Lawyers Say Hackers Are Sentenced Too Harshly 439
Bendebecker writes "Cnet is reporting: 'The nation's largest group of defense lawyers on Wednesday published a position paper arguing that people convicted of computer-related crimes tend to get stiffer sentences than comparable non-computer-related offenses.' Finally, someone is listening..." The document makes the points that most computer crime cases involve disputes between an employer and employee, and that the seriousness of the offense is generally comparable to white-collar fraud cases.
The Bulk (Score:1, Insightful)
String 'em up (Score:2, Insightful)
depends what you did (Score:4, Insightful)
they shouldn't have equal sentences, but that isn't to say one of them isn't deserving of what they get...
It all depends... (Score:2, Insightful)
Have to exaggerate the problem... (Score:5, Insightful)
In many cases, the victim would be ignored if s/he didn't over-state the actual damages. I've heard victim after victim (right here on slashdot) state that they've went to the FBI/local officials, and were denied help because the actual damages didn't add up to a certain amount.
No wonder victims are overstating the problem, it's because they don't like being ignored.
--sex [slashdot.org]
Re:Well (Score:5, Insightful)
Who says they are deciding. They are stating their opinion. It is up to legislators to create and modify the law and judges to uphold it. Lawyers just happen to be the most intimitately involved with both types of cases and therefore are qualified to state an opinion.
I would also point out that they are as free to state their opinion as you are.
Re:Well (Score:3, Insightful)
>out of work
Absolutely zero:
How much time did the MIS manager and CTO do? They share the responsibility for not securing the system. If the risks are that great, then not adequately protecting against those risks is criminal neglect.
Re:just fraud (Score:4, Insightful)
"Oh, well, in that case, since it's ONLY fraud, might as well let them go free."
You didn't understand the argument, or didn't bother to read it, at least. They're not saying computer criminal should "go free," but that the harshness of their punishments should be similar to the punishments meted out for similar crimes not involving computers. Is that really so difficult to support?
Re:String 'em up (Score:2, Insightful)
The point of the article is that there already are relevant examples and that hacker crime is analogous to white collar fraud. Ergo... it should be treated the same way in the law and in sentencing.
Re:Well (Score:3, Insightful)
Also, this particular group of lawyers are defence lawyers, so it's their job to defend crackers and fight for their rights, which would include the whole fairness issue.
And also, these people might be judges someday, so then it will be their job to determine what fair judgement is.
Too Harsh? (Score:5, Insightful)
me != suprised (Score:5, Insightful)
Now, I'm not saying that hacking others' equipment is good. I'm just saying that the punishment should fit the crime, not get 10 years in jail because you made the RIAA website say they love mp3s instead of money.
Re:Well (Score:3, Insightful)
1) Judge (often a lawyer)
2) Prosecutor (lawyer)
3) Defense Attorney (lawyer)
Also, think about this. Whenever the two sides work out a plea bargain rather than going to court, you basically have 2 lawyers hashing out what is a fair penalty for the crime involved.
So, in response to your statement, I would have to say that lawyers have always been the beacon for what fair punishment should be since the modern criminal system came into being.I'm sure it's fun to take potshots at lawyers, but you need to realize that they do run the system to a large extent.
IANAL
Re:The Bulk (Score:2, Insightful)
Re:The problem isn't the harsh sentences for hacke (Score:3, Insightful)
Re:Hmmm . . . (Score:4, Insightful)
No. I vote.
The Witches of Yesterday... (Score:5, Insightful)
Re:"White collar crime" - a misnomer... (Score:2, Insightful)
Property crime is a crime, and it should be, but the danger posed to others by these crimes is usually minimal. The mental anguish caused by crimes committed thorugh violence or the threat of violence is, and IMO, should be punished more harshly.
Re:Have to exaggerate the problem... (Score:3, Insightful)
Something is wrong when murder gets you less time. (Score:5, Insightful)
A man installed a program that for all intent and purposes is a screen saver and he could have been forced to serve 120 years in prison had he not plea bargained. Clara Harris killed her husband with her Mercedes, was found guilty of 1st degree murder, and was only sentenced to 20 years (she'll get out in 10).
I think something is wrong with a system that gives you more time for installing a program that doesn't do any damage than it does for murdering a person in cold blood.
But does it still warrant... (Score:5, Insightful)
Depends on the impact too (Score:2, Insightful)
With the computer tresspass and fraud act, you have a minimal amount to trigger the act ($5000) and a large penalty. If you steal a car (worth $5000) you get a much smaller penalty.
Re:The Bulk (Score:5, Insightful)
If that logic is pursued, just make every crime, from littering and jaywalking on up, a capital offence. That would deter ALL crime. Sounds idyllic, doesn't it?
The point the lawyers are making is that the penalty should be in relation to the harm caused, not multiplied merely because it somehow involved a computer. Whether you defraud using a fountain pen or a PC, the penalty should be the same.
This is a symptom (Score:3, Insightful)
A symptom that copyrights are unenforceable, so the only way they can compensate is by fear mongering with draconian punishments. Our response should be to act in civil disobedience whenever possible. The sooner we force this thru, the sooner we can get on with the information age.
Re:I have to state the obvious... (Score:4, Insightful)
Computer offences are actually underplayed.... (Score:3, Insightful)
And how is this not serious? Destruction and blackmail are extremely serious and should not be tolerated in society.
Prison is not just rehabilitation. It is a deterrent. If there were little or no consequences to, say, wiping out a server just because you are mad you got fired then many many more people would do it. Consequentially companies would crack down hard on everyone and treat all employees like assumed criminals.
Most of the world we live in is based on trust. Most homes and businesses are relatively easy to break into. And if the consequences for such actions were light then more people would be trying it just for fun. And then home owners would have to put bars on their windows and constantly worry about keeping their house secure.
In fact, this is essentially what Slashdotters are recommending people do to their computers. Most people have better things to do with their lives than worrying about locking down their computer from hackers. How about the hackers say on their own boxes and stay the heck away from everyone elses!! If someone breaks into my computer, it is not MY fault the computer was easy to crack. It is the hackers fault for doing something they weren't supposed to do. And the hacker should go to jail for it, just as they would go to jail for breaking into my house and checking out all my stuff. I don't care if they steal anything or not, it is an invasion of my life and privacy!
I am sick of the hypocrisy Slashdot getting all up in arms about the Patriot Act and then worshipping Kevin Mitnick. At least I can vote against the Congressmen who supported the Patriot Act. I can't vote to keep Mitnick wannabes off my computer, except to vote to put them in jail where they belong.
Brian Ellenberger
Re:I agree (Score:5, Insightful)
In case you haven't noticed, you can't just go where ever you want just to look around.
Re:It all depends (Score:2, Insightful)
I wish I had an easy answer instead of just more doubt / cynicism, but I think the harsher sentences should be reserved for potential/actual harm to humans and physical structures.
BTW - My
Re:6th Grader Charged in Grade-Switch Caper (Score:5, Insightful)
What would be ridiculous would his being tried and convicted as an adult, and spending 10 years in a max security prison. But that wont happen, he'll get the warning and the incident will go into his sealed juvenile record.
IMO there's too much 'juveniles shouldnt be punished after all they're just kids' sentiment. Youngsters know this, and commit more and more crime knowing they wont be severely punished.
It would be ridiculous if the teacher gave him permission to use the computer, and in doing so he accidentally formatted the C: drive, or something like that. But if he knowingly committed a crime (which it would seem he did), he should be prosecuted for it.
Re:The Witches of Yesterday... (Score:3, Insightful)
Very similarly, the popular image of 'Hackers' is formed by films like 'the net' or even 'the Matrix'. People believe that Hackers are capable of all kinds of perfidy, not because they have heard so from a responsible source or understand the issues involved, but because their fears have been ramped out of proportion by the popular media. (This is not to say that there were not some very serious ecclesiastical figures behind some of the witch burnings - just that Witch trials were really driven by the public, not generally by the church.)
Re:We need strict sentances for hackers/crackers (Score:1, Insightful)
Horseshit, just a stupid internet rumor.
He was in solitary confinement for his own protection. Skinny little white computer nerds get passed around like a rubber fuck doll in the bighouse.
And given that his crimes were frauds committed over the phone, taking away his phone PRIVELEDGES (note; it's not a right in jail) makes perfect sense. Some media jackass made up the 'launch a nuclear war' crap.
Re:6th Grader Charged in Grade-Switch Caper (Score:2, Insightful)
One: The kid shouldn't have tried to change the grades. Bad Kid.
Two: The teacher should have locked her machine up. Bad Teacher.
Three: A DA prosecuting a kid for this? I would think the DA had bigger cases out there to work on. Bad Judgement
Shame really, I don't think the kid needs to go to jail over this (unless he has a bunch of priors). What the kid probably needs is for is parents to have a one sided conversation with him. One sided meaning their hands talking to his backside.
Re:The Bulk (Score:4, Insightful)
If they suffered a loss, let them document it and then charge the "hacker" with criminal damage, fraud, or whatever. Why should "hacking a corporate network" be such a heinous crime in itself?
Blue v. White Collar Criminals; (Score:4, Insightful)
a) Most Bank robbers wouldn't know what bait/dyepacks would look like if it was sitting in front of their face
b) If the tellers just grab their bait, the robber's getting away with ~$83 per teller
c) Some Bank Tellers have their own 'valuts' (Bank tellers buy and sell money from the bank vaults to their cash drawers. Some banks differ in how much money they're permitted to have in their drawer, or don't permit their tellers to have locked valuts.
Let's say I'm Jon-BankRobber. I walk in with my gun, flash it around, walk out with ~$300 bucks (~$80 x 4 bank tellers), caused some bank tellers to quit their jobs/go into therapy/become really depressed. I go to Court, visit the Judge, who gives me ten years.
Now, let's look at Joe-31337h4x0rd00d. I break into my bank's tellering system, create an account, and either blatently (to the fact that it comes up on the next day's report) or sneakily (penny-slicing) steal money. I can get away with much much more, but for the sake of keeping things same, I only take $300.
When Joe-Hacker goes to the judge, he's going to get a max of 6 months. Non Violent Crime, Under $500 (no felony), no gun. (this is assuming that they don't get him with electronic tresspass)
If they're looking to give hackers/crackers a free ride, it won't happen. If they're trying to equal things...just make the same crime punishable by the same punishment. Rob a bank or Crack a bank, go to jail for up to ten years.
I know some of you will poke holes in this, but the average white-collar-criminal just doesn't go to prison, unless you've pissed someone really off, or really f*cked up.
Replies will be answered.
ONUCSGeek
penalty should be in relation to the harm caused (Score:3, Insightful)
figuring for both files lost, cleaning it from systems, and a prorated amount
for the effort/energy/and money poured into the creation of patches/antivirus software.. can we apply the death penalty to the virus author?
63 years, times 365 days, times 24 hours, means 551,880 hours
There are plenty of real precidents. (Score:2, Insightful)
Stealing 8 million credit cards? What was the actual cash value of the loss? Wouldn't it be the same as sneaking into a bank at night and walking off with that much money? Aren't there good legal precidents for this sort of theft?
Move into the scary realm of so called "Cyber Terrorism". You shut down a hospitals power grid and 10 people die. It's either manslaughter, if you didn't do it on purpose, only indirectly caused it, or 10 counts of murder1 if you did it on purpose. (Or maybe one of the flashy new anti terror laws, which no doubt would leave you kneeling over a shallow grave somewhere.)
Eventually legal theory will work this out. It's all about precident. Once everyone gets over the novelty of it, and stops seeing it in some quasi Victorian sense of "Progress/Intelligence gone awry." things will cool back down.
At least, they had better. This crap is ridiculous.
Re:Computer offences are actually underplayed.... (Score:2, Insightful)
While you might feel guilty, you certainly wouldnt be culpable. That's the old lawyer game of blaming the victim, a la "She was raped because her skirt was too short". It's a pretty disgusting practice in law.
Financial Damage can be tracked. (Score:3, Insightful)
If you spray painted the outside of walmart with the words "CLOSED - BUILDING UNSAFE" and they lost a days sales because of it would they not be deserve to recoup said loss?
Honestly I have no sympathy for hackers or any other type of white collar crime. Most all of them get far too light a sentence IMHO. So do many violent criminals as well. We spend so much of our time locking up drug users and dealers, while drunk drivers get off that we can't properly deal with REAL crimes.
Anyone remember the old Star Trek episode "I Mudd"
(Not an exact quote.)
Works for me...;-)
Re:Hmmm . . . (Score:1, Insightful)
... more than the average raper? YES (Score:1, Insightful)
Yes. For some reason we seem to take "physical" crimes more seriously than ones which attack our social structure. More explicitly, executives which stole tons of money via private trading should be facing the death penalty -- instead of killing one person, they have single-handedly wipe out the savings [work product of many many years] of thousands of people and the enjoyment of retirement.
The problem here is, of course, white collar crimes arn't punished enough.
Re:It all depends (Score:5, Insightful)
If you immediately deleted the database, and sent Visa an explanation of the vulnerability, you should certainly be less liable than if you posted it on your FTP site, or wrote a small shell script telling Amazon.com to send every Visa holder a copy of "Curious George Goes to the Potty."
As things stand now, the prosecutor would just brew up an "analysis" showing that you cost Visa $500,000,000, point out that you're a terrorist, and sentence you to life in solitary (so that you don't manage to escape, gain access to a payphone, and start a nuclear war).
Re:6th Grader Charged in Grade-Switch Caper (Score:4, Insightful)
Punishment should have been handled by the administration and the kids parents this was NOT a metter for the cops.
Kintanon
Re:6th Grader Charged in Grade-Switch Caper (Score:4, Insightful)
Doing it on the teachers computer brings it up to the level of a felony. 'Altering intellectual property' or some such.
IMHO, that is not right.
Yes, the kid should obviously be punished. Does doing via the PC warrant far more severe punishment, vs doing it in a paper grade book?
Can I bring suit against any and all spam and popup purveyors? After all, they ARE altering the contents of my PC (cookies and unwanted email) without my permission.
Re:Personal example (Score:3, Insightful)
I agree he should be punished, but it isnt the same as breaking ito your house and rifling through your file cabinet. Break and enter is generally treated by cops and DA's as a violent crime - because burglars very often have every intent on harming someone who may be at home at the time.
A better analogy would be the clerk at the gas station who lifts your Visa number, or the guy who looks over your shoulder at a payphone or ATM to get your calling card/pin numbers. But hackers also have an element of trespassing and harassment. So maybe mix in a little of the guy who makes obscene phone calls in the middle of the night, or dumps his garbage on your lawn. Or maybe a postman who reads your mail (thats a big federal no-no as well)
In any case, saying the sentences are 'too harsh' or 'too light' is wrong IMO. This is what judges are for, to decide what punishment is appropriate on a case by case basis. Thats their job.
Close, but... (Score:5, Insightful)
100 years ago before the automobile became dominant, society & the economy depended quite a bit on horses. As such, you would be hung for stealing a horse, not because it's such a horrible offense, but because if the punishment wasn't really stiff excess horse theivery would probably have actually undermined the stability of society. Who would want that!
The same forces are probably in effect here.
Re:Perhaps the hacking penalties are fine... (Score:2, Insightful)
The richies got to keep the lions share of the doe they swiped. Most got recieved no punishment. Those that did got off light. And the peons got taught not to blow the whistle if they actually want themselves and their friends to not go bankrupt and jobless.
Why is it the rich are treated like pinacles of society just because of the money they have?
As I said before, I'd love to have a billion dollars, and not for the spending value.
God Bless the US of A, land where equity...err...equality is the law of the land.
Fear and loathing drives sentences (Score:4, Insightful)
The real question is whether justice is state-surrogate revenge or to keep the public order.
Re:"White collar crime" - a misnomer... (Score:3, Insightful)
The error in your reasoning is the presumption that criminal penalties are imposed in order to deter crime.
Given the high rate of recivitism it should be obvious that jail time never deters crime. The purpose of punishment is to get dangerous people off the streets and into an evirnonment where they will not do further damage to the general population.
Re:6th Grader Charged in Grade-Switch Caper (Score:2, Insightful)
Penalizing the unknown (Score:3, Insightful)
When it comes to computers, most people are hypocrondriacs (sp?). And what do people do when they fear something unknown, they lash out against it.
Many people on computers today are affected by spam, viruses, and other issues. Their solution, nail the bastards, put them somewhere - it doesn't matter where, so long as they can't cause me trouble - and jail is a seemingly optimal location for this.
On the flipside, for kiddies who build idiotic viruses that knock down routers worldwide and cause general chaos, I think that many of the users here on slashdot would be very happy to see them lynched. We have to seperate major disruptions and white-collar criminals from the kids who write "H4XOR3D BY 133TM4N" on a website.
Re:But does it still warrant... (Score:4, Insightful)
Well, who goes free and who gets convicted is a function of a randomly chosen population sample, not the government. Plus, if they follow the law, no matter what the laws says, then they're not "corrupt" in the "not doing their jobs" sense.
If a state government wanted to pass a puritanical "no kissing in public" law, they'd be well within their jurisdiction to do so, and the officers and judges and lawyers carrying out this law wouldn't be corrupt.
I agree that extremely violent offenses such as rape and murder should, without exception, give higher sentences than any other kind of crime. But that doesn't mean that a government that puts drug offenders and prank-hackers in jail for twice what the average rate for murderers is corrupt. Extreme, maybe, but not corrupt.
(And if you counter with "will of the people", I'll want to know an update on the status of the movement for a constitutional amendment requiring equitable and fair sentencing throughout the country.)
Comparison with drug law. (Score:3, Insightful)
A similar mechanism might be at work here. Lawyers and businessmen write the laws, so so-called white collar crimes like fraud tend to have low penalties. Lawyers and businessmen do not hack, so the penalties for crimes that involve hacking tend to be higher.
Re:But does it still warrant... (Score:3, Insightful)
unless you can point out a possession sentence that warrants years in jail.
Here's a guide to marijuana laws, by state. The current page is Texas, where you can get a year for 3oz and 2-10yr for 5lbs (possession). Any sort of sale will put you away for more than a decade. Hawaii is just as bad, but most states are more lenient. If you want a pot-friendly state, Colorado seems to be the place to be - mostly fines for possession. [norml.org]
Note that these laws are apparently for pot only. Do a google search and see if you can find out what cocaine possession will get you.
Re:Personal example (Score:3, Insightful)
I beg to differ. When my house is compromised I know how many systems could have been targeted (7) and where my important information resides.
If I'm a big company, I might have dozens or thousands of boxes at risk. I might not have good forensic logs to tell me when the system was compromised or where the attackers went. I might not know the extent of the damage - in fact I probably will never know what important information was taken (if any) or where the important information resides.
Depending on the size of the organization it might take me months to figure out how to protect against this type of threat in the future, and I might have to spend tens to hundreds of thousands of dollars on software and consulting to help me be protected.
You might argue that we already have a staff of engineers, and that it's not fair to count their pay as cost for cleanup, but when they are cleaning up, they are not doing things that make my company money, just activities that might help my company to lose less money.
Millions? It's a definite possibility. You might have merely defaced my web presence, but you also might have inserted a trojan that would let you do a great deal of damage, or deface my web page again. I don't know, and figuring it out could cost a fortune.
duh (Score:2, Insightful)
Re:Blue v. White Collar Criminals; (Score:3, Insightful)
Non-violent crime (and that's crime without *threat* of violence, not just without actual violence -- i.e. threatening you with a gun does not count as non-violent, even if I never shoot it -- even if it turns out later that it wasn't loaded) is (usually) punished less harshly. And for reason -- violence has impact. I'd argue that you causing even one or two of those tellers significant trauma is a far far greater ramification of your actions than the $300
Not to mention, there are probably customers that were in the bank as well.
Cracking the bank only traumatized the sysadmin. And having been in both situations, well, it's not even comparable.
You're right about white collar criminals, and I think *that* is fucked up, at the same time, cracking can't (at least in the vast majority of cases) be compared to violent crime.
Re:It all depends (Score:4, Insightful)
Right... Visa should take a hacker's word that they've deleted the database and that they didn't leave any backdoors to get back in again later, because we all know someone who'd break into your system is someone you should trust.
Visa would be extremely neglectful if they didn't take every action at their disposal to minimize damage in the wake of an intrusion. This means reissuing all the compromised cards, reinstalling every machine even remotely related to the one compromised, implementing new policies to detect a similar intrusion in the future. None of this is cheap.
You are not doing Visa a favor by breaking into their system because you're costing them almost as much as it would cost them if someone broke in and did exploit the hell out of those card numbers. Think about it.... do you want someone throwing rocks through your windows (breaking them in the process) just to show you the vulnerabilities in your house?
Re:no, it doesn't (Score:5, Insightful)
I suggest you actually READ the PDF. Your $1.2 million vase is NOT broken. The entire point of the article is that computer related law is broken.
If some kid sneaks in, watches some TV and leaves. he does NOT berak your vase. The crime is a misdemeanor. The economic damage is zero. This is sentenced as a "Base Offense Level" 6 misdemeanor. Perfectly reasonable.
Now lets look at what computer law does:
The kid didn't touch your cupboard or vase, but you decided you needed a cupboard with a lock for $5000. This counts against the kid and he gets +2 on the base offense level for $5000 in "damages". It now becomes a FELONY.
Then there is a +2 on the offence level for using a "special skill".
Then there is a +2 on the offence level for using "sophisticated means".
The kid did he not intend to cause any harm. The kid in fact did not cause any harm. So now a harmless prank that is supposed to be a level 6 misdemeanor is actually treated as a level 12 felony. THAT is the point they are making.
They also want to make sure this harmless prank doesn't get sentenced as TERRORISM. They don't go deeply into this topic, but they are also opposing certain "computer-terrorism" laws and proposed laws. They essentially make it terrorism for a kid to throw a snowball across state lines at a supermarket. The DOJ claims this is acceptable because they promise it will only be used in "appropriate cases". Pardon me, but I don't think a misdemeanor harmless prank should EVER be within the scope of a terrorism law.
Another problem they mention is one that came up in the Mitnick case. The kid takes a photo of your vase. The kid never shows the photo to anyone. Here's how computer law meaures this "vase theft": You paid $1000 for the vase, but you bought it on a $50,000 vacation. You later realize the vase is worthless and give it to the salvation army for free. According to computer-law taking the photo caused $51,000 in economic damages.
In the Mitnick case he copied software. If they had to spend money repairing damage Mitnick had done then there would be economic damage. If Mitnick had sold or given the software away then there would be economic damage from last sales. Yes, Mitnick broke the law, but the fact that he was charged and punnished based on tens or hundreds of millions in economic damages when the actual figure was zero damage was absurd.
And yes, one of the companies did in fact decide to give the software away for free (and it had nothing to do with Mitnick). Care to explain how he caused millions of dollars of damage by making a single copy of $0 software?
-