

These ideas are all traps put in place by corrupt lawmakers and special interest groups that benefit from for profit prisons. Don't get it twisted.

This can destroy lives.

[elucido]

These minimum sentences should not exist. It's bad enough that peoples lives can easily be ruined by hacking in general but it's even worse if they lose 2 years of their life. This would kill them professionally as they'd have no way to explain their gap in resume.

It's only a matter of time before hackers are treated like sex offenders, just wait and see.

Re:This can destroy lives.

[cold+fjord]

This would kill them professionally as they'd have no way to explain their gap in resume.

Most people who need to worry about a resume/CV are bright enough to realize they shouldn't be cracking/hacking into other's people's networks & computers.

The word will spread quickly. Besides, don't most people on Slashdot have a warm spot in their heart for Darwin..... at least when his ideas don't work against them?

It's only a matter of time before hackers are treated like sex offenders, just wait and see.

I think it will be a very long time before anyone has to worry about the cry going out,

            "Oy! Lock up your daughters! We've got a hacker in the neighborhood!"

This is Part I

[Genda]

Part 2 is; Hacking is defined as anything we don't want you inspecting too closely. We'll be using the first million prisoners to build the prisons for the next million and so on and so on. Once society is imprisoned, people will be much more easily controlled.

Governments everywhere, rejoice!

And of course everything will count as hacking

[Hentes]

I have a suspicion that they will count jailbreaking/bypassing DRM as hacking too. It's just a small step from outlawing IP spoofing.
How about sentencing hackers based on the damage they have done instead of another witchhunt against technology?
Only demonstrating a vulnerability: no sentence or a few month of community service; destroying data or sabotaging systems: monetary fine based on the losses that occurred if the guy can't pay then prison; stealing and selling or making public user data: long long years of prison.

Minimum or minimum maximum

The article from the first link says that the law in question would require member states adapt a maximum penalty of at least two years. This doesn't sound like what we would normally call a "minimum sentence".

Re:Minimum or minimum maximum

[Rhodri+Mawr]

From the first linked article:

Cyber attacks on IT systems would become a criminal offence punishable by at least two years in prison throughout the EU under a draft law backed by the Civil Liberties Committee on Tuesday.

The maximum penalty to be imposed by Member States for these offences would be at least two years' imprisonment, and at least five years where there are aggravating circumstances such as the use of a tool specifically designed to for large-scale (e.g. "botnet") attacks, or attacks cause considerable damage (e.g. by disrupting system service), financial costs or loss of financial data.

At first glance these two paragraphs do appear to be contradicting each other - but it isn't clear which of these paragraphs is an EU press release and which is the journalist's interpretation. The article (and as a result the slashdot summary) may be misinterpreting the press release.

"maximum" may be a misprint here, or, the EU may, as usual, be trying to obfuscate the intent of their legislation.

Re:Minimum or minimum maximum

[AK+Marc]

Or maybe they want a minimum maximum of 2 years.

Re:Scare away the white hats and leave the black h

[cpu6502]

"If hacks are outlawed, then only criminals will have hacks." --- I'll guess we'll have to rely upon Microsoft to investigate and fix any holes in the software. (In other words like calling the police on 911; no defense at all.)

far too over-reaching

when i was 16 while learning how to program i created a cheating engine for an online game which i was then arrested and charged for at 18 under the computer misuse act. as it stood i was given a £300 fine and some community service, considrring i was unaware of the fact breaking TOS was illegal (i was a kid, and cheats have always been in games, or things like gameshark that injected into games so i consider
ed it akin to that) hoeever this new law would have seen me goto prison for two years.

this is just a stupidly thought out blanket law in my opinion. hopefully it doesnt go through or thrre will be a big spree of teenagers in jail for petty things like that.

Criminal offence?

[manu0601]

When did the UE gain authority on criminal offences? I thought this was a member states prerogative. This un-democratic monster is getting uglier every day.

I want penalties for DRM abuse in return...

[Anonymous+Brave+Guy]

I lost a boot drive for a workstation recently, and with it the activation for some very expensive professional software products.

More than one vendor subsequently refused to let me reactivate the software (the same legitimate copy of the same software on the same machine except with a fresh OS installation on a new drive) because they had records showing that my software key was registered to someone else, sometimes not even in the same country. Eventually, after multi-week hassle and in some cases literally sending photos of the boxed package with serial numbers etc. and the original sales invoice, everything was working again.

It's not as if they even apologised for messing me around entirely because of their own over-zealous copy protection and poor record keeping/registration checking, and certainly no form of compensation was offered for the downtime. And yet, the disruption and direct loss income from that downtime because I work from home was surely at least as bad as having someone break into the workstation and install some sort of malware, which I could at least have fixed within a day by nuking and reinstalling everything, but which would have been a criminal offence on their part.

I want the people who were directly responsible for authorising and operating those copy protection schemes to be personally and criminally liable, the same way they would be if they had cracked my network and remotely wiped the software. I understand why companies want to copy protect their code, but there's no way a mini-company like mine can afford to sue a global corporation to recover a week's lost income, so there needs to be some other form of deterrent. Locking up the guy who types my serial number into the remote-deactivation script would be a good start, I think, and a hell of a lot more justifiable than any nebulous law that covers obviously inadvertent access, "hacking" tools with legitimate uses for sysadmins/software developers, etc.

What constitution?

[dutchwhizzman]

Europe doesn't have a constitution, it's not even a nation or anything like that. There was an attempt at a European constitution, but it was voted down in referendums in several countries in the EU.

That's nothing, in Alabama

[dutchwhizzman]

That's nothing, in Alabama you'd be burned at the stake for witchcraft and electrickery.

What is the point of humans in the process?

[bussdriver]

It is as if we reward programmers by how many lines of code they write.

A JUDGE is supposed to JUDGE something. We put all these extra detailed rules on everything to employ more lawyers while removing as much actual decision making as possible.

When we take out the common sense of a HUMAN who can put situations into context and deal with specifics of each situation while a GENERIC blanket statement of law is just a brain dead policy. It is literally brain dead and if we keep defining more detail it will not be impossible to train some new IBM machine to replace judges too.

Law is NOT a bill of some kind of payment. We have to stop this MBA mindset being applied to every aspect of life. It hasn't been helping our economy in modern times that well either; but it surely is out of place everywhere else. The purpose of a law is to get compliance of some sort - not to make you "pay a debt to society" with prison time. Where did that idiotic phrase come from anyhow? Rules sometimes need breaking-- we allow self defense as an exception and it is coded into the rules but all exceptions are not thought of nor are they equally applied simply because more details are added.