Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Courts Government News Your Rights Online

Lawyers Say Hackers Are Sentenced Too Harshly 439

Bendebecker writes "Cnet is reporting: 'The nation's largest group of defense lawyers on Wednesday published a position paper arguing that people convicted of computer-related crimes tend to get stiffer sentences than comparable non-computer-related offenses.' Finally, someone is listening..." The document makes the points that most computer crime cases involve disputes between an employer and employee, and that the seriousness of the offense is generally comparable to white-collar fraud cases.
This discussion has been archived. No new comments can be posted.

Lawyers Say Hackers Are Sentenced Too Harshly

Comments Filter:
  • Well (Score:3, Interesting)

    by Bob Abooey ( 224634 ) <bababooey@techie.com> on Friday February 21, 2003 @01:06PM (#5353201) Homepage Journal
    Since when are laywers a beacon for what a fair punishment should be? I thought a laywers job was to understand the law and to represent his/her client, not decide what's fair or not fair regarding the law.

    Quite frankly given the number of laywers who do their best to circumvent the true spirit of the law I don't want them making any public statements on my behalf...

    • Re:Well (Score:5, Insightful)

      by Anonymous Coward on Friday February 21, 2003 @01:11PM (#5353252)
      I thought a laywers job was to understand the law and to represent his/her client, not decide what's fair or not fair regarding the law.

      Who says they are deciding. They are stating their opinion. It is up to legislators to create and modify the law and judges to uphold it. Lawyers just happen to be the most intimitately involved with both types of cases and therefore are qualified to state an opinion.

      I would also point out that they are as free to state their opinion as you are.
    • Re:Well (Score:3, Insightful)

      However, lawyers have a more intimate knowledge than any of us (as proven by the number of IANAL comments) since that's their job.

      Also, this particular group of lawyers are defence lawyers, so it's their job to defend crackers and fight for their rights, which would include the whole fairness issue.

      And also, these people might be judges someday, so then it will be their job to determine what fair judgement is.
    • Re:Well (Score:5, Funny)

      by DonkeyJimmy ( 599788 ) on Friday February 21, 2003 @01:15PM (#5353286)
      I don't want them making any public statements on my behalf...

      Your behalf, eh? That's admission of guilt, get him boys.
    • Re:Well (Score:3, Insightful)

      by argmanah ( 616458 )
      Since when are laywers a beacon for what a fair punishment should be? I thought a laywers job was to understand the law and to represent his/her client, not decide what's fair or not fair regarding the law.
      Major players in the criminal judicial process:

      1) Judge (often a lawyer)
      2) Prosecutor (lawyer)
      3) Defense Attorney (lawyer)

      Also, think about this. Whenever the two sides work out a plea bargain rather than going to court, you basically have 2 lawyers hashing out what is a fair penalty for the crime involved.

      So, in response to your statement, I would have to say that lawyers have always been the beacon for what fair punishment should be since the modern criminal system came into being.I'm sure it's fun to take potshots at lawyers, but you need to realize that they do run the system to a large extent.

    • Do you have any actual knowledge of this, or is this another tiresome slashdot lawyer slam?
    • Since when are laywers a beacon for what a fair punishment should be?

      Apparently no one has actually read the PDF link. They are pointing out a bug in the law.

      Level 6 misdemeanor crimes are receiving level 12 felony sentences.

  • It all depends (Score:5, Informative)

    by hawkbug ( 94280 ) <psx AT fimble DOT com> on Friday February 21, 2003 @01:08PM (#5353215) Homepage
    I think it all depends on the crime committed.... stealing 8 million credit cards is a lot more serious than defacing a website for an hour, don't you think?
    • It all depends... (Score:2, Insightful)

      by mmol_6453 ( 231450 )
      On how much financial damage the cracker did when he defaced the website.
    • by TheRaven64 ( 641858 ) on Friday February 21, 2003 @01:20PM (#5353319) Journal
      And defacing the RIAA website probably counts as 'pbulic service'...
    • by aepervius ( 535155 ) on Friday February 21, 2003 @01:29PM (#5353382)
      ...more year in prison than the average raper ?
    • Re:It all depends (Score:5, Insightful)

      by An Onerous Coward ( 222037 ) on Friday February 21, 2003 @02:03PM (#5353695) Homepage
      Certainly. Furthermore, there should be some inquiry into how much damage was actually done by the theft of the credit cards. Say you broke into Visa, downloaded their entire database of usable cards, and stored it on your computer. Now what?

      If you immediately deleted the database, and sent Visa an explanation of the vulnerability, you should certainly be less liable than if you posted it on your FTP site, or wrote a small shell script telling Amazon.com to send every Visa holder a copy of "Curious George Goes to the Potty."

      As things stand now, the prosecutor would just brew up an "analysis" showing that you cost Visa $500,000,000, point out that you're a terrorist, and sentence you to life in solitary (so that you don't manage to escape, gain access to a payphone, and start a nuclear war).
      • Re:It all depends (Score:4, Insightful)

        by Chester K ( 145560 ) on Friday February 21, 2003 @03:44PM (#5354972) Homepage
        If you immediately deleted the database, and sent Visa an explanation of the vulnerability, you should certainly be less liable than if you posted it on your FTP site, or wrote a small shell script telling Amazon.com to send every Visa holder a copy of "Curious George Goes to the Potty." As things stand now, the prosecutor would just brew up an "analysis" showing that you cost Visa $500,000,000, point out that you're a terrorist, and sentence you to life in solitary (so that you don't manage to escape, gain access to a payphone, and start a nuclear war).

        Right... Visa should take a hacker's word that they've deleted the database and that they didn't leave any backdoors to get back in again later, because we all know someone who'd break into your system is someone you should trust.

        Visa would be extremely neglectful if they didn't take every action at their disposal to minimize damage in the wake of an intrusion. This means reissuing all the compromised cards, reinstalling every machine even remotely related to the one compromised, implementing new policies to detect a similar intrusion in the future. None of this is cheap.

        You are not doing Visa a favor by breaking into their system because you're costing them almost as much as it would cost them if someone broke in and did exploit the hell out of those card numbers. Think about it.... do you want someone throwing rocks through your windows (breaking them in the process) just to show you the vulnerabilities in your house?
    • stealing 8 million credit cards is a lot more serious than defacing a website for an hour, don't you think?

      I assume you mean stealing 8 million credit card numbers. In which case, no, defacing a website causes harm. "Stealing" numbers doesn't hurt anyone.

      Actually using those numbers, on the other hand... Well, that's not a computer crime.

  • Hmmm . . . (Score:5, Interesting)

    by Gabrill ( 556503 ) on Friday February 21, 2003 @01:08PM (#5353218)
    Am I the only one who watches only to find out what kind of society I live in? And without any real hope of contributing to or affecting the overall state of affairs?

    On the other hand I AM glad that computer crime is possibly going to be recognized as a white collar crime instead of a terrorist threat.

    This one bombed a bus. That one stole a credit card. Kill 'em both!

  • String 'em up (Score:2, Insightful)

    by lseltzer ( 311306 )
    People need to know that some stuff is wrong and I like the idea of setting some examples. You don't screw with other people's property or their data.
    • Re:String 'em up (Score:2, Insightful)

      by LippyTheLip ( 582561 )
      People need to know that some stuff is wrong and I like the idea of setting some examples. You don't screw with other people's property or their data

      The point of the article is that there already are relevant examples and that hacker crime is analogous to white collar fraud. Ergo... it should be treated the same way in the law and in sentencing.
  • by AssFace ( 118098 ) <stenz77@gma[ ]com ['il.' in gap]> on Friday February 21, 2003 @01:08PM (#5353230) Homepage Journal
    defacing a web page != stealing credit cards.

    they shouldn't have equal sentences, but that isn't to say one of them isn't deserving of what they get...
  • But if those doing the hacking didn't do it, then there'd be no jail service at all.

    I think the sentences should be unified. A crime of type is equal to a crime of similar type. That demands equal treatment.
    • by Bendebecker ( 633126 ) on Friday February 21, 2003 @01:29PM (#5353392) Journal
      So if I am distracted while I am driving and I accidently run over someone and they die, I should get the chair because "hey, the crime of killing a person is equal to the crime of killing a person"? Hacking into someone's webserver and adding the line to their webpage that I own their box should equal a punishment but that punnishment should not be the same as hacking into a computer and deleting their harddrive or changing the balance in my bank account. It's like saying that every theif should get ten years in prison regardless of what they stole; it sound nice on paper but do you really think anyone should go to jail for ten years for stealing a candybar?
  • by $$$$$exyGal ( 638164 ) on Friday February 21, 2003 @01:11PM (#5353243) Homepage Journal
    Those convicted "are receiving sentences based on the fear of the worst-case scenario rather than what the case may really be about," Granick said.

    In many cases, the victim would be ignored if s/he didn't over-state the actual damages. I've heard victim after victim (right here on slashdot) state that they've went to the FBI/local officials, and were denied help because the actual damages didn't add up to a certain amount.

    No wonder victims are overstating the problem, it's because they don't like being ignored.

    --sex [slashdot.org]

    • Sometiems I feel that the overstatement of damanges should be a crime in itself.
    • by FosterSJC ( 466265 ) on Friday February 21, 2003 @01:32PM (#5353416)
      The other side of the coin to this is that you get employers or "victims" or what-have-you artificially inflating the damages supposedly caused by a hacker.

      Kevin Mitnick, in his Slashdot interview [slashdot.org], explained this in detail:

      However, the punishment in my case was extremely harsh and did not fit the crime. I equate my illegal actions not to a person who molests children or burglarizes a house (I heard these specious analogies before), but to a person who illegally copies software.

      The difference in my case is the software was proprietary. I was not an industrial spy, nor did I ever attempt to profit or damage any systems or information that I had illegally accessed. The government falsely claimed I had caused millions of dollars of loss, in an effort to demonize me in the press and the court. The truth of the matter is I regretfully did cause losses, but nowhere near a million dollars. The theory the government used to reach those numbers was to use the same formula for traditional theft or fraud cases. When a person steals money or property, the Federal Sentencing Guidelines use the value of the property lost, damaged, or destroyed as the loss amount. This formula works well with tangible property, but when the property at issue is information, or in my case source code, does the same formula reflect the true intended or actual loss? The government requested that my victims provide their research and development costs as the value of the information I either copied, or reviewed online (source code). Federal prosecutors simply added up all the R&D costs associated with the source code I had accessed, and used that number (approx $300 million) as the loss, even though it was never alleged that I intended to use or disclosed any source code. Interestingly enough, none of my victims had reported any losses attributable to my activities to their shareholders, as required by securities laws. Unfortunately, due to media hyperbole, the unknowing public believes I had caused these tremendous losses.

      Suffice it to say, we need to find a compromise where we can accurately represent the loss of intellectual property without undually exaggerating its (non-material) worth.
    • by Lumpy ( 12016 ) on Friday February 21, 2003 @01:50PM (#5353557) Homepage
      the solution would be a requirement of PROVING damages. an invoice from "overpriced security fixer-uppers" for $21,985.31 to install W2K sp3 to fix that hole that script-kiddie4 used to get in are proveable damages... the "we lost $295,997,667,342.87 because he MAY HAVE copied a file" needs to be called bullcrap by everyone involved.

      if you cannot produce an invoice or legitimate quote for repair/losses then you are told to shut up would fix every bit of this.
  • by Fnkmaster ( 89084 ) on Friday February 21, 2003 @01:11PM (#5353245)
    There's strength in numbers - and the lawyers finally realized that geeks are the only people as universally unpopular as they are.
  • by MosesJones ( 55544 ) on Friday February 21, 2003 @01:11PM (#5353247) Homepage

    Scenario A: man walks into a store with a gun, demands they empty the till, walks out with a hundred bucks.

    Net effect: 100 bucks for the store + mental anguish for people in there.

    Punishment: Ten years

    Scenario B: Man defrauds investors, pension funds etc out of millions or billions

    Net Effect: Pension funds slashed, thousands made unemployed

    Punishment: 5 years

    We all know that white collar crime gets punished a whole lot less, but is that right ? Why shouldn't execs from the likes of Enron, WorldCom et al be looking at life behind bars for the havoc they have reaked ? Well because there really is a different set of laws for the rich. Sure they might even get 15 years in the cases of these massive frauds, but is this enough given the damage they have caused ?

    So maybe the problem is that white collar crime is punished too little, rather than hacking is punished too much. Maybe having sentences for theft, fraud etc (of any kind not involving actual violent which already has punishments) should be related to the amount of money stolen.

    Maybe 1 year per $1000....
    • by byrd77 ( 171150 ) on Friday February 21, 2003 @01:22PM (#5353340) Homepage
      The error in your reasoning is the presumption that increased jail terms will deter this type of crime. Research shows [cfenet.com] that the vast majority of people who commit crimes like this don't think they'll get caught. It's highly unlikely they are even aware of what the potential sentence may be, so making it larger doesn't help.
      • "The error in your reasoning is the presumption that increased jail terms will deter this type of crime."

        The error in your reasoning is the presumption that criminal penalties are imposed in order to deter crime.

        Given the high rate of recivitism it should be obvious that jail time never deters crime. The purpose of punishment is to get dangerous people off the streets and into an evirnonment where they will not do further damage to the general population.

  • by Anonymous Coward
    I used to (note: past tense) belong to a small group of website defacers during my script-kiddie period. Three people and about 160 websites in a month. During about 4 months, one of us got 2 phone calls telling him to stop and two cases of soft drinks for pointing out a flaw in some company's online security. I got one warning on IRC. The third guy got away clean.

    What punishments are you talking about??
  • by TopShelf ( 92521 ) on Friday February 21, 2003 @01:13PM (#5353267) Homepage Journal
    And the white collar fraudsters should be hit harder? I think I'd rather see that myself. Send Skilling, Lay, and their ilk up the river for an age and a day.
  • Fairly amusing (Score:4, Informative)

    by Com2Kid ( 142006 ) <com2kidSPAMLESS@gmail.com> on Friday February 21, 2003 @01:14PM (#5353281) Homepage Journal
    I believe it would be better off to just go and steal stuff old school than to do it via hacking.

    Hint Hint Your are more likely to get your Credit Card number stolen by giving your card to the waiter/waitress in a restaurant to have the bill paid than by having it stolen over the net!

    That is fraud though. . . . maybe identity theft? A better defining line needs to be made up, not all that happens over a computer is "hacking", intent should be judged as well as actions. If a person goes into a bank pointing a gun it is not automaticaly a bank robbery, it could very well be a hostage situation. Intent, ya know?
  • Read... (Score:4, Interesting)

    by aengblom ( 123492 ) on Friday February 21, 2003 @01:15PM (#5353285) Homepage
    sipthe seriousness of the offense is generally comparable to white-collar fraud cases.

    Read: The fast-growing, little-punished type of crime that destroys the finances of thousands every year.

    "Hacking" is no more the refuge of the geek. True criminals have embraced it as a way to siphon off lots of money with little risk.

    Let's not charge people looking for CC#'s with terrorism, but let's not label it "annoying" and offer up slaps for people's wrists.
  • Too Harsh? (Score:5, Insightful)

    by methuseleh ( 29812 ) on Friday February 21, 2003 @01:15PM (#5353292)
    Are hackers sentenced too harshly, or are "comparable" criminals not sentenced harshly enough?
  • me != suprised (Score:5, Insightful)

    by alaric187 ( 633477 ) on Friday February 21, 2003 @01:15PM (#5353294)
    It's because lawmakers have no idea what hacking is. All they know is that the news and their handlers and their real constituents (donors) say it's very bad. It's just like way back in the day when people were put in institutions for being depressed. No one knew why they were depressed so they just put them away.

    Now, I'm not saying that hacking others' equipment is good. I'm just saying that the punishment should fit the crime, not get 10 years in jail because you made the RIAA website say they love mp3s instead of money.
    • It's because lawmakers have no idea what hacking is
      I do no understand this type of argument. It implies that if I don't program, I can't write appropriate laws. There is an old saying about all the jokes were written long ago, all we do is change the names and the places, It's the same way with crime. All the basic types of crime were listed in the Ten Commandants. All technology has done is provide new ways of committing those same crimes.

      Depending on exactly what the hacker does, we're talking about vandalism, or thief, or trepassing using a new technique. When bank robbers moved from horses to cars was it important that lawmakers have a detailed understanding of cars before writing applicable laws? When copyright laws moved from covering just books to motion pictures, did lawmakers require a detailed understanding of how motion pictures are created? Does it really matter the exact technical approach used to commit the crime? I don't think so. Vandalism is vandalism. It doesn't matter whether I use can of spraypaint or I hack into the web server. It costs the company money to fix. The dollar value of the damage should drive the punishment.

  • by OwlofCreamCheese ( 645015 ) on Friday February 21, 2003 @01:16PM (#5353295)
    Note To Self: change plans from hacking to fraud.
  • by Mothra the III ( 631161 ) on Friday February 21, 2003 @01:16PM (#5353297)
    Its the inability to impose proper sentences for violent criminals and drug offenders. I have no sympathy for people invading companies computers for whatever reason and they should be punished harshly. I have better things to do on my weekends then combat those assholes. But there is a need for reform in the way punishment is administered for violent criminals and longer sentences need to be handed out.
  • I agree (Score:5, Interesting)

    by Visaris ( 553352 ) on Friday February 21, 2003 @01:17PM (#5353307) Journal
    If I break into someone's house, I'll be charged with breaking and entering, and with trespassing.

    If I hack into someone's network and don't even do anything but look around, I'm charged with causing losses of millions. I'm charged with stealing any sensitive content I gained access to whether or not I even looked at it. Not to mention they'll slap all the cybercrime and terrorism laws they can find down on me too. It has nothing to do with the severity of the laws, just that you get pinned with so many of them.

    • Re:I agree (Score:5, Insightful)

      by NineNine ( 235196 ) on Friday February 21, 2003 @01:34PM (#5353430)
      What if you were to break into a bank vault? Not take anything, just break in and look around? You'd be up shit creek without a paddle. How about breaking into a military base "just to look around"? How about breaking into a casino's back rooms?

      In case you haven't noticed, you can't just go where ever you want just to look around.
  • White collar? (Score:2, Interesting)

    by PincheGab ( 640283 )
    comparable to white-collar fraud cases.

    If hacking isn't white-collar, then what is?

  • by Anonymous Coward on Friday February 21, 2003 @01:21PM (#5353331)
    I remember when there weren`t any specific computer crime laws on the books in the U.K. and prosecutors tried to charge the accused with theft of electricity.
  • white-collar fraud (Score:4, Interesting)

    by doubtless ( 267357 ) on Friday February 21, 2003 @01:22PM (#5353337) Homepage
    I can see that sometimes the claims of damage in online crimes can be ridiculously high. However, if the claims of damage is reasonable, I don't see why the punishment should be any lesser than any other crime.

    I think white-collar criminals are already getting far less punishments than they should. How could someone who screws up the millions of dollars from their employees be subjected to punishment comparable to shoplifters or burglars?
  • Really? (Score:2, Funny)

    by neocon ( 580579 )
    <sarcasm> Wait, a large group of defense lawyers said that penalties are too tough for the types of cases they sometimes work on? Really?! Now why would they do that? </sarcasm>
  • by jsse ( 254124 ) on Friday February 21, 2003 @01:24PM (#5353353) Homepage Journal
    arguing that people convicted of computer-related crimes tend to get stiffer sentences than comparable non-computer-related offenses.

    Only in US. Convicted hacker Raphael Gray, who stole 23,000 credit card no. and sent Bill Gates boxes of Viagra [bbc.co.uk], was only sentenced to three years of community rehabilitation [iafrica.com]. As he told BBC:

    "...Kevin Mitnick was stopped from going near computers, even from working a cash register, but they can't do that in this country.

    I've had two job offers - one from the guy who tracked me down..."
  • by jetkust ( 596906 ) on Friday February 21, 2003 @01:24PM (#5353354)
    ...are the hackers of today.
    • ...are the terrorists of tomorrow.
    • I think you're on to something here. Believe it or not, starting with Aquinas (maybe even earlier) most responsible Medieval theologians had serious doubts about Witchcraft per se -- and that didn't matter because the common people believed that witches had these horrible powers. The image of these powers was informed by fairy tales and the like -- the popular media of the day -- rather than by responsible sources.

      Very similarly, the popular image of 'Hackers' is formed by films like 'the net' or even 'the Matrix'. People believe that Hackers are capable of all kinds of perfidy, not because they have heard so from a responsible source or understand the issues involved, but because their fears have been ramped out of proportion by the popular media. (This is not to say that there were not some very serious ecclesiastical figures behind some of the witch burnings - just that Witch trials were really driven by the public, not generally by the church.)

    • I could not have said it better myself.

      Two stories:

      One time, I was on a mailing list. The mailing list was using a Windows Listserv clone. Most people on the mailing list simply used a web interface to get on the mailing list; I, however, talked directly to the mailing list server to join the list.

      Soon after getting on the list, someone on the list asked how many people were on the list. I told them.

      At this point, all hell broke loose. They thought I broke in to the system. Fortunatly, the list administrator went to my mother's church; I don't want to think about what could have happened if she did not.

      * * *

      When the "I Love You" worm was spreading like wildfire, I was working for a dot-com security company called Pilot Networks (which is no more). Someone came up to me and asked me permission to forward me an email. I sais "Sure, why not?"

      "Well, it's a dangerous virus"

      "You know I use Linux and don't have to worry about such things"

      "I know; it's just that everyone in the office is really afraid of this thing and do not even want to have it on their computer"

      It seemed really strange to me that a computer security company did not have one person in their office willing to have a simple Visual Basic script on their computer.

      * * *

      - Sam

    • by Erris ( 531066 )
      Re:The Witches of Yesterday are the hackers of today.

      Hmmm, breakdown by OS:

      • Win9x admin: ostracized dude at the hell desk. Mantra: "have you tried to reboot?" Spells are secondhand and generally ineffective. Worships the devil and is usually cranky due to above mentioned lack of effeciency and understanding. Sometimes seems possesed. Practicioner of Voodoo.
      • Win Server Admin: Sometimes casts his own spells. Still worships the devil but may see the error of his ways. Less cranky because one or two spells actually work. Knows Voodoo, and some other Black arts
      • BSD/Unix Admin: A wide specturm of talents and dispositions. Worships nature, makes little noise and is very effective. Effectivly correlates cause and effect but will still make deals tith the devil. Druid/Alchemist
      • Linux/Unix Admin: Also a wide variety of talents and dispositions. Makes more noise than the BSD/Unix admin. Worships Nature but believes in higher powers and the law. Can be just as effective as BSD/Unix, very powerful but often thwarted by the Devil. Often persecuted by the Devil and his dupes. Martyr/Scientist
  • by Anonymous Coward on Friday February 21, 2003 @01:27PM (#5353373)
    "... McOwen was charged under Georgia law with computer trespass. Facing up to 120 years in prison..."

    A man installed a program that for all intent and purposes is a screen saver and he could have been forced to serve 120 years in prison had he not plea bargained. Clara Harris killed her husband with her Mercedes, was found guilty of 1st degree murder, and was only sentenced to 20 years (she'll get out in 10).

    I think something is wrong with a system that gives you more time for installing a program that doesn't do any damage than it does for murdering a person in cold blood.
  • This is a symptom (Score:3, Insightful)

    by argoff ( 142580 ) on Friday February 21, 2003 @01:29PM (#5353390)

    A symptom that copyrights are unenforceable, so the only way they can compensate is by fear mongering with draconian punishments. Our response should be to act in civil disobedience whenever possible. The sooner we force this thru, the sooner we can get on with the information age.
  • by Anonymous Coward on Friday February 21, 2003 @01:30PM (#5353396)
    Check this out:

    Story [gopbi.com] (palmbeachpost.com)

    An 11 year old snuck into his classroom during lunch and changed some of his grades on his teacher's computer. He was caught and is now facing FELONY computer fraud charges. Tell me that's not a bit ridiculous.

    • by stratjakt ( 596332 ) on Friday February 21, 2003 @01:41PM (#5353488) Journal
      No, it isnt ridiculous at all that he face the charges. He knew what he was doing was against the law when he did it. He comitted felony computer fraud, and is being charged with it.

      What would be ridiculous would his being tried and convicted as an adult, and spending 10 years in a max security prison. But that wont happen, he'll get the warning and the incident will go into his sealed juvenile record.

      IMO there's too much 'juveniles shouldnt be punished after all they're just kids' sentiment. Youngsters know this, and commit more and more crime knowing they wont be severely punished.

      It would be ridiculous if the teacher gave him permission to use the computer, and in doing so he accidentally formatted the C: drive, or something like that. But if he knowingly committed a crime (which it would seem he did), he should be prosecuted for it.
      • by Kintanon ( 65528 ) on Friday February 21, 2003 @02:06PM (#5353736) Homepage Journal
        So now schools get to pick and choose which cases they turn over to the cops? It's ok for someone to be the victim of a Assault and Battery, but it's a FELONY to cheat now? And that's all this was, remember, cheatting. It's not a felony to use a pencil to alter your grade in the paper gradebook. Why is it a felony to do it on the computer?
        Punishment should have been handled by the administration and the kids parents this was NOT a metter for the cops.

      • by YrWrstNtmr ( 564987 ) on Friday February 21, 2003 @02:09PM (#5353775)
        Changing grades (in that school district) is punishable by detention, suspension, expulsion...at the discretion of the principal/school board.

        Doing it on the teachers computer brings it up to the level of a felony. 'Altering intellectual property' or some such.

        IMHO, that is not right.
        Yes, the kid should obviously be punished. Does doing via the PC warrant far more severe punishment, vs doing it in a paper grade book?

        Can I bring suit against any and all spam and popup purveyors? After all, they ARE altering the contents of my PC (cookies and unwanted email) without my permission.
  • Exactly backwards (Score:4, Interesting)

    by fleener ( 140714 ) on Friday February 21, 2003 @01:31PM (#5353400)
    The issue isn't tough sentencing for hackers. The issue is that white collar criminals get off light.

    Hacking is not a white collar crime. When I think of white collar crime I see millionaire executives spending stolen money for blow jobs by preteens in foreign countries. When I think of hacker crime I see a trail of empty Mountain Dew bottles and Cheetos bags. Hackers need to become filthy rich before they can play the courts like the big boys do.

    Extreme cases aside, most hacking is like kids stealing cars to take 'em for joy rides. Sure, a few people get hurt by each crime, but it's not like you have a few hundred thousand stock holders who'll have to work 10 extra years before they retire because their portfolios are toast.
  • by Brian_Ellenberger ( 308720 ) on Friday February 21, 2003 @01:32PM (#5353407)
    "The (majority) of the offenses are generally disgruntled employees getting back at the employer or trying to make money."

    And how is this not serious? Destruction and blackmail are extremely serious and should not be tolerated in society.

    Prison is not just rehabilitation. It is a deterrent. If there were little or no consequences to, say, wiping out a server just because you are mad you got fired then many many more people would do it. Consequentially companies would crack down hard on everyone and treat all employees like assumed criminals.

    Most of the world we live in is based on trust. Most homes and businesses are relatively easy to break into. And if the consequences for such actions were light then more people would be trying it just for fun. And then home owners would have to put bars on their windows and constantly worry about keeping their house secure.

    In fact, this is essentially what Slashdotters are recommending people do to their computers. Most people have better things to do with their lives than worrying about locking down their computer from hackers. How about the hackers say on their own boxes and stay the heck away from everyone elses!! If someone breaks into my computer, it is not MY fault the computer was easy to crack. It is the hackers fault for doing something they weren't supposed to do. And the hacker should go to jail for it, just as they would go to jail for breaking into my house and checking out all my stuff. I don't care if they steal anything or not, it is an invasion of my life and privacy!

    I am sick of the hypocrisy Slashdot getting all up in arms about the Patriot Act and then worshipping Kevin Mitnick. At least I can vote against the Congressmen who supported the Patriot Act. I can't vote to keep Mitnick wannabes off my computer, except to vote to put them in jail where they belong.

    Brian Ellenberger
  • Modern "Witch Hunt" (Score:5, Informative)

    by resistant ( 221968 ) on Friday February 21, 2003 @01:32PM (#5353408) Homepage Journal

    People have always tended to be hysterical about that which they fear and don't understand. They see this "hacking" (it should be called "cracking" in this context, but that's a lost cause) as a vaguely defined but fearsome threat, regardless of the actual reality of harm, and clamor for the modern equivalent of witch burnings [washington.edu].

  • by Billly Gates ( 198444 ) on Friday February 21, 2003 @01:35PM (#5353441) Journal
    For example Mitnick had to be in solitary confinement because he could of launched a nuclear war from a pay phone! Just ask the FBI or the judge taking his case!

    Its not like it takes an order from the president with full access codes to launch a strike or anything. Just a dialtone and a modem from the computer that lauches the strikes.

    Also he could of obstructed justice by using a walkman or radio because he could of turned it into a hacking device. The fbi needed to take these priveldges away as well so he can stare at the walls and do nothing in his solitary confiment for 7 months while still technically inocent I may add. I mean screw John Gotti. This man is clearly more dangerous to our whole American way of life.

    Also look at economic sabatoge and espianage caused by Jon Johnson from reading his own personal dvd's? The RIAA and the BSA claimed they lost over 9 billion a year because of piracy. Its a shame and we all know that these kids and college students can easily afford adobe photoshop, 3dStudioMax and all of Nsync's and britney spears artistic masterpieces of great music which is worth every penny of the price so it must be piracy! We need to stop these so called terrorists before they kill every man woman and child on earth. Hopefully some hardware based solution will be the salvation towards the problem.

    Do we want the whole ecomomy to fall apart and lose millions of jobs because of lenient sentancing? Somebody please think about our children.

  • But I'm angry now (Score:5, Interesting)

    by ellem ( 147712 ) <ellem52@@@gmail...com> on Friday February 21, 2003 @01:35PM (#5353447) Homepage Journal
    Well this is really quite simple.

    Computers are for "smart" people

    People feel marginalized when they don't understand even the basic concepts of what has happened

    Therefore when a CEO realizes they have been hacked/cracked (you fight that out) they feel even more violated since they don't even understand how someone could get past all the hardware they bought and all those 45-100K+ people they have running around purporting to be computer experts.

    Their anguish is then felt by atrtorneys who can't understand the crime, the criminals or why everyone is so upset. The one thing they do know is that THAT FAT GUY WITH THE UNKEMPT BEARD AND THE WIERD SHIRT THAT HAS THE FORMULA FOR HELL ON EARTH:

    #! /usr/bin/perl


    And that's pretty much what happens.
  • by handy_vandal ( 606174 ) on Friday February 21, 2003 @01:40PM (#5353477) Homepage Journal
    Too harshly? Why, in my day, after Prometheus stole fire and gave it to mankind, we chained the guy to a rock and had a giant bird eat out his liver every day. Now that's punishment!
  • I think.. (Score:5, Interesting)

    by Maeryk ( 87865 ) on Friday February 21, 2003 @01:41PM (#5353491) Journal
    That a lot of the problem here is due to double standards and lack of accountability.

    Joe Schmoe embezzles from his S&L firm for ten years, gets caught, and it is realized that he made off with 500K. He is slapped on the wrist, fired, made to "pay it back" on time deferred payments, or maybe stuck in a white collar prison/country club for a few years.

    Mike, the l337 hacker from down the street, defaces Stuff-Marts web page, pointing out that Stuff-Mart buys 80% of its stuff from china, where it is made in forced child labor camps at gunpoint, and it is repaired in an hour.

    Now.. Stuff Mart's lawyers tell the jury that they *potentially* lost MILLIONS due to the damage, (when in fact, they did not "lose" anything.. and there is no way to prove how many people would have bought during that time anyway). The SM lawyers also point out that it cost "an estimated 100K dollars to repair the damage!".. which means they just budgeted in A) the new server and colocation company to handle the site, B) the three person team who maintains and handles the site already, and C) all of their IT staff who received an Email about the "hack" and therefore were "working" on it.

    Its all about what the jury wants to hear, and all about language.. "potential" is used ahead of "we could have potentially lost BILLIONS in sales!" but the judge/jury does not hear the "potential". Nor do they realize that 99% of that IT staff was already working there, doing their routine jobs, and had nothing to do with the repair anyway.

    (Same reason a procedure at the hospital that took all of 15 minutes costs your insurance company as much as your house did.. funky accounting and everyone wanting to be "in" on the action.)

    I think a lot of "hacking" is a no harm no foul problem anyway.

  • white-collar fraud (Score:3, Interesting)

    by oliverthered ( 187439 ) <oliverthered&hotmail,com> on Friday February 21, 2003 @01:42PM (#5353495) Journal
    people get off far to lightly for white-collar fraud crimes.

    1: Open a Swiss bank account.
    2: put money from xyz white-collar fraud into account, get a few mill
    3: goto jail (not for that long)
    4: take money out account.
    5: Enough profit to retire.

    1: Open a Swiss bank account.
    2: Rob a bank for a few thousand
    3: goto jail (for a long time)
    4: take money out account.
    5: umm... well you've got a bit of cash, but was it worth the time?
  • I agree (Score:5, Interesting)

    by arvindn ( 542080 ) on Friday February 21, 2003 @01:44PM (#5353513) Homepage Journal
    Personally, the thing that strikes me as most ridiculous is how clueless courts are when it comes to estimating how much loss the hacker caused.

    From http://www.savage.net/public_html/net/phrack.html:

    The following March a Federal grand jury was told that the document that Knight Lightning had printed in Phrack was worth 80 thousand dollars and was extremely dangerous to the public. The grand jury brought a Federal indictment against Knight Lighting. He faced 31 years in prison for the interstate transportation of stolen property, wire-fraud and violations of the computer fraud and abuse act.

    "In July of 90 we went to court...the witnesses took the stand to try and prove that I had not just committed the crimes they were saying i committed, but to prove that the actions I took were crimes in the first place. The defense never had to put on a single witness, by the end of the week, the governments case had completely fallen apart. The now famous 80 thousand dollar E-911 document was proven to be [publicly] available for no more than 13 dollars from Bellcore."

    This guy was accused of stealing 80 grand when in reality it was worth 13 dollars!!!

    Also see Kevin mitnick answers [slashdot.org] if you missed it.

  • by cardshark2001 ( 444650 ) on Friday February 21, 2003 @01:51PM (#5353565)
    From the article: However, the paper argues that the increase in prosecutable "crimes" could have a chilling effect on security researchers and industry. Security researchers who uncover and disseminate information on vulnerabilities could be charged for their activities. Companies that send unsolicited bulk e-mail could be convicted of unauthorized access. And, makers of faulty software could be liable for the transmission of harmful code.

    A chilling effect on companies that send unsolicited bulk e-mail, huh? This has got to be the coolest chilling effect I've ever heard of!

    And as far as the last sentence goes, don't we all know that Microsoft has been guilty of terrorism for a long time now?

  • by ONU CS Geek ( 323473 ) <ian@m@wilson.gmail@com> on Friday February 21, 2003 @01:52PM (#5353572) Homepage
    My (ex-)girlfriend works at a bank. Her bank branch has never been robbed before, but take the following into account:

    a) Most Bank robbers wouldn't know what bait/dyepacks would look like if it was sitting in front of their face
    b) If the tellers just grab their bait, the robber's getting away with ~$83 per teller
    c) Some Bank Tellers have their own 'valuts' (Bank tellers buy and sell money from the bank vaults to their cash drawers. Some banks differ in how much money they're permitted to have in their drawer, or don't permit their tellers to have locked valuts.

    Let's say I'm Jon-BankRobber. I walk in with my gun, flash it around, walk out with ~$300 bucks (~$80 x 4 bank tellers), caused some bank tellers to quit their jobs/go into therapy/become really depressed. I go to Court, visit the Judge, who gives me ten years.

    Now, let's look at Joe-31337h4x0rd00d. I break into my bank's tellering system, create an account, and either blatently (to the fact that it comes up on the next day's report) or sneakily (penny-slicing) steal money. I can get away with much much more, but for the sake of keeping things same, I only take $300.

    When Joe-Hacker goes to the judge, he's going to get a max of 6 months. Non Violent Crime, Under $500 (no felony), no gun. (this is assuming that they don't get him with electronic tresspass)

    If they're looking to give hackers/crackers a free ride, it won't happen. If they're trying to equal things...just make the same crime punishable by the same punishment. Rob a bank or Crack a bank, go to jail for up to ten years.

    I know some of you will poke holes in this, but the average white-collar-criminal just doesn't go to prison, unless you've pissed someone really off, or really f*cked up.

    Replies will be answered.
    • Eh, either I'm utterly confused as to where you're going with this, or you answered your own argument.

      Non-violent crime (and that's crime without *threat* of violence, not just without actual violence -- i.e. threatening you with a gun does not count as non-violent, even if I never shoot it -- even if it turns out later that it wasn't loaded) is (usually) punished less harshly. And for reason -- violence has impact. I'd argue that you causing even one or two of those tellers significant trauma is a far far greater ramification of your actions than the $300

      Not to mention, there are probably customers that were in the bank as well.

      Cracking the bank only traumatized the sysadmin. And having been in both situations, well, it's not even comparable.

      You're right about white collar criminals, and I think *that* is fucked up, at the same time, cracking can't (at least in the vast majority of cases) be compared to violent crime.

  • federal point system (Score:3, Interesting)

    by margaret ( 79092 ) on Friday February 21, 2003 @02:09PM (#5353766)
    I've had the unfortunate opportunity to learn a little about how federal penalties work. It's all based on a point system. A certain number points for the crime, points if you have a prior record of anything in the past 10 years (state or federal), subtracted points for taking a plea, etc. Then they add them all up and use a chart to determine the range of sentences they can give you.

    And for copyright cases, they automatically tack on 4 points if a computer was involved.
  • by redelm ( 54142 ) on Friday February 21, 2003 @02:16PM (#5353828) Homepage
    ... not deterent value or or even actual damages.

    The real question is whether justice is state-surrogate revenge or to keep the public order.

  • by phorm ( 591458 ) on Friday February 21, 2003 @02:23PM (#5353904) Journal
    As is very, very often the case with human nature, people lash out against the unknown. In the case of computers, hackers are very much a mystery to normal people. How many techs out there have seen a person's computer malfunctioning for various reasons (usually windows, or bad RAM, or the fact that they've install kazaa and a million other crapware loaded programs) - and they automatically assume it's been haxored and/or infected with a virus?

    When it comes to computers, most people are hypocrondriacs (sp?). And what do people do when they fear something unknown, they lash out against it.
    Many people on computers today are affected by spam, viruses, and other issues. Their solution, nail the bastards, put them somewhere - it doesn't matter where, so long as they can't cause me trouble - and jail is a seemingly optimal location for this.

    On the flipside, for kiddies who build idiotic viruses that knock down routers worldwide and cause general chaos, I think that many of the users here on slashdot would be very happy to see them lynched. We have to seperate major disruptions and white-collar criminals from the kids who write "H4XOR3D BY 133TM4N" on a website.
  • by praksys ( 246544 ) on Friday February 21, 2003 @02:36PM (#5354020)
    Penalties for posession and distribution of cocaine are much lower than the penalties for similar crimes involving crack cocaine. Lots of people have speculated that the reason for this is that white and/or wealthy cocaine users do not use crack, while black and/or poor cocaine users do. Wealthy white people make the laws, so the penalties are lower for crimes that memebers of their social circle are likely to commit.

    A similar mechanism might be at work here. Lawyers and businessmen write the laws, so so-called white collar crimes like fraud tend to have low penalties. Lawyers and businessmen do not hack, so the penalties for crimes that involve hacking tend to be higher.
  • by gnovos ( 447128 ) <gnovosNO@SPAMchipped.net> on Friday February 21, 2003 @03:01PM (#5354359) Homepage Journal
    So, hey, anally raping your boss after he/she fires you will give you 5 years, maybe as much as 7.. Wiping out thier servers (which can be replaced with backups in an hour) will give you 10 or more.

    Think about it for a second, which one of those would really be more fulfilling to you, the disgruntled employee? Yeah, that's what I thought... See the system works!
  • by BigGar' ( 411008 ) on Friday February 21, 2003 @04:04PM (#5355184) Homepage
    is that the term hacking sounds bad. It's what crazed men in hockey masks with machete's do to college coeds. What we need to do is change the term to something like "Fluffin' the Bunny". Who'd think that's bad?

    Here's an example:
    Stan was arrested for computer hacking.
    Judge: Give him 15 years solitary.

    Stan was arrested for Fluffin' the Bunny
    Judge: That's so nice what you did for that bunny. You're free to go.

    See, the difference.

    Remember, Fluff the Bunny

  • From the trenches (Score:3, Interesting)

    by DarthWiggle ( 537589 ) <sckiwi.gmail@com> on Friday February 21, 2003 @04:50PM (#5355648) Journal
    The entire legal system is grappling with this new world. Too many lawyers are luddites who can barely program their phones, much less comprehend what "hacking" (sic) is all about. And, worse, so are the judges who oversee their trials. And the juries that weigh the evidence. And the media that covers the trials.

    I dunno, it's a little disheartening to be an aspiring lawyer when I've heard of a firm that prides itself on defending those accused of computer crimes has a password policy that mandates a particular format for your network passwords, and that your password always be provided to your assistant.

"Oh my! An `inflammatory attitude' in alt.flame? Never heard of such a thing..." -- Allen Gwinn, allen@sulaco.Sigma.COM