Lawyers Say Hackers Are Sentenced Too Harshly 439
Bendebecker writes "Cnet is reporting: 'The nation's largest group of defense lawyers on Wednesday published a position paper arguing that people convicted of computer-related crimes tend to get stiffer sentences than comparable non-computer-related offenses.' Finally, someone is listening..." The document makes the points that most computer crime cases involve disputes between an employer and employee, and that the seriousness of the offense is generally comparable to white-collar fraud cases.
Well (Score:3, Interesting)
Quite frankly given the number of laywers who do their best to circumvent the true spirit of the law I don't want them making any public statements on my behalf...
Re:Well (Score:5, Insightful)
Who says they are deciding. They are stating their opinion. It is up to legislators to create and modify the law and judges to uphold it. Lawyers just happen to be the most intimitately involved with both types of cases and therefore are qualified to state an opinion.
I would also point out that they are as free to state their opinion as you are.
Re:These lawyers are not qualified. (Score:3, Informative)
What planet are you from? Do you know anything about law? Think about what you're saying for a second.
Lawyers don't make statements of fact, they present evidence to witnesses, the validity of which is then discussed in court. They call expert witnesses to testify when such testimony is needed. Apart from their opening statement and concluding remarks, they are not allowed to make speeches, or make unsubstantiated statements of fact as part of their cross-examination. Since they don't make statements of fact, how then do they lie?
The lawyers here are making the case that compared to other crimes causing similar levels of damage, and involving similar levels of malice/negligence, the convicted party receives a comparatively harsher penalty because there was a keyboard and processor involved, and their comments force lawmakers to justify the practice.
The level of penalties at present was decided upon arbitrarily, and not with reference to other similar crimes. Given the statement the lawyers have made, the lawmakers now have to go back and either reduce the penalty or explicitly state why it is that the penalties are higher.
This is a good thing regardless of what happens to the level of penalties because it forces the law to remain internally consistent - if you shoot someone for stealing a loaf of bread but let a multi-million dollar con-artist off with a caution, that's inconsistent - they're arguing the same occurs here, and it's worth ironing it out, for the sake of the people we're punishing. "Justice" is supposed to be even-handed.
Re:Well (Score:3, Insightful)
Also, this particular group of lawyers are defence lawyers, so it's their job to defend crackers and fight for their rights, which would include the whole fairness issue.
And also, these people might be judges someday, so then it will be their job to determine what fair judgement is.
Re:Well (Score:5, Funny)
Your behalf, eh? That's admission of guilt, get him boys.
Re:Well (Score:3, Insightful)
1) Judge (often a lawyer)
2) Prosecutor (lawyer)
3) Defense Attorney (lawyer)
Also, think about this. Whenever the two sides work out a plea bargain rather than going to court, you basically have 2 lawyers hashing out what is a fair penalty for the crime involved.
So, in response to your statement, I would have to say that lawyers have always been the beacon for what fair punishment should be since the modern criminal system came into being.I'm sure it's fun to take potshots at lawyers, but you need to realize that they do run the system to a large extent.
IANAL
Re:Well (Score:2)
Re:Well (Score:3)
Apparently no one has actually read the PDF link. They are pointing out a bug in the law.
Level 6 misdemeanor crimes are receiving level 12 felony sentences.
-
Re:Well (Score:3, Insightful)
>out of work
Absolutely zero:
How much time did the MIS manager and CTO do? They share the responsibility for not securing the system. If the risks are that great, then not adequately protecting against those risks is criminal neglect.
Re:Well (Score:2)
That guy would only get a file at most! What justice is that?
It all depends (Score:5, Informative)
It all depends... (Score:2, Insightful)
Re:It all depends (Score:4, Funny)
Re:It all depends (Score:3, Funny)
But does it still warrant... (Score:5, Insightful)
Re:But does it still warrant... (Score:5, Funny)
more year in prison than the average raper ?
I first read that as rapper and, you know what? It still made sense.
Re:But does it still warrant... (Score:4, Insightful)
Well, who goes free and who gets convicted is a function of a randomly chosen population sample, not the government. Plus, if they follow the law, no matter what the laws says, then they're not "corrupt" in the "not doing their jobs" sense.
If a state government wanted to pass a puritanical "no kissing in public" law, they'd be well within their jurisdiction to do so, and the officers and judges and lawyers carrying out this law wouldn't be corrupt.
I agree that extremely violent offenses such as rape and murder should, without exception, give higher sentences than any other kind of crime. But that doesn't mean that a government that puts drug offenders and prank-hackers in jail for twice what the average rate for murderers is corrupt. Extreme, maybe, but not corrupt.
(And if you counter with "will of the people", I'll want to know an update on the status of the movement for a constitutional amendment requiring equitable and fair sentencing throughout the country.)
Re:But does it still warrant... (Score:3, Insightful)
unless you can point out a possession sentence that warrants years in jail.
Here's a guide to marijuana laws, by state. The current page is Texas, where you can get a year for 3oz and 2-10yr for 5lbs (possession). Any sort of sale will put you away for more than a decade. Hawaii is just as bad, but most states are more lenient. If you want a pot-friendly state, Colorado seems to be the place to be - mostly fines for possession. [norml.org]
Note that these laws are apparently for pot only. Do a google search and see if you can find out what cocaine possession will get you.
Re:It all depends (Score:5, Insightful)
If you immediately deleted the database, and sent Visa an explanation of the vulnerability, you should certainly be less liable than if you posted it on your FTP site, or wrote a small shell script telling Amazon.com to send every Visa holder a copy of "Curious George Goes to the Potty."
As things stand now, the prosecutor would just brew up an "analysis" showing that you cost Visa $500,000,000, point out that you're a terrorist, and sentence you to life in solitary (so that you don't manage to escape, gain access to a payphone, and start a nuclear war).
Re:It all depends (Score:4, Insightful)
Right... Visa should take a hacker's word that they've deleted the database and that they didn't leave any backdoors to get back in again later, because we all know someone who'd break into your system is someone you should trust.
Visa would be extremely neglectful if they didn't take every action at their disposal to minimize damage in the wake of an intrusion. This means reissuing all the compromised cards, reinstalling every machine even remotely related to the one compromised, implementing new policies to detect a similar intrusion in the future. None of this is cheap.
You are not doing Visa a favor by breaking into their system because you're costing them almost as much as it would cost them if someone broke in and did exploit the hell out of those card numbers. Think about it.... do you want someone throwing rocks through your windows (breaking them in the process) just to show you the vulnerabilities in your house?
Re:It all depends (Score:3, Informative)
stealing 8 million credit cards is a lot more serious than defacing a website for an hour, don't you think?
I assume you mean stealing 8 million credit card numbers. In which case, no, defacing a website causes harm. "Stealing" numbers doesn't hurt anyone.
Actually using those numbers, on the other hand... Well, that's not a computer crime.
Financial Damage can be tracked. (Score:3, Insightful)
If you spray painted the outside of walmart with the words "CLOSED - BUILDING UNSAFE" and they lost a days sales because of it would they not be deserve to recoup said loss?
Honestly I have no sympathy for hackers or any other type of white collar crime. Most all of them get far too light a sentence IMHO. So do many violent criminals as well. We spend so much of our time locking up drug users and dealers, while drunk drivers get off that we can't properly deal with REAL crimes.
Anyone remember the old Star Trek episode "I Mudd"
(Not an exact quote.)
Works for me...;-)
Hmmm . . . (Score:5, Interesting)
On the other hand I AM glad that computer crime is possibly going to be recognized as a white collar crime instead of a terrorist threat.
This one bombed a bus. That one stole a credit card. Kill 'em both!
Re:Hmmm . . . (Score:4, Insightful)
No. I vote.
String 'em up (Score:2, Insightful)
Re:String 'em up (Score:2, Insightful)
The point of the article is that there already are relevant examples and that hacker crime is analogous to white collar fraud. Ergo... it should be treated the same way in the law and in sentencing.
depends what you did (Score:4, Insightful)
they shouldn't have equal sentences, but that isn't to say one of them isn't deserving of what they get...
Re:no, it doesn't (Score:5, Insightful)
I suggest you actually READ the PDF. Your $1.2 million vase is NOT broken. The entire point of the article is that computer related law is broken.
If some kid sneaks in, watches some TV and leaves. he does NOT berak your vase. The crime is a misdemeanor. The economic damage is zero. This is sentenced as a "Base Offense Level" 6 misdemeanor. Perfectly reasonable.
Now lets look at what computer law does:
The kid didn't touch your cupboard or vase, but you decided you needed a cupboard with a lock for $5000. This counts against the kid and he gets +2 on the base offense level for $5000 in "damages". It now becomes a FELONY.
Then there is a +2 on the offence level for using a "special skill".
Then there is a +2 on the offence level for using "sophisticated means".
The kid did he not intend to cause any harm. The kid in fact did not cause any harm. So now a harmless prank that is supposed to be a level 6 misdemeanor is actually treated as a level 12 felony. THAT is the point they are making.
They also want to make sure this harmless prank doesn't get sentenced as TERRORISM. They don't go deeply into this topic, but they are also opposing certain "computer-terrorism" laws and proposed laws. They essentially make it terrorism for a kid to throw a snowball across state lines at a supermarket. The DOJ claims this is acceptable because they promise it will only be used in "appropriate cases". Pardon me, but I don't think a misdemeanor harmless prank should EVER be within the scope of a terrorism law.
Another problem they mention is one that came up in the Mitnick case. The kid takes a photo of your vase. The kid never shows the photo to anyone. Here's how computer law meaures this "vase theft": You paid $1000 for the vase, but you bought it on a $50,000 vacation. You later realize the vase is worthless and give it to the salvation army for free. According to computer-law taking the photo caused $51,000 in economic damages.
In the Mitnick case he copied software. If they had to spend money repairing damage Mitnick had done then there would be economic damage. If Mitnick had sold or given the software away then there would be economic damage from last sales. Yes, Mitnick broke the law, but the fact that he was charged and punnished based on tens or hundreds of millions in economic damages when the actual figure was zero damage was absurd.
And yes, one of the companies did in fact decide to give the software away for free (and it had nothing to do with Mitnick). Care to explain how he caused millions of dollars of damage by making a single copy of $0 software?
-
I have to state the obvious... (Score:2, Troll)
I think the sentences should be unified. A crime of type is equal to a crime of similar type. That demands equal treatment.
Re:I have to state the obvious... (Score:4, Insightful)
Have to exaggerate the problem... (Score:5, Insightful)
In many cases, the victim would be ignored if s/he didn't over-state the actual damages. I've heard victim after victim (right here on slashdot) state that they've went to the FBI/local officials, and were denied help because the actual damages didn't add up to a certain amount.
No wonder victims are overstating the problem, it's because they don't like being ignored.
--sex [slashdot.org]
Re:Have to exaggerate the problem... (Score:3, Insightful)
Re:Have to exaggerate the problem... (Score:5, Interesting)
Kevin Mitnick, in his Slashdot interview [slashdot.org], explained this in detail:
Suffice it to say, we need to find a compromise where we can accurately represent the loss of intellectual property without undually exaggerating its (non-material) worth.
Re:Have to exaggerate the problem... (Score:4, Interesting)
if you cannot produce an invoice or legitimate quote for repair/losses then you are told to shut up would fix every bit of this.
This one's easy to explain... (Score:5, Funny)
"White collar crime" - a misnomer... (Score:5, Interesting)
Scenario A: man walks into a store with a gun, demands they empty the till, walks out with a hundred bucks.
Net effect: 100 bucks for the store + mental anguish for people in there.
Punishment: Ten years
Scenario B: Man defrauds investors, pension funds etc out of millions or billions
Net Effect: Pension funds slashed, thousands made unemployed
Punishment: 5 years
We all know that white collar crime gets punished a whole lot less, but is that right ? Why shouldn't execs from the likes of Enron, WorldCom et al be looking at life behind bars for the havoc they have reaked ? Well because there really is a different set of laws for the rich. Sure they might even get 15 years in the cases of these massive frauds, but is this enough given the damage they have caused ?
So maybe the problem is that white collar crime is punished too little, rather than hacking is punished too much. Maybe having sentences for theft, fraud etc (of any kind not involving actual violent which already has punishments) should be related to the amount of money stolen.
Maybe 1 year per $1000....
Re:"White collar crime" - a misnomer... (Score:5, Interesting)
Re:"White collar crime" - a misnomer... (Score:3, Insightful)
The error in your reasoning is the presumption that criminal penalties are imposed in order to deter crime.
Given the high rate of recivitism it should be obvious that jail time never deters crime. The purpose of punishment is to get dangerous people off the streets and into an evirnonment where they will not do further damage to the general population.
Re:"White collar crime" - a misnomer... (Score:3)
Hey, you don't have to steal. I've been trying to give the damn things away. Send a SASE.
back to computer crime. (Score:3, Interesting)
That's true! In fact, most societies would forgive you if you shot and killed someone who was busy carving up their friend with a knife. Do you know of any that would do the same for someone who shot a hacker? So why is it that hackers can be held for five years without being charged as KM was?
Punishment should fit crime, and ordinary rules of presumed innocence need to be applied in cases of suspected computer crime. As things are, any with-it employer could be frighfully abusive if they wanted.
Re:"White collar crime" - a misnomer... (Score:3)
Punishment? What punishment? (Score:2, Funny)
What punishments are you talking about??
Perhaps the hacking penalties are fine... (Score:5, Interesting)
Re:Perhaps the hacking penalties are fine... (Score:2)
Re:Perhaps the hacking penalties are fine... (Score:5, Funny)
Fairly amusing (Score:4, Informative)
Hint Hint Your are more likely to get your Credit Card number stolen by giving your card to the waiter/waitress in a restaurant to have the bill paid than by having it stolen over the net!
That is fraud though. . . . maybe identity theft? A better defining line needs to be made up, not all that happens over a computer is "hacking", intent should be judged as well as actions. If a person goes into a bank pointing a gun it is not automaticaly a bank robbery, it could very well be a hostage situation. Intent, ya know?
Read... (Score:4, Interesting)
Read: The fast-growing, little-punished type of crime that destroys the finances of thousands every year.
"Hacking" is no more the refuge of the geek. True criminals have embraced it as a way to siphon off lots of money with little risk.
Let's not charge people looking for CC#'s with terrorism, but let's not label it "annoying" and offer up slaps for people's wrists.
Too Harsh? (Score:5, Insightful)
me != suprised (Score:5, Insightful)
Now, I'm not saying that hacking others' equipment is good. I'm just saying that the punishment should fit the crime, not get 10 years in jail because you made the RIAA website say they love mp3s instead of money.
Why do lawmakers need a detailed understanding? (Score:3, Interesting)
Depending on exactly what the hacker does, we're talking about vandalism, or thief, or trepassing using a new technique. When bank robbers moved from horses to cars was it important that lawmakers have a detailed understanding of cars before writing applicable laws? When copyright laws moved from covering just books to motion pictures, did lawmakers require a detailed understanding of how motion pictures are created? Does it really matter the exact technical approach used to commit the crime? I don't think so. Vandalism is vandalism. It doesn't matter whether I use can of spraypaint or I hack into the web server. It costs the company money to fix. The dollar value of the damage should drive the punishment.
Note To Self: (Score:5, Funny)
The problem isn't the harsh sentences for hackers (Score:5, Interesting)
Re:The problem isn't the harsh sentences for hacke (Score:3, Insightful)
I agree (Score:5, Interesting)
If I hack into someone's network and don't even do anything but look around, I'm charged with causing losses of millions. I'm charged with stealing any sensitive content I gained access to whether or not I even looked at it. Not to mention they'll slap all the cybercrime and terrorism laws they can find down on me too. It has nothing to do with the severity of the laws, just that you get pinned with so many of them.
Re:I agree (Score:5, Insightful)
In case you haven't noticed, you can't just go where ever you want just to look around.
White collar? (Score:2, Interesting)
If hacking isn't white-collar, then what is?
A Long Time Ago ... (Score:3, Funny)
white-collar fraud (Score:4, Interesting)
I think white-collar criminals are already getting far less punishments than they should. How could someone who screws up the millions of dollars from their employees be subjected to punishment comparable to shoplifters or burglars?
Really? (Score:2, Funny)
Too harshly....in United States of America (Score:5, Informative)
Only in US. Convicted hacker Raphael Gray, who stole 23,000 credit card no. and sent Bill Gates boxes of Viagra [bbc.co.uk], was only sentenced to three years of community rehabilitation [iafrica.com]. As he told BBC:
"...Kevin Mitnick was stopped from going near computers, even from working a cash register, but they can't do that in this country.
I've had two job offers - one from the guy who tracked me down..."
The Witches of Yesterday... (Score:5, Insightful)
Re:The Witches of Yesterday... (Score:3, Interesting)
Re:The Witches of Yesterday... (Score:3, Insightful)
Very similarly, the popular image of 'Hackers' is formed by films like 'the net' or even 'the Matrix'. People believe that Hackers are capable of all kinds of perfidy, not because they have heard so from a responsible source or understand the issues involved, but because their fears have been ramped out of proportion by the popular media. (This is not to say that there were not some very serious ecclesiastical figures behind some of the witch burnings - just that Witch trials were really driven by the public, not generally by the church.)
Re:The Witches of Yesterday... (Score:3, Informative)
Two stories:
One time, I was on a mailing list. The mailing list was using a Windows Listserv clone. Most people on the mailing list simply used a web interface to get on the mailing list; I, however, talked directly to the mailing list server to join the list.
Soon after getting on the list, someone on the list asked how many people were on the list. I told them.
At this point, all hell broke loose. They thought I broke in to the system. Fortunatly, the list administrator went to my mother's church; I don't want to think about what could have happened if she did not.
* * *
When the "I Love You" worm was spreading like wildfire, I was working for a dot-com security company called Pilot Networks (which is no more). Someone came up to me and asked me permission to forward me an email. I sais "Sure, why not?"
"Well, it's a dangerous virus"
"You know I use Linux and don't have to worry about such things"
"I know; it's just that everyone in the office is really afraid of this thing and do not even want to have it on their computer"
It seemed really strange to me that a computer security company did not have one person in their office willing to have a simple Visual Basic script on their computer.
* * *
- Sam
breakdown by OS (Score:3, Funny)
Hmmm, breakdown by OS:
Something is wrong when murder gets you less time. (Score:5, Insightful)
A man installed a program that for all intent and purposes is a screen saver and he could have been forced to serve 120 years in prison had he not plea bargained. Clara Harris killed her husband with her Mercedes, was found guilty of 1st degree murder, and was only sentenced to 20 years (she'll get out in 10).
I think something is wrong with a system that gives you more time for installing a program that doesn't do any damage than it does for murdering a person in cold blood.
This is a symptom (Score:3, Insightful)
A symptom that copyrights are unenforceable, so the only way they can compensate is by fear mongering with draconian punishments. Our response should be to act in civil disobedience whenever possible. The sooner we force this thru, the sooner we can get on with the information age.
6th Grader Charged in Grade-Switch Caper (Score:5, Interesting)
Story [gopbi.com] (palmbeachpost.com)
An 11 year old snuck into his classroom during lunch and changed some of his grades on his teacher's computer. He was caught and is now facing FELONY computer fraud charges. Tell me that's not a bit ridiculous.
-Dan.
Re:6th Grader Charged in Grade-Switch Caper (Score:5, Insightful)
What would be ridiculous would his being tried and convicted as an adult, and spending 10 years in a max security prison. But that wont happen, he'll get the warning and the incident will go into his sealed juvenile record.
IMO there's too much 'juveniles shouldnt be punished after all they're just kids' sentiment. Youngsters know this, and commit more and more crime knowing they wont be severely punished.
It would be ridiculous if the teacher gave him permission to use the computer, and in doing so he accidentally formatted the C: drive, or something like that. But if he knowingly committed a crime (which it would seem he did), he should be prosecuted for it.
Re:6th Grader Charged in Grade-Switch Caper (Score:4, Insightful)
Punishment should have been handled by the administration and the kids parents this was NOT a metter for the cops.
Kintanon
Re:6th Grader Charged in Grade-Switch Caper (Score:4, Insightful)
Doing it on the teachers computer brings it up to the level of a felony. 'Altering intellectual property' or some such.
IMHO, that is not right.
Yes, the kid should obviously be punished. Does doing via the PC warrant far more severe punishment, vs doing it in a paper grade book?
Can I bring suit against any and all spam and popup purveyors? After all, they ARE altering the contents of my PC (cookies and unwanted email) without my permission.
Exactly backwards (Score:4, Interesting)
Hacking is not a white collar crime. When I think of white collar crime I see millionaire executives spending stolen money for blow jobs by preteens in foreign countries. When I think of hacker crime I see a trail of empty Mountain Dew bottles and Cheetos bags. Hackers need to become filthy rich before they can play the courts like the big boys do.
Extreme cases aside, most hacking is like kids stealing cars to take 'em for joy rides. Sure, a few people get hurt by each crime, but it's not like you have a few hundred thousand stock holders who'll have to work 10 extra years before they retire because their portfolios are toast.
Computer offences are actually underplayed.... (Score:3, Insightful)
And how is this not serious? Destruction and blackmail are extremely serious and should not be tolerated in society.
Prison is not just rehabilitation. It is a deterrent. If there were little or no consequences to, say, wiping out a server just because you are mad you got fired then many many more people would do it. Consequentially companies would crack down hard on everyone and treat all employees like assumed criminals.
Most of the world we live in is based on trust. Most homes and businesses are relatively easy to break into. And if the consequences for such actions were light then more people would be trying it just for fun. And then home owners would have to put bars on their windows and constantly worry about keeping their house secure.
In fact, this is essentially what Slashdotters are recommending people do to their computers. Most people have better things to do with their lives than worrying about locking down their computer from hackers. How about the hackers say on their own boxes and stay the heck away from everyone elses!! If someone breaks into my computer, it is not MY fault the computer was easy to crack. It is the hackers fault for doing something they weren't supposed to do. And the hacker should go to jail for it, just as they would go to jail for breaking into my house and checking out all my stuff. I don't care if they steal anything or not, it is an invasion of my life and privacy!
I am sick of the hypocrisy Slashdot getting all up in arms about the Patriot Act and then worshipping Kevin Mitnick. At least I can vote against the Congressmen who supported the Patriot Act. I can't vote to keep Mitnick wannabes off my computer, except to vote to put them in jail where they belong.
Brian Ellenberger
Modern "Witch Hunt" (Score:5, Informative)
People have always tended to be hysterical about that which they fear and don't understand. They see this "hacking" (it should be called "cracking" in this context, but that's a lost cause) as a vaguely defined but fearsome threat, regardless of the actual reality of harm, and clamor for the modern equivalent of witch burnings [washington.edu].
We need strict sentances for hackers/crackers (Score:5, Funny)
Its not like it takes an order from the president with full access codes to launch a strike or anything. Just a dialtone and a modem from the computer that lauches the strikes.
Also he could of obstructed justice by using a walkman or radio because he could of turned it into a hacking device. The fbi needed to take these priveldges away as well so he can stare at the walls and do nothing in his solitary confiment for 7 months while still technically inocent I may add. I mean screw John Gotti. This man is clearly more dangerous to our whole American way of life.
Also look at economic sabatoge and espianage caused by Jon Johnson from reading his own personal dvd's? The RIAA and the BSA claimed they lost over 9 billion a year because of piracy. Its a shame and we all know that these kids and college students can easily afford adobe photoshop, 3dStudioMax and all of Nsync's and britney spears artistic masterpieces of great music which is worth every penny of the price so it must be piracy! We need to stop these so called terrorists before they kill every man woman and child on earth. Hopefully some hardware based solution will be the salvation towards the problem.
Do we want the whole ecomomy to fall apart and lose millions of jobs because of lenient sentancing? Somebody please think about our children.
But I'm angry now (Score:5, Interesting)
Computers are for "smart" people
People feel marginalized when they don't understand even the basic concepts of what has happened
Therefore when a CEO realizes they have been hacked/cracked (you fight that out) they feel even more violated since they don't even understand how someone could get past all the hardware they bought and all those 45-100K+ people they have running around purporting to be computer experts.
Their anguish is then felt by atrtorneys who can't understand the crime, the criminals or why everyone is so upset. The one thing they do know is that THAT FAT GUY WITH THE UNKEMPT BEARD AND THE WIERD SHIRT THAT HAS THE FORMULA FOR HELL ON EARTH:
#!
ON HIS SHIRT IS DEFINITELY GUILTY!
And that's pretty much what happens.
Too Harshly? (Score:5, Funny)
I think.. (Score:5, Interesting)
Joe Schmoe embezzles from his S&L firm for ten years, gets caught, and it is realized that he made off with 500K. He is slapped on the wrist, fired, made to "pay it back" on time deferred payments, or maybe stuck in a white collar prison/country club for a few years.
Mike, the l337 hacker from down the street, defaces Stuff-Marts web page, pointing out that Stuff-Mart buys 80% of its stuff from china, where it is made in forced child labor camps at gunpoint, and it is repaired in an hour.
Now.. Stuff Mart's lawyers tell the jury that they *potentially* lost MILLIONS due to the damage, (when in fact, they did not "lose" anything.. and there is no way to prove how many people would have bought during that time anyway). The SM lawyers also point out that it cost "an estimated 100K dollars to repair the damage!".. which means they just budgeted in A) the new server and colocation company to handle the site, B) the three person team who maintains and handles the site already, and C) all of their IT staff who received an Email about the "hack" and therefore were "working" on it.
Its all about what the jury wants to hear, and all about language.. "potential" is used ahead of "we could have potentially lost BILLIONS in sales!" but the judge/jury does not hear the "potential". Nor do they realize that 99% of that IT staff was already working there, doing their routine jobs, and had nothing to do with the repair anyway.
(Same reason a procedure at the hospital that took all of 15 minutes costs your insurance company as much as your house did.. funky accounting and everyone wanting to be "in" on the action.)
I think a lot of "hacking" is a no harm no foul problem anyway.
Maeryk
Re:Personal example (Score:3, Interesting)
Yes.. but you have demonstrated he caused harm, therefore there *is* a foul. I wasnt saying that Cracking is always harmless.. but in some cases (defacing a web page) the cost of repair is as simple as bringing up the cached copy, re-installing it, and fixing the exploit (if known.)
There is no way that cost a million dollars.
Cracking is tresspass at the least and theft at the most. It deserves jail time. The issue is how much jail time. The guy who hacked me should face at a minimum the legal penalty for breaking into my house and rifling through my file cabinet
No argument. Define trespass though. SOmeone walks across my yard, its "trespassing". Refusing to leave when I ask them too, is "Defiant trespass". Coming into my house after I tell them to leave is anything from Breaking and Entering to Forced Entry (depending on whether I am trying to stop them or not, I think) and theft is another layer on top of that. (Hence the laundry list of charges usually piled on a burglar).
Breaking into your house and rifling your file cabinet would probably NOT net me jail time for a first time offense. Especially if nothing was taken, and none of the information gained was used against you. Its more likely a fine, time served, probation kind of thing.
Maeryk
Re:Personal example (Score:3, Insightful)
I beg to differ. When my house is compromised I know how many systems could have been targeted (7) and where my important information resides.
If I'm a big company, I might have dozens or thousands of boxes at risk. I might not have good forensic logs to tell me when the system was compromised or where the attackers went. I might not know the extent of the damage - in fact I probably will never know what important information was taken (if any) or where the important information resides.
Depending on the size of the organization it might take me months to figure out how to protect against this type of threat in the future, and I might have to spend tens to hundreds of thousands of dollars on software and consulting to help me be protected.
You might argue that we already have a staff of engineers, and that it's not fair to count their pay as cost for cleanup, but when they are cleaning up, they are not doing things that make my company money, just activities that might help my company to lose less money.
Millions? It's a definite possibility. You might have merely defaced my web presence, but you also might have inserted a trojan that would let you do a great deal of damage, or deface my web page again. I don't know, and figuring it out could cost a fortune.
Re:Personal example (Score:3, Insightful)
I agree he should be punished, but it isnt the same as breaking ito your house and rifling through your file cabinet. Break and enter is generally treated by cops and DA's as a violent crime - because burglars very often have every intent on harming someone who may be at home at the time.
A better analogy would be the clerk at the gas station who lifts your Visa number, or the guy who looks over your shoulder at a payphone or ATM to get your calling card/pin numbers. But hackers also have an element of trespassing and harassment. So maybe mix in a little of the guy who makes obscene phone calls in the middle of the night, or dumps his garbage on your lawn. Or maybe a postman who reads your mail (thats a big federal no-no as well)
In any case, saying the sentences are 'too harsh' or 'too light' is wrong IMO. This is what judges are for, to decide what punishment is appropriate on a case by case basis. Thats their job.
white-collar fraud (Score:3, Interesting)
1: Open a Swiss bank account.
2: put money from xyz white-collar fraud into account, get a few mill
3: goto jail (not for that long)
4: take money out account.
5: Enough profit to retire.
or
1: Open a Swiss bank account.
2: Rob a bank for a few thousand
3: goto jail (for a long time)
4: take money out account.
5: umm... well you've got a bit of cash, but was it worth the time?
I agree (Score:5, Interesting)
From http://www.savage.net/public_html/net/phrack.html:
This guy was accused of stealing 80 grand when in reality it was worth 13 dollars!!!Also see Kevin mitnick answers [slashdot.org] if you missed it.
Umm... is this really so bad? (Score:3, Funny)
A chilling effect on companies that send unsolicited bulk e-mail, huh? This has got to be the coolest chilling effect I've ever heard of!
And as far as the last sentence goes, don't we all know that Microsoft has been guilty of terrorism for a long time now?
Blue v. White Collar Criminals; (Score:4, Insightful)
a) Most Bank robbers wouldn't know what bait/dyepacks would look like if it was sitting in front of their face
b) If the tellers just grab their bait, the robber's getting away with ~$83 per teller
c) Some Bank Tellers have their own 'valuts' (Bank tellers buy and sell money from the bank vaults to their cash drawers. Some banks differ in how much money they're permitted to have in their drawer, or don't permit their tellers to have locked valuts.
Let's say I'm Jon-BankRobber. I walk in with my gun, flash it around, walk out with ~$300 bucks (~$80 x 4 bank tellers), caused some bank tellers to quit their jobs/go into therapy/become really depressed. I go to Court, visit the Judge, who gives me ten years.
Now, let's look at Joe-31337h4x0rd00d. I break into my bank's tellering system, create an account, and either blatently (to the fact that it comes up on the next day's report) or sneakily (penny-slicing) steal money. I can get away with much much more, but for the sake of keeping things same, I only take $300.
When Joe-Hacker goes to the judge, he's going to get a max of 6 months. Non Violent Crime, Under $500 (no felony), no gun. (this is assuming that they don't get him with electronic tresspass)
If they're looking to give hackers/crackers a free ride, it won't happen. If they're trying to equal things...just make the same crime punishable by the same punishment. Rob a bank or Crack a bank, go to jail for up to ten years.
I know some of you will poke holes in this, but the average white-collar-criminal just doesn't go to prison, unless you've pissed someone really off, or really f*cked up.
Replies will be answered.
ONUCSGeek
Re:Blue v. White Collar Criminals; (Score:3, Insightful)
Non-violent crime (and that's crime without *threat* of violence, not just without actual violence -- i.e. threatening you with a gun does not count as non-violent, even if I never shoot it -- even if it turns out later that it wasn't loaded) is (usually) punished less harshly. And for reason -- violence has impact. I'd argue that you causing even one or two of those tellers significant trauma is a far far greater ramification of your actions than the $300
Not to mention, there are probably customers that were in the bank as well.
Cracking the bank only traumatized the sysadmin. And having been in both situations, well, it's not even comparable.
You're right about white collar criminals, and I think *that* is fucked up, at the same time, cracking can't (at least in the vast majority of cases) be compared to violent crime.
federal point system (Score:3, Interesting)
And for copyright cases, they automatically tack on 4 points if a computer was involved.
Fear and loathing drives sentences (Score:4, Insightful)
The real question is whether justice is state-surrogate revenge or to keep the public order.
Penalizing the unknown (Score:3, Insightful)
When it comes to computers, most people are hypocrondriacs (sp?). And what do people do when they fear something unknown, they lash out against it.
Many people on computers today are affected by spam, viruses, and other issues. Their solution, nail the bastards, put them somewhere - it doesn't matter where, so long as they can't cause me trouble - and jail is a seemingly optimal location for this.
On the flipside, for kiddies who build idiotic viruses that knock down routers worldwide and cause general chaos, I think that many of the users here on slashdot would be very happy to see them lynched. We have to seperate major disruptions and white-collar criminals from the kids who write "H4XOR3D BY 133TM4N" on a website.
Comparison with drug law. (Score:3, Insightful)
A similar mechanism might be at work here. Lawyers and businessmen write the laws, so so-called white collar crimes like fraud tend to have low penalties. Lawyers and businessmen do not hack, so the penalties for crimes that involve hacking tend to be higher.
Put it itno perspective... (Score:3, Funny)
Think about it for a second, which one of those would really be more fulfilling to you, the disgruntled employee? Yeah, that's what I thought... See the system works!
The real problem here... (Score:3, Funny)
Here's an example:
Stan was arrested for computer hacking.
Judge: Give him 15 years solitary.
Stan was arrested for Fluffin' the Bunny
Judge: That's so nice what you did for that bunny. You're free to go.
See, the difference.
Remember, Fluff the Bunny
From the trenches (Score:3, Interesting)
I dunno, it's a little disheartening to be an aspiring lawyer when I've heard of a firm that prides itself on defending those accused of computer crimes has a password policy that mandates a particular format for your network passwords, and that your password always be provided to your assistant.
Re:just fraud (Score:4, Insightful)
"Oh, well, in that case, since it's ONLY fraud, might as well let them go free."
You didn't understand the argument, or didn't bother to read it, at least. They're not saying computer criminal should "go free," but that the harshness of their punishments should be similar to the punishments meted out for similar crimes not involving computers. Is that really so difficult to support?
Re:The Bulk (Score:2, Insightful)
Re:The Bulk (Score:5, Insightful)
If that logic is pursued, just make every crime, from littering and jaywalking on up, a capital offence. That would deter ALL crime. Sounds idyllic, doesn't it?
The point the lawyers are making is that the penalty should be in relation to the harm caused, not multiplied merely because it somehow involved a computer. Whether you defraud using a fountain pen or a PC, the penalty should be the same.
penalty should be in relation to the harm caused (Score:3, Insightful)
figuring for both files lost, cleaning it from systems, and a prorated amount
for the effort/energy/and money poured into the creation of patches/antivirus software.. can we apply the death penalty to the virus author?
63 years, times 365 days, times 24 hours, means 551,880 hours
Close, but... (Score:5, Insightful)
100 years ago before the automobile became dominant, society & the economy depended quite a bit on horses. As such, you would be hung for stealing a horse, not because it's such a horrible offense, but because if the punishment wasn't really stiff excess horse theivery would probably have actually undermined the stability of society. Who would want that!
The same forces are probably in effect here.
Re:Close, but... (Score:3)
100 years ago before the automobile became dominant, society & the economy depended quite a bit on horses. As such, you would be hung for stealing a horse, not because it's such a horrible offense, but because if the punishment wasn't really stiff excess horse theivery would probably have actually undermined the stability of society. Who would want that!
Actually, horse thievery was a horrible offense. If you're out west and someone steals your horse, you have a good chance of dying from it. It's several miles to the next neighbor or settlement, and there are hostile indians about. If you're down south, there's also the problem of being stranded in a desert.
Re:The Bulk (Score:4, Insightful)
If they suffered a loss, let them document it and then charge the "hacker" with criminal damage, fraud, or whatever. Why should "hacking a corporate network" be such a heinous crime in itself?