House OKs Life Sentences For Hackers 972
ByteHog writes "The House of Representatives voted overwhelmingly Monday to create a new punishment of life imprisonment for malicious computer hackers. The article on MSNBC also mentions that police can conduct internet or telephone eavesdropping without first obtaining a court order. Says a Rep from Texas: 'A mouse can be just as dangerous as a bullet or a bomb.'" Other articles can be found here and the text of the bill is available.
Has hacking ever killed anyone? (Score:5, Interesting)
Re:Has hacking ever killed anyone? (Score:5, Insightful)
Except (Score:5, Insightful)
Re:Except (Score:5, Insightful)
Re:Except (Score:3, Insightful)
Re:but how's that different... (Score:3)
Re:Has hacking ever killed anyone? (Score:5, Funny)
Re:Has hacking ever killed anyone? (Score:3, Insightful)
In all seriousness, could some one explain to me why we need to crack down on "Cyber Terrorists"? I thought it was the regular, box-cutter-weilding, gun-toting, bomb-making kind that were giving us problems lately. Shouldn't the government be trying to stream line its paperwork processes and attempting to fix internal security problems?
Shouldn't we be working harder to fix existing [nando.net] government agencies that don't work as intended instead of making new ones?
Re:Has hacking ever killed anyone? (Score:3, Interesting)
The term to cover this kind of legislation is "supercriminalisation". Such laws are redundant before they are even passed. Typically done to make politicans appear to be "doing something", especially if there is a lobby group needing to be appeased.
You could also look at it as a way of politicans avoiding doing their jobs whilst appearing to do so.
Re:Has hacking ever killed anyone? (Score:3, Funny)
Re:mod Parent insitefull (Score:2)
No it's no diffrent. However the palm piolt does not come with a promis that this can't be done. Where as mots hacked networks are aledged to be unbreakable
Re:Has hacking ever killed anyone? (Score:4, Interesting)
Yes, i agree, but not just for the hacker. I would at least take a serious look at the people responsible for the system. If some kids kicks agains the wall of a building and it collapses, who's to blame?
Has it?
Not that i know of, but i might happen. I've heard news somewhere about warnings for terrorist attacks through the internet, things like possible attacks to nuclear power plants. Personally i think anyone that build a system to control a nuclear power plant and connects it to the internet should get a life sentence. If a hack causes death the hacker can never be the only one to blame IMHO.
Re:Has hacking ever killed anyone? (Score:4, Insightful)
Maybe so, but read some of L0pht's papers about the widely insecure remote access to power grids, city works (traffic controls, etc.), and other such things which are probably very hackable and not connected to the internet.
I think the premiss of this law is probably correct. If you commit a robbery and someone gets killed during the commision of that crime the law regarding that crime says you may be held accountable for that death. I don't think this law is much different.
If I hack something like a city's traffic control system and start playing around, only to leave the busiest intersections lights green in both directions, then unbeknownst to me some Soccer mom and her 5 kids get killed by a 18 wheeler driving through said intersection, I'm the one liable for their deaths. The people responsible for maintaining the traffic system may also be liable under either criminal or civil matter for neglegence or something like that, but they can't be held responsible for my actions. Just like, going back to the robbery, if that store owner pulls his gun and shoots and me but hits a customer, I'm still on the hook for the customer's death.
I am not a lawyer, nor a gynocologist, but I play both in my back shed.
L0pht's testimony? Backscratching at its finest. (Score:3, Informative)
I must be out of the loop: the L0pht never released any white papers on infrastructure insecurity. They merely, at the behest of the NIPC, testified before Congress something to the effect of "if we wanted to, we could hack the nation inside of an hour" or some ridiculous hyperbole like that. They're good hackers and all, but the sane mind looks to the reasons why they said what they did without any proof as they'd be wont to provide in any other situation: the almighty buck. The FBI got its "cybercrimes" division and the L0pht merged with @Stake, who now performs federal contract work for... guess who?
Judges take intent into consideration. If I steal a car and intentionally run someone down, it will be treated differently than if I steal a car and accidentally hit someone; these laws handcuff the human element, turning judges from arbiters of law into life-sentence machines.
Re:Has hacking ever killed anyone? (Score:3, Interesting)
This is a very bad analogy. That is like saying "Honestly, I just pinged that company's website, and all of a sudden I was arrested." I really hate it when people paint the picture of the cracker (not hacker) as some innocent kid who didn't realize what he was doing. This law isn't for the kid who defaces a website, it is for something really friggin serious. And now you are suggesting that the owners of the system be punished too? What if someone roots your system, and then hacks into some bank, then gets caught? Should you be held responsible, or the bank? Gee, how about the person who knowingly did something illegal? That is a novel idea.
The obvious downside of this law is that it will be used when the situation isn't that serious. It would have to be a hack that endangered lives. If it were used against someone who just caused monetary damage, then it would be a sad day. After all, do you think the Enron and Andersen boys at the top are going to be spending life in prison? Hell, John Walker Lindh is only expeced to get 20 years.
Re:Has hacking ever killed anyone? (Score:3, Informative)
My mother used to work for GPU Nuclear, the company that owned Three Mile Island and Oyster Creek among other nuclear reactors. Their security, even way before the whole terrorist threat being brought to the foreground, was practically unbreakable. Nuclear reactors are considered super-high risk by the government - try getting a job there, let alone approaching one. They do extensive background checks through the FBI, and the perimeter is protected by 12-foot high barbed-wire fences and armed guards with sub machine guns and orders to shoot on sight.
The internet services and the computer systems that control the reactors aren't physically connected. That's the easiest way to keep it secure, right? Offer no access.
Pop quiz: do you know one of the major reasons Three Miles Island came so close to a meltdown? their security was too tight. They didn't want to risk anyone getting any major telephony access to the site, so there was only one phone line leading to the outside world. Naturally, it was rather tied up with people calling their families so reenforcements were substantially delayed.
Disclaimer: IANANE (I Am Not A Nuclear Engineer) but I grew up with someone in the business - my mom was THERE when TMI almost melted.
Triv
Re:Has hacking ever killed anyone? (Score:2)
Most stuff now resulting in death might get you manslaughter. It's just not intentional to cause loss of life.
Re:Has hacking ever killed anyone? (Score:3, Interesting)
Examples:
-Hacker breaks into medical records. Changes some patient info. Patient receives medicine they are allergic to and dies.
-Hacker breaks into a computer controlling traffic lights. Causes a system failure and a traffic accident occurs killing some people.
-Hacker breaks into a weapons manufacturer's recipe computer and changes some chemical mixture information. Wrong amounts get mixed and an explosion occurs killing those mixing.
It is possible scenarios like these have played out and it never got reported because no one was aware of the intrusion.
Re:Has hacking ever killed anyone? (Score:4, Insightful)
Re:Has hacking ever killed anyone? (Score:3, Informative)
"Within the week, a red-faced software company, DSC Communications Corporation of Plano, Texas, owned up to glitches in the signal transfer point software that DSC had designed for Bell Atlantic and Pacific Bell. The immediate cause of the July 1 crash was a single mistyped character: one tiny typographical flaw in one single line of the software. One mistyped letter, in one single line, had deprived the nations capital of phone service. It was not particularly surprising that this tiny flaw had escaped attention: a typical System 7 station requires ten million lines of code. From The Hacker Crackdown, by Bruce Sterling, 1992."
Today we learn the difference between a fact and a rumour.
Kierthos
The Red Scare Part II (Score:2, Insightful)
Our society may need technology to function but this dependance is going to extremes.
And, of course, what happens to the programmers? If I design a faulty home security system I get sued don't I??
Hmm...
Are you now or have you ever been a hacker?
Re:The Red Scare Part II (Score:5, Insightful)
Security professionals, you know, the guys who catch and provide evidence to prosecute the "malicious" hackers, are themselves hackers (BTW, I _AM_ a security professional - or rather I was before this fucked up bill came about.)
So, who decides who is malicious and who isn't? I know the answer, no need to tell me. The ones who write the flawed security software. The so called "experts in the field". Well, if laws like this continue to take hold, and dumb asses who have no idea what technology is or how to deal with it are left to determine who is a "malicious hacker" and who isn't, then the REAL professionals will dissappear. The only secure systems will be those that belong to the real cyber-criminals, because they will be the only ones who know enough about the systems to secure them.
Those of us who really do care about security will be, and have been, labeled "malicious hackers" by those that write the faulty software we discover. A bill such as this, and others that will probably follow, only server to give the irresponsible corporate buttheads that release such garbage a method to cover their asses when a hole is found. How many people will want to run the risk of testing systems for security now?
Need I mention eavesdropping is AGAINST THE DAMNED LAW no matter what the DoJ and the rest of government may say about it? Anyone ever heard of "due process"? Anyone know what that means? It means they have to go to court, have some evidence against you, by "oth or affermation", and have a judge give them the RIGHT to search ANY of your property or listen to any of your data transfers, no matter what form those transfers are in. But that's OK, because in such a terrifying society as ours, where there's a terrorist on every corner, it's nice to know Big Brother is watching, isn't it?
I've warned people for a LONG time about this sort of crap. I was banned from LKML for such warnings (from which I received many a thank you) and how they could destroy Linux and other free and Open Source software. With the inaction of the populous in general, the fact that most people dont' pay attention, are naive about what's going on and how it will effect them, and the lack of voter participation, is this type of thing any great surprise?
Does anyone really expect a politician to understand the first thing about technology let alone how to deal with it? Does anyone really expect the corporate experts to lead them down the right path, when it's the corporations those experts represent that will lose if government were to take that path?
The ONLY way laws regarding technology will every be made that actually help the industry, and more importantly the general populous, is if those that sit around bitching about it actually put some actions where their mouths are.
Welcome to the United Corporations of America.
(Now what kind of disclaimer do I need to place here to keep some rotten corporate gorilla from trying to sue me for voicing my opinion in a supposedly FREE country? Whatever it is, consider it posted right damn here!)
I suppose "hackers" will get tossed in the brig without an attorney too? Does anyone aside from the true hackers out there _REALLY_ know WTF a hacker is? It certainly isn't what you hear about in political circles and on the damn news.
Paul G. "I don't do Windows" Allen
(and if you doubt that I am, I'll prove it!)
Okay, this is pretty much it. (Score:3, Insightful)
Run an "unsecured" operating system? You're a terrorist.
Share files? Terrorist.
Complain about corporate abuse? Terrorist.
Demand your Fair Use rights? Terrorist.
Fail to consume your fair share? Terrorist.
In 100 years, when they are picking over the ashes of our civilization wondering what went wrong, this will be the turning point day they decide on...the day when you could get LIFE in PRISON for using a computer.
Re:Okay, this is pretty much it. (Score:3, Insightful)
Using a(licensed) firearm to shoot soda cans off a fence != crime
Using a(licensed) firearm to shoot someone in the face == crime
Heated hyperbole will not help to advance your cause; only a reasoned consideration of the issues will.
I now jump off my soapbox.
Re:Okay, this is pretty much it. (Score:3, Informative)
Using a(licensed) firearm to shoot soda cans off a fence != crime
Actually, if you're in a densely populated area then it can be considered a crime. (Reckless endangerment.)
Using a(licensed) firearm to shoot someone in the face == crime
If the person in question has invaded your home and you are in reasonable fear for your life then it's self defense.
So, like all things (including the own a computer and go to jail for life statement) need to be clarified. The real issue is why this needs "new" laws. There are currently laws on the books for terrorist acts. There are laws for assault and murder as well. Just because the "weapon" is different shouldn't change anything.
The part of the bill that should be of the most concern is the provisions that cover something like "hot pursuit" where ISP's are allowed to monitor and turn over information based on a judgement call.
Re:Okay, this is pretty much it. (Score:3, Insightful)
Recall that recently, certain charges were dropped against Massoui because a commercial airliner was not specifically mentioned as a 'means of transportation' in the applicable federal law. It's not a waste of ink to spell out the new versions of old crimes that can be committed with new technology.
Define Terrorism (Score:5, Interesting)
Run an "unsecured" operating system? You're a terrorist.
Share files? Terrorist.
Complain about corporate abuse? Terrorist.
Demand your Fair Use rights? Terrorist.
Fail to consume your fair share? Terrorist.
Shooting people to pursue political gain? Not sure. Depends.
Holding a population hostage via threats of violence? Depends who does it.
Re:Okay, this is pretty much it. (Score:5, Interesting)
Terrorist: used by people to indicate other people that say or do things that the first group of people doesn't approve of, doesn't understand or isn't receiving any money for.
War on terrorism: The act of violating every basic human right of terrorists.
Peace: A situation where all terrorists are either dead or in prison.
From your post I see my self guessed definitions are pretty close to the real meaning of those words. (and boy will the world be a quiet place when the American government finally decides there's peace)
Re:Okay, this is pretty much it. (Score:2)
God, I wish McCain was in the White House instead of this idiot.
Re:You slashdotters are so disconnected... (Score:3, Interesting)
B) Bush is NOT taking citizens on the grounds of unamerican activities or what have you. You're making a mountain out of a mole hill. We're talking about a handful of non-US citizens that are believed to be associated with terrorists (murderers, not mere philosophical disagreements). This is not "anyone." This is not on "any grounds." You are distorting the facts.
C) Open government and "due process" is a good thing. However, not all good things are better when carried out to their extreme. In fact, some are downright harmful. Some of the practices that made sense 200 years ago, when it was very difficult for an individual to kill thousands of people, really make little sense now when it's relatively easy to do the same. I'm sorry, but I'm absolutely opposed to the idea of releasing someone who sneaks into this country illegally, who is KNOWN to be involved with terrorists organizations, either back into this country on bail or to deport them, merely because we can't find sufficient evidence to convict them in a traditional court of the more serious crime that they're probably involved in. Now that's not to say that I give my government carte blanche (and they DON'T have it) to do whatever they want with these people, but you'd attack ANY necessary change.
D) As for history, this cuts both ways. History has shown time and time again that you can't placate bullies, whether they be dictators in charge of a country or a terrorist leader. Some of the same policies that Bush has enacted are policies that should have been enacted in WWII and are being attacked by people like you.
E) It's a blatant stretch to assert that Bush, or anyone in this government, is so far gone in their change of policy that they're beyond control of the people. What's more, these policies that have been enacted are relatively slight policies and are easy to enact, so that enacting them really gets you no nearer to a police state, in reality, than we were previously. The press is still readily attacking Bush. The political opposition still does, although they're more hesitant because they're afraid to waste political capital. I really don't think that you can say with a straight face that we're in any danger of slipping into a police state given all the facts (especially when you take into account the greater risk of a massive terrorist attack).
Slight correction (Score:3, Insightful)
Peace: A situation where there hasn't been any overt terrorist activities, and the government decides it cannot afford to sustain the high-level of alert because of budget deficits and the coming elections.
Terrification (Score:5, Interesting)
When I was training typical office workers in using computers back in the 80s, the most difficult hurdle was that most of them were terrified that the computer was sentient enough to become offended if they did something 'stupid' and intentionally punish them for their mistakes. Just as Muslims see a god in their book, even 'modern' Americans tend to see gods in their boxes - and both are terrified that those gods will punish them if they stray, even in ignorance, from their presumed commandments.
And now the Congress is terrified of computer networks, and seeks to terrorize those who appear to be favored by special powers by the new network gods, who must be made fearful of Congress's powers lest they reach out through the networks to strike them dead.
Lesson: Anyone whose power source is different from your own is guilty of witchcraft (whether that source is more or less advanced than yours makes little difference - thus 'modern' medicine derides 'witch doctors'). Since that witchcraft terrorizes you, you must hold the witches in check by terrorizing them in return. This is all simple anthropology.
Sometimes the witches (fundamentalist Muslims) are trying to kill you; sometimes they (sysadmins) aren't. The key to maximizing peace is overpowering the first group either with new culture or, if that fails, with containment or death; and overpowering your own paranoia regarding the second group, by whatever means are available. The tricky part comes if our own Congress continues towards behavior equivalent to that of fundamentalist Muslims. Our first course should be to ease their paranoia.
___
Re:Okay, this is pretty much it. (Score:4, Interesting)
I'm sorry, I thought you were referring to the term: "Freedom Fighter".
So Jews are justified to live on land b/c they evicted others by force. Palastinians are *not* justified to live because jews were evicted by force.
Arabs are *evil* b/c of war to take over land. Jews *rightfully* conquered land through war.
You Sir, are a logical three ring circus.
-b
Since I doubt you actually read the legislation... (Score:5, Insightful)
`(B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.'. (my bold)
You may think of 'hacking' as an act in and of itself. This bill deals with various crimes that a 'hacker' might perform, using hacking as a tool or a means.
For additional perspective, refer to these acts mentioned in the bill:
(F) whether the offense involved a computer used by the government in furtherance of national defense, national security, or the administration of justice;
(G) whether the violation was intended to or had the effect of significantly interfering with or disrupting a critical infrastructure; and
(H) whether the violation was intended to or had the effect of creating a threat to public health or safety, or injury to any person;...
Examples of acts that are contemplated here: disabling a national defense warning system; flooding a city by opening the spillways on a dam; disabling the air traffic control system in a busy metropolitan area.
And for those who will quickly argue that these systems should not be connected to the Internet, note that the bill does not limit these acts of 'hacking' to access from the Internet. Hacking can also include access from inside a company or facility, dialup access to a piece of critical equipment, or even some acts of 'social engineering.'
These are not new criminalizations of innocent acts. They are simply expansions of existing principles to include new technology and means of hurting people and property.
you could get LIFE in PRISON for using a computer.
That's like complaining that you could get LIFE in PRISON for using a screw driver. If you use that screw driver to tighten screws, you're fine. If you stick it in someone's eye and wiggle it around, you may be facing LIFE in PRISON for the MURDER that you committed with your SCREW DRIVER.
Re:Since I doubt you actually read the legislation (Score:3, Insightful)
(G) whether the violation was intended to or had the effect of significantly interfering with or disrupting a critical infrastructure; and
(H) whether the violation was intended to or had the effect of creating a threat to public health or safety, or injury to any person;...
So if Joe sends an email to Jane and for some reason that email trigger some weird bugs that somehow cause some shitty system to go down and that system going down cause G or H then you can get life imprisonment for sending an email?
Ok that exemple is a bit extreme, but still, given how everthing is/can be interconnected through computers who knows how much unintended effects can result from some interraction with buggy software.
Re:Since I doubt you actually read the legislation (Score:3, Interesting)
Re:Since I doubt you actually read the legislation (Score:3, Funny)
That's like complaining that you could get LIFE in PRISON for using a screw driver. If you use that screw driver to tighten screws, you're fine. If you stick it in someone's eye and wiggle it around, you may be facing LIFE in PRISON for the MURDER that you committed with your SCREW DRIVER.
Good point. We need a new screwdriver law.
Re:Okay, this is pretty much it. (Score:2)
Of course, it will be even worse when someone is reporting what they think is a malicious hacker, because computer illiteracy is as widespread as reading and writing illiteracy was in the Medireview days.
Re:Okay, this is pretty much it. (Score:2)
John Walker Lindh is A MEMBER OF THE TALIBAN, and is charged as a traitor to the United States, is only receiving 20 years in jail. Not only that, but he will probably get parole in less than 10 years.
However, under this new bill, someone like Kevin Mitnick would see life in prison.Re:Okay, this is pretty much it. (Score:4, Insightful)
I don't see how (Score:2, Insightful)
omfg- (Score:5, Funny)
Show me one hacker who uses a mouse to hack, even second rate wannabe script kiddies use shell prompts.
Re:omfg- (Score:3, Funny)
I know it can't be a computer mouse, because they're too fragile to use as weapons. Their plastic cases crack as soon as you whomp somebody with them. And you can't easily eletrecute people with them, either.
Your civil liberties (Score:4, Insightful)
Oh very nice we can now punish people who commit murder through electronic means, except we can already do this with existing murder laws.
Economy and endanger lives eh? I guess were clear which one is the most important in the eyes of the government by the order those were placed in.
We're doing this to stop terrorism? Oh ok that explains it.
Hmm... (Score:5, Insightful)
Wow. (Score:3, Insightful)
Its not as harsh as it sounds. (Score:5, Informative)
In other words, they are authorizing life sentences for attempted murder through hacking, which I think is very reasonable. Attempted murder can already get you a life sentence, I don't see why it should be any different if you attempt it through a computer than if you attempt it through any other means.
Re:Its not as harsh as it sounds. (Score:2, Insightful)
Oh, looks like they are, just as you said. So why do we need a new law? Does it make a difference what tools are used? It can't see how it should.
Re:Its not as harsh as it sounds. (Score:3, Insightful)
--
Benjamin Coates
Re:Its not as harsh as it sounds. (Score:5, Insightful)
Re:Its not as harsh as it sounds. (Score:3, Insightful)
Because it's an election year, and Joe Congressman needs the law to show the voters he's tough on terrorist hackers.
Re:Its not as harsh as it sounds. (Score:3, Interesting)
Well, logically there wouldn't need to be a new law. But you are forgetting, lawyers will wiggle through any available hole. It could be argued that you can't actually murder someone through a computer because it isn't quite a tangible thing. The new law is probably just to plug that hole.
Re:Its not as harsh as it sounds. (Score:3, Insightful)
Not unlike hate crime laws, which legislate additional penalties for already criminal acts based on the victim's membership in some group and the criminal's thoughts.
Assaulting me: 1 year.
Assaulting me because I'm Zoroastrian: 5 years.
Assaulting me by hitting me over the head with a computer: 10 years.
Passing feel-good laws that make a patchwork of justice: priceless!
Re:Its not as harsh as it sounds. (Score:4, Insightful)
If there is a life sentence for computer hacking why isn't there one for mallicious cooking of the books?
(answer: The politicians would be so vulnerable that they couldn't pass it)
Re:Its not as harsh as it sounds. (Score:5, Funny)
Re:Its not as harsh as it sounds. (Score:3, Insightful)
No one expects the... (Score:2, Funny)
Now all we need is for the FBI to issue red vestiments to their Computer Crimes task-force and when the pop in the door they can scream:
No one expects the...
Yep, it's war on drugs part deux (Score:2)
Goodbye to spyware.... (Score:2, Interesting)
This is true (Score:5, Funny)
This is true (Disney)
Bombs are good? (Score:5, Funny)
Says a Rep from Texas: 'A mouse can be just as dangerous as a bullet or a bomb.'"
If this is the case I see no reason why Best Buy should not be allowed to stock bombs.
Imagine the possibilities. This could bring smiles back to the faces of teens everywhere.
Re:Bombs are good? (Score:3, Funny)
A mouse can be just as dangerous as a bomb or bullet. But only in close quarters combat. Grasping the cord, whirl the mouse around your head, then strike your opponent in the face with it. While he is dazed, move behind him, and loop the cord around his neck, making sure that he does not interpose anything between the cord and his neck. Then, pull the cord tight, and wait.
I like this part.. (Score:2, Insightful)
The sad part is, i doubt many people will fight this. Sure, the media will acknowledge its existance, but will say that it makes life sentences available for hackers who damage our infrastructure, and further hurt digital terrorists in our country (clip of something in there). Nobody will hear about the invasion of privacy stuff. Oh wait--what privacy. Sorry, guess i forgot that its not for your average American Citizen.
woke up this morning (Score:2)
question is- what do we do about it?
would that qualify as cruel and unusual punishment? is there anything in the constitution saying the crime must fit the bill?
Where does this leave honeypot systems and the like?
Will this include items suchs as peeka-booty?
This makes me want to send a 2 line email to my congressmen including these lines:
"are you fucking retarded?
How can you say that things like this [2600.com] are equivelant to this? [cnn.com]
But of course I'm sure it will soon be illegal to critisize our own gov't- because that will PROVE that we're terrorists.
(Please god don't make be become a fucking political activist.)
Re:woke up this morning (Score:2)
WorldCom (Score:3, Insightful)
The funny thing is that the biggest threat to the internet right now is WorldCom itself....since they own UUnet and are going seriously bankrupt. Of course UUnet will stay alive somehow, either by WorldCom, sold to someone else, or through a government bailout. The major backbones and networks are really in a pretty powerful position, since they control major portions of the internet.
Don't understand... (Score:5, Insightful)
As I understand it, the bill relates to the case of "if the offender knowingly causes or attempts to cause death or serious bodily injury."
Doesn't the USA have laws against this already? I mean, if I murder someone with a frozen banana, it's still murder, you don't need a law saying "you are not allowed to murder someone with a frozen banana". Surely knowingly causing or attempting to cause death or serious bodily injury is currently against the law anyway, however you go about doing it? Why is this law necessary?
Re:Don't understand... (Score:5, Insightful)
And for quite some time I wondered the same thing a lot of people did on this thread -- why did we need a specific law? Why doesn't current case law apply?
Well, the answer probably is that, in theory, we don't need a law. Current case law does apply. The problem is that too many lawyers push the law to the limits in defense and start weasling around the letter of the law rather than the spirit. How would you like for a legitimate hacker to get off scott free because a lawyer successfully argued that his client didn't attempt to kill an entire town by sabotaging the water control systems, it was the guy who was working there that day and doing his normal job. Irrelevant that the normal control procedures had been subverted.
Silly? Sure. But that's the way the legal system runs at times. This law prevents that kind of crap.
Now, the wiretapping without a warrant is a whole different issue. But people are far too willing to give up their freedom for a false sense of security nowadays. It's very, very sad.
appropriate "department" (Score:3, Insightful)
mouse (Score:2)
Then buy a cat. And stop calling crackers hackers.
What do these names have in common? (Score:3, Insightful)
Pray you never find out the hard way.
not so terrible? (Score:2)
The more dangerous computer criminals (no, I won't call them "hackers") are in the eyes of the public, the more respect non-criminal computer experts, like most of us here on Slashdot, will get.
When we choose to use our skills for good rather than evil, we will be seen as the benevolent protectors of society, much as the police and military (trained in the arts of combat, just like criminals) are seen today.
Don't push that button! (Score:5, Funny)
Senetor Hollings also commented, "I believe this new legislation will act as a deterrant for would-be hackers trying to kill people with pirated music." he continues, "The reason why there aren't more people with broadband Internet connections is precisely because of things like this. How can the movie industry adopt a medium that can kill people with the push of a button? No, no one wants broadband if they know there's hackers out there that can kill them with a few mouse clicks."
A representative from the Bush Administration says that the new law will cut down on the rampant child pornography rings on the Internet by allowing Federal investigators to intercept any email containing questionable material and forward it directly to the President.
President Bush commented, "Al Queda is encrypting messages in porn sites all over the Internet. I plan to PERSONALLY put an end to this terrorist network."
level of sophistication (Score:3, Insightful)
I'm not sure I see how the level of sophistication should affect the sentencing. Does this happen in other crimes? ("He shot her a bit amateurishly, so we'll only give him 5 years"). And why does it make a difference whether its a government computer or not?
Of mice and bullets (Score:2, Funny)
It's natural to fear the unknown.. (Score:3, Interesting)
So hacking (cracking) is no different. Most people don't understand it. They see from movies that people can sink ships and fire nukes by playing with BASIC on their Apple IIe.
And yes I read that a life sentence is only for murder, but I'm sure a crime done through hacking will get a longer punishment than through "normal" means. There are examples of this happeneing already.
Context people, context... (Score:3, Insightful)
Section 1030(c) of title 18, United States Code, is amended--
`(B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.'.
If you try to kill somebody you might get a life term, no different to recklessly or knowingly causing death any other way. So you try to crash air traffic control computers you get thrown in jail for life - sorry if I'm not too sympathetic.
The US only has 3 sane "representatives" ? (Score:2)
Murder is murder is murder, whether you use a gun, a knife, a baseball bat, an umbrella or a computer[1].
It seems that the major western governments are rushing towards right wing police states, using terrorism as the excuse to do so. Do your "representatives" really represent you in this?
[1] Though not a spoon. I think you should be let off for ingenuity if you manage to kill someone with a spoon.
More dangerous then a bullet? (Score:2)
- 'A mouse can be just as dangerous as a bullet or a bomb.'
Although the mistake of considering the mouse the hacker's weapon (it should be the keyboard), he knows what he's talking about.For they if someone dies, there's always somebody else giving birth somewhere. But if they lose money, they can't win it again. So, for them money is much more important then lives.
Now we are sure that this is the way they think!
Phreakers.... (Score:2)
We Phreakers demand Equal RIGHTS!
Mice considered dangerous (Score:2, Funny)
So can a House member for Texas if he falls on you from a great height.
Suitable punnishment for spamming? (Score:2, Interesting)
If it takes each recipient an average of one second[1] to identify and delete a spam, then sending (60*60*24*365*70) = Two Thousand Million spams will consume a lifetime[2] of time[3] on the part of the recipients.
Could we convince the lawmakers that a life for a lifetime would be an appropriate punishment?
Andrew
[1]Some people read them, some scan them, some deal with them automagically, 1 second average is a guestimate.
[2]Three score years and ten. Seems like a reasonable number.
[3]Of course this ignores the waste of resource and collateral damage, such as an important email junked because it looked like spam or an importand email lost amongst the spam.
C'mon, people. (Score:3, Informative)
Read the penalties section of the bill. Its life imprisonment for people who attempt to cause death through hacking. That is, if I hack into a control tower and try to make planes crash, I might be sentenced to life in prison.
Currently, that would be a weak case of attempted murder. We have crimes in the country that say "If you commit a crime, there's a penalty. If you commit a crime with a weapon, thats a more serious penalty." Well, when using computers as a weapon, its a weapon.
Just the beginning // and that's not all bad (Score:3, Interesting)
In most states of the US (and most developed nations) you are not allowed to operate an automobile without maintaining basic safety (and emissions) equipment. I expect sometime in the near future similar requirements may be made of systems connected to the internet.
Today the conversations may look like: .. I pay for this service and I'm not responsible / can't afford to fix it ...
ISP: Your system is being used for attack by an intruder, if you don't take it offline and get it fixed we will enforce our AUP and take you offline.
customer1: Ooops, sorry ok we'll spend the $$ / time to fix it
customer2:YOU CAN'T DO THAT
ISP: CLICK
Today, while it's feasible to keep systems patched / audited for a reasonable level of safety, many (most?) orgainizations don't have the skillset / funds allocated to keep their systems secure against even the 'kiddies, let alone a determined attacker. That's gonna have to change IMO either thru systems that are harder to break into in the first place or better practices.
Some of the provisions of this bill are also simple clarifications of existing statutes. For instance see the provision: Specify that an existing ban on the "advertisement" of any device that is used primarily for surreptitious electronic surveillance applies to online ads. -- apparently while it's illegal to advertise wiretapping equipment in print, this will extend the restriction to online ads also.
This explains why I've been seeing the adds and spame for keyboard keystroke recorders (shame on you thinkgeek!) and packet sniffers to protect (spy on) your kids or spouse.
Of course it is... (Score:5, Funny)
Read the bill before you post people (Score:3, Insightful)
"(B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.'."
This just acknowledges that computers are integral and vital parts of our lifes and can be used in malicious ways just as knifes or guns. Welcome to the global village and the on-line world people.
Legal terms (Score:3)
Say you hack a website, that website feeds a stock ticker on another site, and because you've changed the page that stock ticker now shows a zero value for that company's stock. Some investor sees it, and thinking his investments are now down the toilet, jumps out the window to his death.
Now, your hack wasn't really malicious, you didn't think it would cause anyone's death. That's where the "recklessly" comes in; you didn't think of every possible outcome of your actions, thus they were reckless. That's what the prosecution is going to argue. Once the prosecution paints you as reckless, then the jury is swung to their side.
Some clarifications of meaning... (Score:5, Interesting)
Nevertheless, the bill does not *merely* do what the news reports claim, and in that, it is alarming.
The interesting part is the definition of "protected system", which is taken from "18 U.S.C. 1030" (search for it in your favorite search engine), and the modifications made to it by the bill.
It does not involve only government computers, as the text of the bill itself implies. It also involves "any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954" -- most of which is public information these days, and available from many web sites containing information on basic high energy physics (apparently, congress-critters believe that if they can't figure something out without a crib sheet, neither can your average university-trained physicist or engineer, which is why they think they could successfully legislate against light switches).
Further, it includes records from "information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer", per "15 U.S.C. 1681".
This can be loosely interpreted to mean "any system which stores credit card numbers".
--
The real question that we should be asking is whether this is a Writ Of Mandamus... it seems so, since there do not appear to be practical restraints on use of information gathered under the terms of this bill (i.e. "We thought he was a terrorist; as it turns out, our justification was bogus, but we still get to use the evidence gathered to inform against him for that Metallica MP3 he downloaded").
From my reading, it's unconstitutional, under the 4th Ammendment.
Of course, since it passed by such an incredible amount in the House, there no reason to believe that it will not quickly become law: it clearly has wide bipartisan support, and will clearly get the White House's approval (see below).
What that effectively means is that it will remain law, until it is challenged by a perpetrator on the basis of constitutionality. Basically, the law will have to be violated to be tested, at considerable risk to the violators, given the tendency recently for the Federal Government to use the Bill Of Rights in place of toilet paper.
I guess the only thing we don't know is whether this is an overreaction to last September, or if its an overreaction to the lack of consumer confidence in the market, where they think if they can point to themselves "*doing* something about some real market risk", we will forget all about "the man behind the curtain", and not insist on substantive tort reform.
If you read the House Report version of the bill, you'd think the latter (e.g. reaction to "Enron")... almost all of the listed congressmen are from -- *surprise!* -- Texas.
The Constitutional basis for incorporation itself is to serve the public and shareholders interests (read the relevent USC on incorporation, if you don't believe me); this seems to have been reduced to nothing more than "fiduciary responsibility to protect shareholder value, and screw public interst". More fundamental reform is required: this is not about people not acting like a--holes for fear of the penalty, it's about people not acting like a--holes because they *aren't* a--holes.
-- Terry
It will be nice when nerds learn to read... (Score:3, Insightful)
they arent talking about a DoS attack & they arent talking about defacing someones website. they are talking about air traffic contol systems, stoplight controls on busy intersections, railway switching programs, nuclear powerplant software and other things that have the potential to cause graet harm...
they may have been watching to many movies, but I see where they are coming from....
Redundant and Unconstitutional (Score:5, Insightful)
Second, the rest of the law is redundant and unnecessary. Crimes committed via the internet should receive the same punishment as those in the real-world, where the situation is analagous. For example, breaking and entering can be treated the same. Simply hacking into a persons computer is breaking and entering, even if it causes no damage; similarly, breaking/entering into a person's home, even if you do no damage or steal nothing (and don't damage the locks), is a crime.
When a hacker purposefully hacks into, say the USAF HQ, and steals top-secret documents on airplane design, then divulges them to China that's a crime just as it is in real life (treason). Similarly, it should be punishable just as it is in real life (by life in prison or death).
Another example, if a mob boss orders an underling to kill someone via an on-line e-mail, that's murder and conspiracy to commit murder. It should be punished just as it is in real life: by life in prison or death.
The fact that a crime took place over the media of the internet does not greaten or lessen its severity or lack-thereof. It simply creates a jurisdictional issue. The issue can be solved like such: if a crime is committed on the internet and its affect occurs in that state, then its the state's jurisdiction; if it occurs in one state and affects another (i.e., the mob boss in NY orders his hitman to kill someone in CA), then it should be under federal jurisdiction.
Re:Redundant and Unconstitutional (Score:3, Insightful)
To determine how I know these are obviously not breaking and entering, you have to go back to what makes breaking an entering wrong: because it violates a person's right to propertty and privacy.
In the case of deleting the last part of a url, that's not breaking/entering, because in offering a website to the public w/o access restrictions, its like having a garage sale. You can't have a garage sale and then sue someone for tresspassing when they come to inquire whats for sale. In other words, simply putting a site on the net without any restrictions implies that you want people to view it.
Waiting period on mice? (Score:5, Funny)
Just great, now we'll have a five-day waiting period on mice, and export controls.
And now that he's equated mice with weapons, wouldn't the 2nd Amendment kick in to guarantee your right to keep and bear mice?
Last question in relation to that statement: If a cracker only uses the keyboard, is he safe from prosecution?
Anybody read the text? (Score:3, Interesting)
It's our own fault (Score:4, Funny)
The Hacker Manifesto (Score:5, Insightful)
The Conscience of a Hacker
by Mentor
Written on January 8, 1986
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him,what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school. I'm smarter than most of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer.
Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up.
Not because it doesn't like me...
Or feels threatened by me...
Or thinks I'm a smart ass...
Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened. A door opened to a world rushing through my phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.
"This is it... this is where I belong." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all.
Damn kid. Tying up the phone line again. They're all alike.
You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals.
We explore... and you call us criminals. We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all...
After all, we're all alike.
Copyright 1986 by Loyd Blankenship (mentor@blankenship.com). All rights reserved.
What happened to community service? (Score:3, Insightful)
It is interesting that Congress has approved a penalty usually reserved for murder for a crime that essentially amounts to expensive vandalism. If you deface a wall, you get a few hours of community service. If you deface a website, you get life. I would say that it is difficult to consider a society that can put people in prison for life for a crime that is more or less a misdemeanor a free society.
What about those Enron and Worldcom executives? When do they get life in prison or an even stiffer sentence? The crime they committed was premeditated stealing. That at least would be considered a felony in most cultures.
Moral:
If you are greedy and like to steal, Uncle Sam wants you to run a major corporation and write a book. If you are a teenager and have nothing better to do than deface a little property, better do it with spray paint, because if you use your computer, you can grow old in prison.
Nice message we are sending to young people these days. I suppose Gecko was right: "Greed... is good!"
Re:Dangerous things those mice (Score:2)
Re:What if... (Score:3, Funny)
Re:OMFG!! (Score:2, Insightful)
And If you wanted to roll your own car, no problemo. As cars became more or less everybodys-god-given-right, accidents started to happen everywhere and people did die. It will happen! Computers will be as regulated as cars. And it will happen soon. Sooner than we would like.
lazee_coward
Re:Typical (Score:5, Insightful)
IT'S A BILL
This still needs to go to the Senate and the Pres. Lobby them.