Slashdot Mirror
EU Countries Closer To Mandatory Minimum Sentence Cap For Hacking
angry tapir writes "Hackers would face up to two years or more in prison no matter where they live in the European Union under a new draft law approved by the European Parliament's civil liberties committee. The proposed rule would prevent E.U. countries from capping sentences for any type of hacking at less than two years. Meanwhile the maximum sentence possible for cyberattacks against 'critical infrastructure,' such as power plants, transport networks and government networks would be at least five years in jail. The draft directive, which updates rules that have been in place since 2005, would also introduce a maximum penalty of at least three years' imprisonment for creating botnets."
When we talk about debt its every country for himself. When we talk about corruption and murder is every country for himself. Talk about hacking ... OMG now we are a union of countries?
Unless it is done by governments or influential companies, I suppose. On the other hand, no exceptions will be made for investigating journalists.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
If other countries don't want to be safe from their hackers, that's their choice.
It seems that because the government is powerless to stop the criminal use of hacking, they attempt this to scare people off.
This will most likely be abused against journalists and hackers who only want companies to improve their security.
Some people suggest a breach of TOS is "hacking", like not using your real name of whatever. Or using wget to download a bunch of articles.
This is insane, we're all computer users nowadays.
I'd be much more delighted if this was about a MAXIMUM sentence cap!
The Compuworld article uses the term without revealing it's definition as stated in the EU draft law. Is this because it's loosely defined by the EU itself to act as a catch-all act in the future? That idea chills my bones.
so from zero to infinity?
I wonder if European citizens realized how much of their national sovereignty was at risk when they joined the EU.
"EU Countries Closer To Mandatory Minimum Sentence Cap For Hacking" is not the same as "The proposed rule would prevent E.U. countries from capping sentences for any type of hacking at less than two years."
What the former means: Any law specifying sentences for hacking could not set out a minimum sentence greater than X years (i.e. it must be possible under such a law to sentence a guilty person to some period less than X years).
What the latter means: Any law specifying sentences for hacking could not not set out a maximum sentence greater than X - in this case two - years (i.e. it must be possible under such a law to sentence a guilty person to some period greater than X years).
How about all EU countries share the minimum wage, minimum pension and so on? It's a joke that some EU countries have minimum wage of 280~~ euros when cost of living is not that far off from other countries where minimum wage is around 1000 euros. Just look at this http://en.wikipedia.org/wiki/List_of_sovereign_states_in_Europe_by_minimum_wage, what a joke.
The problem is we don't invest in securing the infrastructure and and expect technology to lower costs. At the same time these systems are vulnerable to 'hackers' they are vulnerable to attack by foreign states. It's stupid to arrest people who had they been operating from another part of the world would not have been arrested or otherwise gotten off nearly scott free. It's better that you use them to help fix your own infrastructure to the attacks can't be easily repeated.
The only way to unwind draconian laws is via revolution.
So anywhere between absolute zero and until the end of all time... Am I getting this right? ;)
Jailbreak any device, go away for two years.
That's a sentencing floor, not a sentencing cap. A cap would limit the maximum sentencing possible.
Don't worry, in another 200 years or so, your states will have no sovereignty. We had sovereign states for the first several decades after our revolution, but now our federal government has shat upon our constitution, and that part which says "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people." is just mocked.
I fear that this could/will be used to clamp down on whitehatting/fair disclosure, perhaps simply just to avoid Govt. red faces, just as much as a deterrence/punishment for the bad guys.
But when are we going to get something like SOX for critical systems designers and operators?
"The X-rays on critical welds for your nuclear plant were faked; 5 years"
"The SCADA system for your nuclear plant is exposed to the internet; 2 years".
"You have an unpatched known vulnerability on your database which led to personal, private information being stolen; 1 year".
Yeah, I know it's fraught with moral peril, and we'd have to devise mechanisms to ensure that SysAdmins did not get hammered instead of their bosses, but until we do that, nothing much will change on the client side.
Researchers across the world are feeling the pressure!
I like the idea!
So instead of reporting my findings to the vendor and get busted for hacking I'll just post it on full-disclosure@lists.grok.org.uk and watch the Internet burn.
Politician (Noun)
A mentally handicapped person (often used as a general term of abuse).
Defacing a website: 2 years in prison
Defacing a building: kids will be kids
They are not making mandatory sentences.
They are saying, that the MAXIMUM sentences a country can give for hacking, must be at least 2 years.
I was thinking even further than that.
Like advertisement-brokers who, by use of several means, try to nab a slew of data from a users computer -- without as much as asking. Are they going to be regarded as "hackers" too ?
And lets than not forget the website-owners who, for no other reason than money, are aiding and abbedding in this indiscriminantly surreptious data-syphoning off of their customers.
Ofcourse, I would like those "hacking" charges to be layed onto the app makers (single persons as well as companies) for certain kinds of smartphones who (try to) grab-and-send-back lots of data the app does not need and is often not even asked honest permission for. Heck, he's often even using the same "social engeneering" tricks "hackers" are often slammed with to convince users of those apps to give them such access privileges.
Also, where can a customer put his TOS down, so he can slam a company for breaking it ? How come "companies are, to the Law, just people like you and me", but we cannot have the same protection as a company gives himself ?
Bottom-line: How come the term "hacker" (and accompanying punishments) is used for end-users but never for a company ?
"Hackers would face up to two years or more in prison [...]"
They are facing between zero and infinite years in prison?
That's an extremely informative statement.
http://xkcd.com/870/
Wait what?
So.. gain "unauthorized access" on a publicly available terminal/website/kiosk/library PC due to poor security and you get a MINIMUM 2 years in prison. This would include clicking Google results that take you into an "unauthorized" section of someone's public-facing website as we've seen time and time again.
But intentionally infect thousands of machines with damaging, keylogging, DDOS bots and you get a MAXIMUM 3 years?
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
A possible motive behind this kind of minimum sentence cap is the fact that agreements allowing persons sentenced to prison by foreign courts to serve their sentence in their country of origin also allow said country of origin to reduce the sentence to the maximum its justice system allows for the crime in cases where the original sentence passed by the foreign court was longer. An example of what could happen without this: a hacker from e.g. Bulgaria is caught, tried, found guilty, and sentenced to 5 years imprisonment in e.g. Germany, returned to Bulgaria to serve his sentence under the terms of a repatriation treaty, only for the Bulgarian justice system to say "oh, the maximum sentence for hacking here is 2 weeks" and release him immediately because he's already served that waiting to be repatriated.
Isn't "up to two years or more" any possible length? I have up to £1000 or more in my bank account right now.
Wait till a declarative rules based system PUT$ em all out of business...
bæ8Ã0sÃOE?5r©oÂÃ?âz:ÃÃAÃ?ÃOEÂ6fXÃ?]Â
WTF?!?
so... any real number of years?
It's good to know we wont have any judgements of 34i years now.
Idiots.
If only term "hacking" wouldn't be so easy to interpret however you want to. Oh you mistyped your username and our system crashed - haxor! Oh, you discovered a vulnerability in our system, even though you didnt take advantage of it - haxor! Oh your grandmom axidentally connected to neighbours open wifi - haxor! To the prison with the lot of you!
Living in the EU means knowing how the EU functions. Essentially, it does not (at least not in the ways people think). The 'laws' passed by the EU are actually nothing but the wishes of the leaders of Germany, France, Italy and the UK. No other nation matters, and the so-called EU parliament has no power. Any nutter that attends the EU parliament can propose some idiot law, just as any nutter that attends either House in the USA can do the same.
It is a fundamental tenant of the EU that member states control their own legal system. There are, and can be no minimum sentencing EU guidelines. For instance, in the UK, paedophiles with establishment connections are never sent to prison after conviction (see the recent case of paedophile painter Graham Ovenden who raped his young 'models', before creating obscene portraits of them for the delectation of people like a certain swiss flavoured politician).
The only limits on a member's legal system is the court of Human Rights that all members have to agree to abide by. Citizens of the EU can appeal to Human Rights courts over any treatment by their respective governments, legal or civil. The depraved form of child sex abuse called school corporal punishment was wiped out in the UK, for instance, when two Scottish mothers refused to allow sexual perverts to molest their children this way in Scottish schools. Scottish authorities attempted to take the children into care ( a care home system reknown for physical and sexual abuse of children). The victory of the mothers was absolute in the highest Human Rights court.
For those of you sick enough to deny that school corporal punishment exists to give those with a fetish the ability to rape kids, almost a decade after the victory explained above, a pervert with a long history of assaulting children in ex British colonies set up a school in northern England for the explicit purpose of beating children. He took advantage of a loop-hole that stated parents could still give permission for schools to abuse their children in this way (the loop-hole is now closed). When he was convicted and prevented from ever working with children again, he was given the MASSIVE punishment of a tiny suspended sentence. The story doesn't end there. A couple of years later, this ex-teacher became a multi-millionaire by running gambling scams in horse-racing. He used his wealth to bring young naive women over from South America with the promise of a well-paying job in his organisation. In reality, he was looking for sex slaves he could inflict the same corporal punishment on. One terrified young woman finally went to the police, and the pervert went to prison for two years. Beating her was taken seriously. Beating tens of young children imprisoned in his 'school' month after month was not.
In most of Europe, teachers are free to have sex with under-aged pupils. The age of consent in Europe might as well be 12 (and effectively is in some nations) when it comes down to people in authority having sex with children. Britain is the only EU nation that strongly protects school children from sex predator teachers (but only in respect to actual, vanilla sex acts). The British government actually encourages teachers to sexually harass pupils by allowing male teachers to enquire about underwear used by female pupils in the name of uniform standards.
My point is that only foolish Yanks believe stories about EU powers across Europe. British people are not even free to travel to other EU nations without a full official passport, and yet it was a fundamental tenant of the EU that EU citizens would be as free to travel between member nations as Americans can travel between states of the USA. Tony Blair put an end to this (previous to Blair, any Brit could walk into a post-office and get an identification paper the same day that allowed travel into EU nations).
The EU was created by ex-Nazis to achieve the same goals Hitler attempted when rolling his forces out across Europe. The concept never really meshed with the ultimate desires of t
This implies EU can force juristiction laws ... this is not what the EU is for ...
That's correct, the sentences as written in the summary are nearly meaningless. They specify a sentence of between zero and infinity years.
"...Meanwhile the maximum sentence possible for cyberattacks against 'critical infrastructure,' such as power plants, transport networks and government networks would be at least five years in jail."
Since "maximum" means "no more than" and "at least" means "minimum", they have specified a minimum of the maximum... which means, there is no maximum of the maximum specified. And there's no minimum specified, either. So the rules don't specify either minimum or maximum.
http://www.geoffreylandis.com
The number of wars it had was lower than the control group (same countries but which didn't have the EU) by how much? What significance level does that come out as?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
On what treaty is this based? I though criminal law was a member state competence. When did it change?
People should never interfere with another's computer or control it without explicit permission any more than they should have non-consensual sexual intercourse with that person. Violating someone's mind-space should be a crime, and how one is allowed to influence the mind of another should be tightly regulated. If you do not give me consent to play on your computer, it should be a crime to do so. If you give me certain bounds within which to play, it should be criminal to break those bounds. Only when full consent to break things is given should I be allowed to do the hardcore scary stuff on your computer. Equally, software companies should not be allowed to have any say on what a person does with their computer except by unforced mutual consent. Basically, software is like sex, and should only be exchanged when there is genuine mutual consent.
John_Chalisque