Proposed Penalty For UK Hackers Who "Damage National Security": Life

An anonymous reader writes with this excerpt from The Guardian: Government plans that mean computer users deemed to have damaged national security, the economy or the environment will face a life sentence have been criticised by experts who warn that the new law could be used to target legitimate whistleblowers. The proposed legislation would mean that any British person deemed to have carried out an unauthorised act on a computer that resulted in damage to human welfare, the environment, the economy or national security in any country would face a possible life sentence. Last week the Joint Committee on Human Rights raised concerns about the proposals and the scope of such legislation.

could be?

[Trailer+Trash]

Government plans that mean computer users deemed to have damaged national security, the economy or the environment will face a life sentence have been criticised by experts who warn that the new law could be used to target legitimate whistleblowers.

Could be? Come on - targeting whistleblowers is the point. It's not about damaging national security, the economy or the environment - it's about damaging somebody's political career.

Re:could be?

[ub3r+n3u7r4l1st]

"it's about damaging somebody's political career."

Which in many countries this activity carries a death sentence, the UK is trying to conform to global standards.

Re:could be?

[Vitriol+Angst]

What I learned today;
So instead of embarrassing abusive power hungry security morons, it's better to just "stand your ground" -- in a Florida kind of way?

Re:could be?

[Vitriol+Angst]

Just like copyright. When a few Disney characters come near being free to market, they'll extend copyright beyond Walt Disney's "sell by date" for his frozen head.

Re:could be?

[TheRaven64]

In case you were wondering, no that whooshing noise above your head wasn't someone trying to stone you to death.

Re:could be?

[penguinoid]

Government plans that mean computer users deemed to have damaged national security, the economy or the environment will face a life sentence have been criticized by experts who warn that the new law could be used to target legitimate whistleblowers.

Could be? Come on - targeting whistleblowers is the point. It's not about damaging national security, the economy or the environment - it's about damaging somebody's political career.

Looks to me like the UK is threatening the US Department of Justice employees who have been hacking Facebook accounts with life in prison for damaging the feelings of security of the whole world and the environment of trust of Facebook. It's also going to target large corporations that are doing propaganda concerning pollution or global warming, as these things damage the environment. And the bankers, don't forget about the bankers.

Haha, just kidding like you said this looks like its aimed at whistleblowers.

Re:could be?

[Opportunist]

Wait! What? There's a country where it's legal to hunt politicians for sport? Where? And more important, how can we introduce that concept here?

Re:could be?

[Opportunist]

Instead of ending a politician's career, end his life. The penalty is the same, so why bother with the lesser crime?

Re:could be?

[CanHasDIY]

The Rage Against The Machine lyric,

Make your move and plead the 5th, 'cuz you can't plead the 1st

has never been more appropriate, I think.

Re:could be?

[Mister+Liberty]

So campaign against the criminal gang that has been in control for too long, and bring them in front of a judge themselves.

Re:could be?

[Mister+Liberty]

Good point.
I'm actually, seriously, convincedly, for it, and you can quote me on it. 'Force Majeure' -- in the interest of The People of the country, to save the country, its intrinsic values and such as ar laid out in their fundamental societal documents, so to speak; I bet the Constitution of many a so-called Western Democratic State would provide for something like that.

Re:could be?

[mpe]

Could be? Come on - targeting whistleblowers is the point. It's not about damaging national security, the economy or the environment - it's about damaging somebody's political career.

If it was about any of these you'd expect it to be used against politicians, bankers, government contractors, etc.

Re:could be?

Instead of ending a politician's career, end his life. The penalty is the same, so why bother with the lesser crime?

This actually happened with road thieves, and is usually studied when you study law: overly harsh punishments result in an increase in the severity of crimes committed.

The short version: they raised the punishment for theft on the roads to almost death (gruesome mutilation, not death, but close), and the robbers started killing witnesses rather than risk being identified. Clearly, stopping their illicit activities isn't an option for them, be it for whatever reason.

It would be a clear sign that laws are being passed by completely law-ignorant people if this law really came into effect.

Re:could be?

[rsilvergun]

Because you'll never get near them to do the deed. Maybe you'll get some of the low level workaday guys that don't matter. But any of the people really making your life hell are very, very well protected.

Not inherently unreasonable

[MikeRT]

If you attack an industrial system at a utility and make a bunch of people sick or die, even if it was "unintentional" you should get life. Why? You had no damn business being there. Even if you're an aspie with boundless curiosity, there has to be a consequence for breaking into sensitive systems and inflicting real, measurable harm to the public.

Though of course we know that's not how this will probably be used.

Re:Not inherently unreasonable

[taikedz]

Except that this has nothing to do with "attacks". The word "damage" is also applied to the "trust" and "credibility" of governmental institutions.

This kind of legislation would apply even if nobody died in the carrying out of the activity.

Re:Not inherently unreasonable

[T.E.D.]

If you attack an industrial system at a utility and make a bunch of people sick or die, even if it was "unintentional" you should get life

...and you almost certainly would, with no changes required to current law. Well...I don't know about the UK, but in the USA if you cause the death of another human being, that's homicide. There's a spectrum from Involuntary Manslaughter up to Premeditated Murder. Using a poison or a machine to do it doesn't change anything.

So you can get rid of the "injuring people" argument. This law would only change what happens when nobody is physically harmed.

Re:Not inherently unreasonable

[Anonymous+Brave+Guy]

If you attack an industrial system at a utility and make a bunch of people sick or die, even if it was "unintentional" you should get life.

If you attack an industrial system and people get sick or die as a result then there are already plenty of laws to punish you, up to and including the likes of manslaughter and murder. There is nothing special about doing so via computer and no additional laws are required, nor is any "zero tolerance" style life sentence just because computers were involved a useful addition to the statute books.

Even if you're an aspie with boundless curiosity, there has to be a consequence for breaking into sensitive systems and inflicting real, measurable harm to the public.

And there would be -- if, in the judgement of a competent court, there was in fact real, measurable harm caused to the public. But this proposal as reported seems to be full of words like "deemed to cause" (by whom?) or "significant risk of" (measured how?).

Re:Not inherently unreasonable

[Yoda222]

It's like software patent. Just add "with a computer" at the end and you get a new patent. Or a new crime, in this case.

Re:Not inherently unreasonable

[Anonymous+Brave+Guy]

It's like software patent. Just add "with a computer" at the end and you get a new patent.

No, you don't. This has never been the case in most places. Even under the questionable patent system in the US, the recent trend has been away from allowing patents for that kind of "invention".

Re:Not inherently unreasonable

[DarkOx]

So hypothetically lets say aunt Tilly uses decides to use their online form to post a question to customer service. She is feeling cute and copy pastes an emoticon which her browser software decides to accomplish by inserting an img tag.

The free emoticon side Tilly users happens to be some other attacker's plot to get people to send his Cross site request forgery links for him. Tilly has idea some nasty java script is about turn her cute little links to some smily.gif into the password requests for 50 popular sites.

Under this law, who are the victims, who are the attackers. Is Tilly attacker? victim? both? negligent and does that matter?

Who is the victim {legal entity power co}? the customer service rep? both?

Is national security "threatened" just because a utility was evolved, even though if we even consider the utility itself a victim only a billing / customer interaction system was ever involved in the attack?

This law addresses exactly non of those questions. Now we all know dear sweet aunt Tilly will not be prosecuted. On the other hand the book would be thrown at Biker Tattoo Bobby with all those crazy opinions of his for doing exactly the same thing.

Re:Not inherently unreasonable

[91degrees]

The attacker is already established by precedent. Most crimes have a "Mens rea" requirement - an intent to commit the crime. Aunt Tilly didn't have any intent so she's not guilty. The person who created the emoticon hack was intending to do commit a crime.

The victim is anyone who suffered loss. The company and anyone whose password was stolen in this case.

This really is a solved problem in law.

Re:Not inherently unreasonable

[DarkOx]

Most crimes have a "Mens rea"

Yes that is why I asked if the requirement was more than negligent. Negligent basically means you formed no intent; specifically you did not for see the particular consequences of your actions or possibly inaction.

Consider this, suppose I buy some candy out of the back of some guys white van in parking lot. I bring it into the kids preschool for snack. All the kids die. I would totally be up for manslaughter. The mens rea would be negligent. I was just being a cheap bastard, did not mean anyone any harm but should have known better.

We might argue similarly about Tilly or Bobby. They should have known better than to be pasting crap from some untrusted website, but... the kitten looked like it had a smile.. yea well.

Re:Not inherently unreasonable

[nabsltd]

Most crimes have a "Mens rea" requirement - an intent to commit the crime.

Unfortunately, most of the time the law is actually enforced such that merely intending to commit the act that turns out to be prohibited by law is considered "intending to commit the crime".

As an example, driving 55mph in a 35mph zone can be punished regardless of whether you intended to drive over the speed limit. Likewise, breaking some obscure law can still be punished even if you didn't realize what you were doing was a crime. So, if Aunt Tilly intended to send that emoticon, then she can be prosecuted regardless of whether she intended harm. As the GP noted, she likely wouldn't be, but someone not as sympathetic might be.

Re:Not inherently unreasonable

[91degrees]

Speeding is different. It's a strict liability crime. You are charged whether you know you're speeding or not.

Not knowing it's a crime is not a defence. However, not knowing that you're even doing the act is a defence. Aunt Tilley had no way of knowing that the emoticon was infected, so she's not guilty. If she did know it was infected but was not aware that infecting someone's computer with a trojan was a crime then she would be guilty.

Re:Not inherently unreasonable

[Unknown1337]

This kind of legislation would apply even if nobody died in the carrying out of the activity.

And there's nothing wrong with punishment without someone dying. If someone destroyed your car (physically or digitally) there is harm done to your wallet regardless. Of course as has been said repeatedly it is not yours nor my wallet/life/<important thing here> this is aimed at protecting.

Re:Not inherently unreasonable

[CanHasDIY]

This kind of legislation would apply even if nobody died in the carrying out of the activity.

And there's nothing wrong with punishment without someone dying.

True. But there is something wrong with cruel, unusual, and downright insane sentencing guidelines. Life in prison for embarrassing a politico seems a bit over the top, doesn't it?

Re:Not inherently unreasonable

[CanHasDIY]

Most crimes have a "Mens rea" requirement - an intent to commit the crime.

Well, they used to, but sadly that often isn't the case anymore:

https://www.nacdl.org/withouti...

Re:Not inherently unreasonable

[CanHasDIY]

So, if Aunt Tilly intended to send that emoticon, then she can be prosecuted regardless of whether she intended harm. As the GP noted, she likely wouldn't be, but someone not as sympathetic might be.

Unless, of course, Aunt Tilly got busted for pot once back in the 70's. Then the media will prattle on about how she has an "existing criminal record" and convince the unwashed masses she's a filthy criminal not worthy of compassion.

Re:Not inherently unreasonable

[91degrees]

This is the UK. We don't allow the media to manipulate the court in this way.

Re:Not inherently unreasonable

[CanHasDIY]

Right, because common folk like you or I get a say in the matter, regardless of nationality.

Re:Not inherently unreasonable

[91degrees]

Well, in the UK, we don't. And we shouldn't. That's the point.

In the US, there seems to be the whole trial by media thing, so presumably the public have some influence over this.

Re:Not inherently unreasonable

[CanHasDIY]

Oh right, because your government has laws that remove a person's right to speech if said government deems said speech to have some vaguely negative effect on something, somewhere. So basically the only information the public recieves regarding ongoing issues is the nicely scrubbed, sanitized version approved by TPTB.

I prefer our way, thanks. Much better to receive the info and make my own informed judgement. Besides, 'trial by media' is only really an issue because of stupid people who believe everything their favorite echo chamber tells them, so I vote we go for the root cause.

Re:Not inherently unreasonable

[91degrees]

Oh right, because your government has laws that remove a person's right to speech if said government deems said speech to have some vaguely negative effect on something, somewhere. So basically the only information the public recieves regarding ongoing issues is the nicely scrubbed, sanitized version approved by TPTB.

Not exactly. We have laws that consider rights exist outside of freedom of speech. The right to a fair trial is considered one of these rights.

I prefer our way, thanks. Much better to receive the info and make my own informed judgement.

You can receive the info. There are no restrictions on reporting on the facts of the trial.

Besides, 'trial by media' is only really an issue because of stupid people who believe everything their favorite echo chamber tells them, so I vote we go for the root cause.

Well, lucky for you living in a country with no stupid people.

Don't do the crime

[smooth+wombat]

deemed to have carried out an unauthorised act on a computer

I know this is a radical idea, and I'm just spitballing here, but maybe the part about unauthorized act being done a computer should be a hint. If it's not your computer or your system, don't try to get into it.

Or are we going to use excuses as to why it's acceptable to try and get into someone else's equipment when you're not supposed to then whine about the penalty when you're found out?

Re:Don't do the crime

[Lunix+Nutcase]

Why would that act in and off itself even remotely warrant life in prison?

Re:Don't do the crime

[Grantbridge]

What counts as "unauthorised" though? What if it's your job, but your boss gets you to do something which his boss didn't authorise. Was that authorised use of a computer system?

What if you use a false name on facebook and so breach the T+Cs, is that unauthorised use?

Re:Don't do the crime

[DarkOx]

The problems are its not always getting a shell. What if you violate a websites TOS, is that an unauthorized act?

What does damage national security mean, If I post about how Minister X lied about Y 10 years ago does that erode society's faith in its officials and by extension "threaten national security"?

There are bright lines such as bypassing an authentication mechanism; deliberate insertion of abnormally structured data designed to alter application behavior (injection attacks); that could be defined in laws like this. Its very possible to write laws governing computer access that are both inclusive to allow interpretations to cover changing and new technology and still be specific enough a reasonable people can agree on if a specific act meets the criteria.

Groups like OWASP have done the work; we now have good working definitions and generic criteria for describing attacks and abuse. Its not '92 anymore where public network access was a new thing.

There are two reasons overly broad laws like this are being written both equally scary. 1) The people writing and enacting them remain profoundly ignorant of topics that pretty much effect every aspect of the economy today. 2) They want them overly broad because it makes for a nice blunt instrument to shutdown anything that threatens the status quo.

Re:Don't do the crime

Not to worry, love. This new Ludovico Treatment they're testing promised to free up plenty of prison space for the Politicals.

Real "horrorshow", as the yobs say.

Re:Don't do the crime

[geekmux]

deemed to have carried out an unauthorised act on a computer I know this is a radical idea, and I'm just spitballing here, but maybe the part about unauthorized act being done a computer should be a hint. If it's not your computer or your system, don't try to get into it.

And what exactly happens when it is you who is wrongly accused of such a heinous crime against the State?

Seems everyone is looking over the worst part of this new suggested framework of life sentencing against "hackers". It's ripe for abuse to quickly get rid of the squeaky wheel or frame someone.

Re:Don't do the crime

[Xest]

It's probably worth noting that in the UK a life sentence doesn't mean "life in prison", it means more likely about 15 years, though sometimes less. The soldier who murdered a wounded insurgent in Afghanistan for example only has a minimum of 10 years set.

Which isn't to say that's an acceptable punishment if this law is used against whistleblowers, but I figured it's worth making clear that life doesn't inherently mean whole life in the UK. Not even close in fact in the vast majority of cases - whole life is reserved for a very small select handful of psychopaths.

If someone hacked into an industrial control system and managed to release some toxic materials into a water supply poisoning a bunch of people then I think the sentence is adequate. Probably all the law needs to do is remove the all encompassing "damage national security" clause- simply having a clause about a sufficient level of harm the economy, environment, or individuals is all it would take to turn this from a bad law to a fairly reasonable law.

Re:Don't do the crime

[X.25]

I know this is a radical idea, and I'm just spitballing here, but maybe the part about unauthorized act being done a computer should be a hint. If it's not your computer or your system, don't try to get into it.

Or are we going to use excuses as to why it's acceptable to try and get into someone else's equipment when you're not supposed to then whine about the penalty when you're found out?

How can you people be so shallow?

Did you even read anything about the topic you are commenting on?

Re:Don't do the crime

[Lunix+Nutcase]

So you're saying the UK doesn't already have laws against murder or manslaughter?

Re:Don't do the crime

[The+Ickle+Jones]

This is as stupid as it ever was. "Don't do the crime if you can't do the time." utterly ignores the fact that people are discussing whether the punishment actually fits the crime. It's a useless response that adds absolutely nothing.

Prison should be about rehabilitation and justice, not barbaric revenge.

Re:Don't do the crime

[gweihir]

So I put up a public web-page with a big button labeled "DO NOT PRESS", and anybody doing so is liable for life in jail? Sounds entirely sane.

Re:Don't do the crime

[CanHasDIY]

To you that's what "unauthorized use" means; to the government, it means whatever the fuck they want it to mean.

Re:Don't do the crime

[CanHasDIY]

If you're a kid and your mother says you can use the computer for 10 minutes, but you use it for 15 minutes, that's technically carrying out "an unauthorized act on a computer."

In the UK, that action can now carry a sentence of up to life in prison (as defined in the UK, anyways).

Does that seem a rational and fitting punishment?

Look - it's already illegal to break into other people's systems; it's also already illegal to damage things in the process. So what justifies this new law and the unusual sentencing guidelines attached?

Re:Don't do the crime

[Xest]

I'm not sure really, if it was an employee it would've been criminal negligence but if someone isn't an employee or doesn't realise what they're doing? They could probably be charged for manslaughter but would a typical manslaughter case be sufficient enough punishment for many such deaths stemming from intentional meddling, but unintentional consequences? That's the problem I guess - computers create a level of indirection between the crime and the perpetrator and I don't think many pre-computer era laws really account for that possibility.

Re:Don't do the crime

[Samizdata]

But I didn't commit the crime, xxxIrOnHaCkErOnExxx did! He needs to do the time. Alternately - My avatar did it!

But let the bankers off.

[John+Jamieson]

So Bankers that damage the world economy face no time in jail and no fines, but the whistle blower can get life?

Sounds about right for this messed up world.

Re:But let the bankers off.

[Vitriol+Angst]

So instead of showing the security flaws, they need to abscond with enough money to pay for a few candidates.

Hackers; share the wealth!

Put me down for a trillion-ish, and I won't see anything wrong.

Re:But let the bankers off.

[gweihir]

This is the reason why totalitarianism eventually always collapses. It cannot sustain any kind of working economy. It gets pretty rough towards the end though, just look at Northern Korea. And it can take very, very long.

Anyone using a computer

[hoffmanjon]

Doesn't the amount of energy that our computers use and the landfill space they take up once they are obsolete damage the environment? I guess we all get life.

And now

[MitchDev]

Act II of the Tyranny Conversion begins.

Everyone is a criminal now as long as we come up with even a flimsy claim against them....

Here we go again

[kronix2]

The problem with this law is that it will later be abused by whatever party or coalition is in power at the next election. Nobody has an issue with jailing people for life if they've intruded upon a secure network with the intent to cause damage or inconvenience, but the scope of the law's potential application is so broad it will ensare mostly innocuous behaviour if the government of the day decides it wants to be seen as tough on crime.

Terrorists? Jail them for life. Whistleblowers? All major parties publicly encourage whistleblowers in the NHS and so on, so why should the Tory/Lib-Dem coalition get away with passing a law which criminalises their whistleblowing?

Re:Here we go again

[loonycyborg]

You gotta be kidding. Prison for life just for network intrusion? Most murders would warrant less than that. It's just another over the top law, like anti-blasphemy in Islam countries. No place for them in this century. Punishment must be according to the crime, and there's no way you could do something deserving a life sentence using computer hacking alone.

Re:Here we go again

[Anonymous+Brave+Guy]

Nobody has an issue with jailing people for life if they've intruded upon a secure network with the intent to cause damage or inconvenience

Um... Sorry, but I for one have a big problem with that.

Leaving aside legitimate questions about the role of incarceration and its effectiveness as a deterrent and/or for rehabilitation of offenders, a life sentence is the kind of thing you hand down for premeditated murder, deliberately taking the life of another human being.

It is absurd to suggest that the same sanction should apply to someone who merely hacks some corporation's network and messes with the office printer in an irritating but otherwise harmless protest against some corporate policy. Such a law would imply that physically harmless hacking of some corporate or government entity is many times worse than rape, killing someone accidentally through dangerous driving, defrauding an individual of their life savings, and numerous other very personal and very damaging crimes.

Re:Here we go again

[hawkinspeter]

Playing Devil's Advocate here (woohoo high score!). This law might get passed due to the ruling parties having a strong majority in the Parliament. Maybe a future UKIP party gets to power with a small minority and gets blocked repeatedly by the other parties combining against them - they'd easily be able to use this law to get rid of their opponents.

Just on a computer? But, but, but...

[fahrbot-bot]

...any British person deemed to have carried out an unauthorised act on a computer that resulted in damage to human welfare, the environment, the economy or national security in any country would face a possible life sentence.

What about politicians that do the same thing? Oh, I guess that would an "authorized" act. Never mind.

[ Man, oh man, if we could jail politicians for damaging the economy, environment or human welfare here in the U.S. ...]

Re:Just on a computer? But, but, but...

[Dhar]

[ Man, oh man, if we could jail politicians for damaging the economy, environment or human welfare here in the U.S. ...]

...we'd have no government.

Seriously

[doug141]

Eric Holder gave a televised interview in which he credited a whistle blower at a bank for allowing the bank executives to be held to account for their part in making money off liar's loans. The reporter missed the obvious follow-up question to Holder, "So whistleblowers are good?"

Re:Seriously

[Vitriol+Angst]

"So is he still alive, or is his body buried in concrete?"

Re:Seriously

[DarkOx]

Not really the reporter knows everyone who cares enough to listen to anything holder says already is perfectly aware of the true answer to that question at least in Eric's opinion.

Whistle-blowers are great as long as they are embarrassing my political enemies, in which case I am thrilled to stand up for strong protections and will gladly come up with some elaborate construct to make it morally equivalent something people get whipped up about like civil rights or something. In all other cases I perceive them as threat as a threat to the status quo and my crony buddies; I'am prepared to invent some wild construct to tie it to "national security" because that way everything is "on the table", I don't mind sounding "insane" to anyone actually listening because my buddies will brand anyone listening as "insane".

Wow, just wow.

[gurps_npc]

That law is so vague it applies to ANYTHING.

"damage to human welfare, the environment, the economy or national security in any country"

First note that it allows for damaging the national security in any country. So the UK is now the world police? Hey, I thought that was the USA's job! Also, does that mean they will protect ISIL? Or North Korea? Does that mean when the government of South Korea attempts to defend itself from a cyberattack from North Korea, they are violating the UK's law? It's damaging the National Security of North Korea by preventing them from undermining South Korea!

Human welfare, the environment, the economy or National security pretty much covers ANYTHING. And the word damage is similarly vague.

When I use Hack BP's computer and find out they are illegally dumping oil in Scotland, isn't that damaging the economy by revealing BP's crime?

When the FBI pretends to be a criminal on Facebook, isn't that damaging the 'welfare" of the human criminal?

This is a law designed to let the UK selectively arrest anyone who does anything on a computer that is 'unauthorised'.

Worst law ever

Re:Wow, just wow.

[gurps_npc]

Oh NO!. I better go into hiding! Who knows what they willl do to me!

Excellent

This widens the legal basis to lock up most of the UK government, parliament and secret services for good, as well as many foreign (mostly US) government employees. When will the trials start?

Re:Excellent

[kilfarsnar]

This widens the legal basis to lock up most of the UK government, parliament and secret services for good, as well as many foreign (mostly US) government employees. When will the trials start?

Nope, all that is authorized so it doesn't fall under this law. It's kind of like how the US government defines terrorism as non-state actors using violence against the public for political gain. The key is "non-state". That way when the CIA uses a secret bombing campaign to turn the population of a foreign country against its leaders, it's not terrorism.

This should be much more nuanced

[davidwr]

Just like there are different "levels" of theft and manslaughter/murder, there should be different levels of "damaging national security."

The penalty should be based on the harm done, the intent, and if applicable, the degree of recklessness.

Also, existing charges should be used instead of this charge where applicable. For example,if I harm national security with the intent of exposing someone to grave danger and they die as a result, then a murder or similar charge is more appropriate than a charge of "damaging national security."

That said, I can see some rare, hypothetical situations where a crime that comes under the umbrella of "damaging national security" charge could rightfully deserve a life sentence. However, like the various "levels" of a murder charge, the "levels" of a "damaging national security" charge need to be defined as separate crimes with different "elements" that the prosecution would need to prove.

Regarding whistle-blowers - there needs to be some formal process to encourage responsible whistle-blowing, while not encouraging malicious, dubious "whistle-blowing" (e.g. you are mad at your boss, so you look for nit-picky violations knowing that by merely reporting anything your "whistle-blower" status will mean you will win big money in a lawsuit if you are fired in the next year or two).

Murder is the preferred option apparently

[butchersong]

So if your boss and your bosses bosses are acting in ways that you deem inapropriate and in violation of their duties to the citizens of the UK you're better off killling them now than exposing them. You might get off in just a few years.

FTFY

[Falos]

> experts who warn that the new law could be used to target whoever the fuck they want

Shouting "treason!" isn't just analogous, the definition is actually similar.

I miss the days of planting drugs in someone's bag. At least that took a little more work than effortless accusations that are instantly valid.

Different punishment

[sageres]

I think it is too harsh. They should kick them out of the country... Transport them all! For example, Australia.... O wait...

An Evil Country

[Lawrence_Bird]

and one that should be avoided at all costs. If you live there, move before it is too late. Same applies to its little brother Australia. Not that the US is any great shakes either but we probably have another 10 to 20 years before sinking to the same depths.

Why limit this?

[HalAtWork]

Why is this only being limited to acts "on a computer"? If they feel so strongly about it, why doesn't it apply to any such act regardless of a computer being involved?

Doubleplusgood

[wcrowe]

I see goodthink is progressing doubleplusgood on Airstrip One. Anyone who commits thoughtcrime should become an unperson.

You're all wrong...

Ok, the piece pointed to here paints a very narrow picture. Let's imagine a scenario whereby "cyber-attacker X" takes over an air-traffic control system and starts crashing planes for ransom. I can see the argument that that's a life-worthy crime. (not sure how "life" is defined) The devil is in the details.

Re:You're all wrong...

[CanHasDIY]

Let's imagine a scenario whereby "cyber-attacker X" takes over an air-traffic control system and starts crashing planes for ransom. I can see the argument that that's a life-worthy crime.

Intentionally endangering the lives of hundreds of other people is already a life-worthy crime, no new laws needed.

"Devil in the details" indeed, perhaps you should consider knowing them yourself.

Just Like the Bullet Proof Vest

[Forgefather]

Can we pass a law that says any politician passing a law must first be investigated by an independent organization to see if that politician is breaking that law?

Maybe life in prison will teach some of these half wits that writing overly broad laws isn't a good idea.

Harm to environment

Arguably, the act of attempting to log in to a computer causes that machine to use power that would have otherwise not been used. Generating power harms the environment (CO2 etc) so any login (failed or otherwise) to any computer (even your own!) may render you guilty.

Simplest would be to build a wall round the entire British Isles and redefine it as a prison...

Tantrums

[JimSadler]

A law that sweeping surely is the result of law makers having a fit of temper. And it is senseless. Put it on a scale with someone like George w. Bush who helped wreck millions of lives with ignorant political behaviour and ruined America's world image with the torture of POWs. Look at the harm that fool did and he was not punished one bit. Then consider the harm that ronald reagen did with the whacked out notion of trickle down economics and all the harm that was done. Or consider Richard Nixon and his illegal acts for which he was never punished. Then stack them up against some twit who hacks into some site and spills information which should be public anyway and they want to give him life. The sense of proportion and justice in the US and most of the western world has become so demented, so irrational and so bigoted that I am at the point of asking if society should ever be allowed to punish anyone at all no matter what they do. Our legislators and judges have become no better than drooling lunatics motivated by spastic emotions and ignorance.

Wow UK, you're becoming as fucked as the US

child molestors who destroy (or murder) kids lives, get off after X years.

Tax evaders get off after X years.

Murderers get off after X years.

But hackers get life?

What's up with that shit?

Re:Wow UK, you're becoming as fucked as the US

[ogdenk]

Generally in my state (SC), murderers get life or the chair. And there's a good chance the jury you end up with would have a combined IQ somewhere around 82 and will assume you are guilty based on the fact that you were arrested and locked up. It's like the court scene in Idiocracy.

What about known unsecure software OS releases?

[Stan92057]

Who will they send to jail for life when a corporations like Microsoft, Apple, Adobe, Oracle, Google, Mozilla release known buggy and insecure software to get it out the door and patch later? That sure in hell is national security issue.

So basically anybody

[gweihir]

Any "act on a computer" consumes electricity, hence damages the environment. And any web-site I visit has not specifically "authorized" me to do so, so in some sense it is "unauthorized" (yet usually welcome). Pretty nifty. I guess they want to rescue the collapsing British economy by creating a huge prison industry.

Re:Whenever I feel the USA isn't really that free.

[gweihir]

"I am more free than you!" said the police state to the totalitarian one. Not that they are fully there yet, but the path is clear and history tells us it will be walked to the bitter end.

programming = life sentence

>that resulted in damage to human welfare, the environment, the economy or national security in any country

so programming would give you a life sentence?
oh wait they said 'unauthorised act'
- I didn't authorise you to put bugs in the software - life in jail for you...

why not Transportation?

[goombah99]

IN old england, the prisons became so over crowded they started using the rotting hulks of navy ships as prisons and as that became full they resorted to "transportation" which basically meant you get a one way ticket to help settle australia. (see book "the Fatal Shore"). Now that mars transport is about to approach feasibility ans Elon Musk says we need vast numbers of people for sustainable living I'm shocked the UK govt isn't sentencing these hackers to Transportation.

Why not give some options for sentencing?

[OrangeTide]

Why only life in prison?

Maybe first time offenders could have their eyes gouged out? Or finger nails pulled out with pliers.
Maybe electroshock treatment if they are under age, because sending a 13 year old for life in prison is quite a bit different than sending a 33 year old for life in prison.

If they deface the website of a prominent person, then tar and feathers or ride them out on a rail. Both of those persisted into the modern era in the US, I don't see why the UK can't reuse old practices.

I'm not sure any of this is an effective deterrent, because most people don't plan on getting caught. But at least politicians, judges and prosecutors(or whatever the British equivalent is) can pat themselves on the back for a job well done. Protecting everyone from everything from big bad evil hackers to whistle-blowers who rock the boat.

Frighteningly Dangerous

[Foresto]

So it's basically carte blanche for anyone with a job in in politics, law enforcement, or prosecution to destroy the life of anyone they choose, based on nothing more than conjecture. Does anyone else find this frightening? Would the dangers of this idea be more obvious if the words "computer users" or "hackers" were replaced with the word "people"?

Re:Frighteningly Dangerous

[ogdenk]

The UK is the non-production beta test environment for scumbag policies the US wants to implement on its own citizens.

Laws don't apply the same way to the rich or well-connected the same way they apply to middle class scum here in the US anymore. It's been that way for a while.

The operative word here is...

[Mister+Liberty]

Computer.
(And I keep repeating myself).

This is the government -

[choke]

That we died to get away from.

It's also the government that so many tyranny seekers point to as the desired state in which the US must transition. A helpless disarmed population, and a government with no limits.

This law basically gives the government the right to imprison anyone for life who is online doing anything they decide they oppose. One-button tyranny.

Economy

[Livius]

When they say "economy", do they mean the actual economy, the combined production of wealth in a society, or 'the economy', the euphemism for the bank accounts of the wealthy?

(It's a rhetorical question.)

They already have laws for this

[rsilvergun]

it's called Treason. It's also very, very hard to prove. This is just an attempt to get around those laws so they can punish people without all the red tape of due process.

If anything, too lenient

[DaveAtFraud]

I was thinking more along the lines of something like having the convicted party drawn and quartered, staked out on an ant hill (fire ants preferably), garroted, etc. The potential punishment needs to be a real deterrent; not whiling away the years in some minimum security resort.

/. groupthink seems to have focused on the "heroic hacker" unearthing politically embarrassing scandals while forgetting the damage that everyone from site taggers who get carried away to what common criminals, terrorists and state actors can do. There are people out there who can do real damage. Be it either without thinking or with much greed or hatred.

Cheers,
Dave

On a computer

[Hypotensive]

So a government policy that was written by someone on a computer which resulted in damage to national security, the economy or the environment (hmm, there might be a few of those) can now result in life?

[goes looking for some politicians to imprison]

So then arguably...

[iq145]

This could be the fate of Special Ed (when Russia is finally done with him and deems him no longer useful).