House OKs Life Sentences For Hackers 972
ByteHog writes "The House of Representatives voted overwhelmingly Monday to create a new punishment of life imprisonment for malicious computer hackers. The article on MSNBC also mentions that police can conduct internet or telephone eavesdropping without first obtaining a court order. Says a Rep from Texas: 'A mouse can be just as dangerous as a bullet or a bomb.'" Other articles can be found here and the text of the bill is available.
Typical (Score:1, Interesting)
Any lawyers out there know if the ACLU or someone similar can get it repealed?
Has hacking ever killed anyone? (Score:5, Interesting)
Goodbye to spyware.... (Score:2, Interesting)
Define Terrorism (Score:5, Interesting)
Run an "unsecured" operating system? You're a terrorist.
Share files? Terrorist.
Complain about corporate abuse? Terrorist.
Demand your Fair Use rights? Terrorist.
Fail to consume your fair share? Terrorist.
Shooting people to pursue political gain? Not sure. Depends.
Holding a population hostage via threats of violence? Depends who does it.
Re:Okay, this is pretty much it. (Score:5, Interesting)
Terrorist: used by people to indicate other people that say or do things that the first group of people doesn't approve of, doesn't understand or isn't receiving any money for.
War on terrorism: The act of violating every basic human right of terrorists.
Peace: A situation where all terrorists are either dead or in prison.
From your post I see my self guessed definitions are pretty close to the real meaning of those words. (and boy will the world be a quiet place when the American government finally decides there's peace)
Re:Has hacking ever killed anyone? (Score:4, Interesting)
Yes, i agree, but not just for the hacker. I would at least take a serious look at the people responsible for the system. If some kids kicks agains the wall of a building and it collapses, who's to blame?
Has it?
Not that i know of, but i might happen. I've heard news somewhere about warnings for terrorist attacks through the internet, things like possible attacks to nuclear power plants. Personally i think anyone that build a system to control a nuclear power plant and connects it to the internet should get a life sentence. If a hack causes death the hacker can never be the only one to blame IMHO.
It's natural to fear the unknown.. (Score:3, Interesting)
So hacking (cracking) is no different. Most people don't understand it. They see from movies that people can sink ships and fire nukes by playing with BASIC on their Apple IIe.
And yes I read that a life sentence is only for murder, but I'm sure a crime done through hacking will get a longer punishment than through "normal" means. There are examples of this happeneing already.
Re:Has hacking ever killed anyone? (Score:3, Interesting)
Examples:
-Hacker breaks into medical records. Changes some patient info. Patient receives medicine they are allergic to and dies.
-Hacker breaks into a computer controlling traffic lights. Causes a system failure and a traffic accident occurs killing some people.
-Hacker breaks into a weapons manufacturer's recipe computer and changes some chemical mixture information. Wrong amounts get mixed and an explosion occurs killing those mixing.
It is possible scenarios like these have played out and it never got reported because no one was aware of the intrusion.
Suitable punnishment for spamming? (Score:2, Interesting)
If it takes each recipient an average of one second[1] to identify and delete a spam, then sending (60*60*24*365*70) = Two Thousand Million spams will consume a lifetime[2] of time[3] on the part of the recipients.
Could we convince the lawmakers that a life for a lifetime would be an appropriate punishment?
Andrew
[1]Some people read them, some scan them, some deal with them automagically, 1 second average is a guestimate.
[2]Three score years and ten. Seems like a reasonable number.
[3]Of course this ignores the waste of resource and collateral damage, such as an important email junked because it looked like spam or an importand email lost amongst the spam.
Re:Has hacking ever killed anyone? (Score:3, Interesting)
The term to cover this kind of legislation is "supercriminalisation". Such laws are redundant before they are even passed. Typically done to make politicans appear to be "doing something", especially if there is a lobby group needing to be appeased.
You could also look at it as a way of politicans avoiding doing their jobs whilst appearing to do so.
Just the beginning // and that's not all bad (Score:3, Interesting)
In most states of the US (and most developed nations) you are not allowed to operate an automobile without maintaining basic safety (and emissions) equipment. I expect sometime in the near future similar requirements may be made of systems connected to the internet.
Today the conversations may look like: .. I pay for this service and I'm not responsible / can't afford to fix it ...
ISP: Your system is being used for attack by an intruder, if you don't take it offline and get it fixed we will enforce our AUP and take you offline.
customer1: Ooops, sorry ok we'll spend the $$ / time to fix it
customer2:YOU CAN'T DO THAT
ISP: CLICK
Today, while it's feasible to keep systems patched / audited for a reasonable level of safety, many (most?) orgainizations don't have the skillset / funds allocated to keep their systems secure against even the 'kiddies, let alone a determined attacker. That's gonna have to change IMO either thru systems that are harder to break into in the first place or better practices.
Some of the provisions of this bill are also simple clarifications of existing statutes. For instance see the provision: Specify that an existing ban on the "advertisement" of any device that is used primarily for surreptitious electronic surveillance applies to online ads. -- apparently while it's illegal to advertise wiretapping equipment in print, this will extend the restriction to online ads also.
This explains why I've been seeing the adds and spame for keyboard keystroke recorders (shame on you thinkgeek!) and packet sniffers to protect (spy on) your kids or spouse.
Books are dangerous, too! Let's ban them... (Score:2, Interesting)
And a book or political tract can be even deadlier -- look at the track record of the Communist Manifesto.
Will Congressman Smith sponsor a law against books, next? This whole thing reeks of technophobia.
Some clarifications of meaning... (Score:5, Interesting)
Nevertheless, the bill does not *merely* do what the news reports claim, and in that, it is alarming.
The interesting part is the definition of "protected system", which is taken from "18 U.S.C. 1030" (search for it in your favorite search engine), and the modifications made to it by the bill.
It does not involve only government computers, as the text of the bill itself implies. It also involves "any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954" -- most of which is public information these days, and available from many web sites containing information on basic high energy physics (apparently, congress-critters believe that if they can't figure something out without a crib sheet, neither can your average university-trained physicist or engineer, which is why they think they could successfully legislate against light switches).
Further, it includes records from "information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer", per "15 U.S.C. 1681".
This can be loosely interpreted to mean "any system which stores credit card numbers".
--
The real question that we should be asking is whether this is a Writ Of Mandamus... it seems so, since there do not appear to be practical restraints on use of information gathered under the terms of this bill (i.e. "We thought he was a terrorist; as it turns out, our justification was bogus, but we still get to use the evidence gathered to inform against him for that Metallica MP3 he downloaded").
From my reading, it's unconstitutional, under the 4th Ammendment.
Of course, since it passed by such an incredible amount in the House, there no reason to believe that it will not quickly become law: it clearly has wide bipartisan support, and will clearly get the White House's approval (see below).
What that effectively means is that it will remain law, until it is challenged by a perpetrator on the basis of constitutionality. Basically, the law will have to be violated to be tested, at considerable risk to the violators, given the tendency recently for the Federal Government to use the Bill Of Rights in place of toilet paper.
I guess the only thing we don't know is whether this is an overreaction to last September, or if its an overreaction to the lack of consumer confidence in the market, where they think if they can point to themselves "*doing* something about some real market risk", we will forget all about "the man behind the curtain", and not insist on substantive tort reform.
If you read the House Report version of the bill, you'd think the latter (e.g. reaction to "Enron")... almost all of the listed congressmen are from -- *surprise!* -- Texas.
The Constitutional basis for incorporation itself is to serve the public and shareholders interests (read the relevent USC on incorporation, if you don't believe me); this seems to have been reduced to nothing more than "fiduciary responsibility to protect shareholder value, and screw public interst". More fundamental reform is required: this is not about people not acting like a--holes for fear of the penalty, it's about people not acting like a--holes because they *aren't* a--holes.
-- Terry
Re:Since I doubt you actually read the legislation (Score:3, Interesting)
Re:Has hacking ever killed anyone? (Score:3, Interesting)
This is a very bad analogy. That is like saying "Honestly, I just pinged that company's website, and all of a sudden I was arrested." I really hate it when people paint the picture of the cracker (not hacker) as some innocent kid who didn't realize what he was doing. This law isn't for the kid who defaces a website, it is for something really friggin serious. And now you are suggesting that the owners of the system be punished too? What if someone roots your system, and then hacks into some bank, then gets caught? Should you be held responsible, or the bank? Gee, how about the person who knowingly did something illegal? That is a novel idea.
The obvious downside of this law is that it will be used when the situation isn't that serious. It would have to be a hack that endangered lives. If it were used against someone who just caused monetary damage, then it would be a sad day. After all, do you think the Enron and Andersen boys at the top are going to be spending life in prison? Hell, John Walker Lindh is only expeced to get 20 years.
How is a mouse "as dangerous as a bullet or bomb" (Score:2, Interesting)
Generally, the easiest way to do it is to get someone's password by either conning someone into giving it to you; sending someone a trojan email with a keystroke logger embedded in it (best and easiest way); or installing a hardware logger (if you have physical access).
OBVIOUSLY, if a computer system cannot be accessed it can't be hacked! What important financial or military computer has ACTUALLY been hacked?
Most of the court cases are stupid. They involve someone downloading software that others have written to take advantage of known software bugs (a script kiddie) and using it to mess around. Sure, a major site might go offline for a few hours....but the world of computing has so many "natural" technical glitches that's hardly a problem.
Viruses only affect major companies because the employees there are stupid and lazy. They continue to use Outlook, they don't filter executables out of incoming mail, and they don't update their software.
Oh sure, some scipt kiddies have broken into DoD "classified email" servers, but how does that warrant a life in prison?
Unlike the movies, most real machinery and IMPORTANT computer systems are generally not upgradable without pulling chips or at least gaining access with tools to the serial port.
Re:Its not as harsh as it sounds. (Score:3, Interesting)
Well, logically there wouldn't need to be a new law. But you are forgetting, lawyers will wiggle through any available hole. It could be argued that you can't actually murder someone through a computer because it isn't quite a tangible thing. The new law is probably just to plug that hole.
Re:Okay, this is pretty much it. (Score:4, Interesting)
I'm sorry, I thought you were referring to the term: "Freedom Fighter".
So Jews are justified to live on land b/c they evicted others by force. Palastinians are *not* justified to live because jews were evicted by force.
Arabs are *evil* b/c of war to take over land. Jews *rightfully* conquered land through war.
You Sir, are a logical three ring circus.
-b
Anybody read the text? (Score:3, Interesting)
Re:Okay, this is pretty much it. (Score:2, Interesting)
If you have any evidence that nonviolent groups of people that are not attempting to kill civilian non-combatants deliberately are considered terrorists by the US government or population, please show me.
--quote--
Well.... this is dragging the cat out....happened a long time ago.... also, it should be noted that there have also been legitimate uve se of force from the US, they have been attacked and they have retaliated....but this has not allways been the case...
0.- Chile (US supported age of terror)
1.- Argentina (US supported age of terror)
2.- Nicaragua (US supported age of terror)
3.- El Salvador (US supported age of terror)
4.- Plenty African Countries and CIVILIANS...remember the 'mistake' of the aspirin plant?
Another definition for you:
Army: Organization made for the legitimate use of force.
US Army: Organization whose primary objective is to protect american interest everywhere through the use of force.
To portray an example:
In Nicaragua, US Army trained right wing government special army units specifically for the task of counter guerrilla activities. A quick run through the manual of such military concept will tell you that this means basically the use of the military to do state terrorism, eliminating the popular base of the guerrilla. This meant genocide of whole towns.
So there....hows that for an example.
Alex
slippery slope (Score:2, Interesting)
Terrification (Score:5, Interesting)
When I was training typical office workers in using computers back in the 80s, the most difficult hurdle was that most of them were terrified that the computer was sentient enough to become offended if they did something 'stupid' and intentionally punish them for their mistakes. Just as Muslims see a god in their book, even 'modern' Americans tend to see gods in their boxes - and both are terrified that those gods will punish them if they stray, even in ignorance, from their presumed commandments.
And now the Congress is terrified of computer networks, and seeks to terrorize those who appear to be favored by special powers by the new network gods, who must be made fearful of Congress's powers lest they reach out through the networks to strike them dead.
Lesson: Anyone whose power source is different from your own is guilty of witchcraft (whether that source is more or less advanced than yours makes little difference - thus 'modern' medicine derides 'witch doctors'). Since that witchcraft terrorizes you, you must hold the witches in check by terrorizing them in return. This is all simple anthropology.
Sometimes the witches (fundamentalist Muslims) are trying to kill you; sometimes they (sysadmins) aren't. The key to maximizing peace is overpowering the first group either with new culture or, if that fails, with containment or death; and overpowering your own paranoia regarding the second group, by whatever means are available. The tricky part comes if our own Congress continues towards behavior equivalent to that of fundamentalist Muslims. Our first course should be to ease their paranoia.
___
Re:You slashdotters are so disconnected... (Score:3, Interesting)
B) Bush is NOT taking citizens on the grounds of unamerican activities or what have you. You're making a mountain out of a mole hill. We're talking about a handful of non-US citizens that are believed to be associated with terrorists (murderers, not mere philosophical disagreements). This is not "anyone." This is not on "any grounds." You are distorting the facts.
C) Open government and "due process" is a good thing. However, not all good things are better when carried out to their extreme. In fact, some are downright harmful. Some of the practices that made sense 200 years ago, when it was very difficult for an individual to kill thousands of people, really make little sense now when it's relatively easy to do the same. I'm sorry, but I'm absolutely opposed to the idea of releasing someone who sneaks into this country illegally, who is KNOWN to be involved with terrorists organizations, either back into this country on bail or to deport them, merely because we can't find sufficient evidence to convict them in a traditional court of the more serious crime that they're probably involved in. Now that's not to say that I give my government carte blanche (and they DON'T have it) to do whatever they want with these people, but you'd attack ANY necessary change.
D) As for history, this cuts both ways. History has shown time and time again that you can't placate bullies, whether they be dictators in charge of a country or a terrorist leader. Some of the same policies that Bush has enacted are policies that should have been enacted in WWII and are being attacked by people like you.
E) It's a blatant stretch to assert that Bush, or anyone in this government, is so far gone in their change of policy that they're beyond control of the people. What's more, these policies that have been enacted are relatively slight policies and are easy to enact, so that enacting them really gets you no nearer to a police state, in reality, than we were previously. The press is still readily attacking Bush. The political opposition still does, although they're more hesitant because they're afraid to waste political capital. I really don't think that you can say with a straight face that we're in any danger of slipping into a police state given all the facts (especially when you take into account the greater risk of a massive terrorist attack).