Hackers are 'Terrorists' Under Ashcroft's New Act 1021
Carlos writes "Most computer crimes are considered acts of terrorism under John Ashcroft's proposed 'Anti-Terrorism Act,' according to this story on SecurityFocus. The Act would abolish the statute of limitations for computer crime, retroactively, force convicted hackers to give the government DNA samples for a special federal database, and increase the maximum sentence for computer intrusion to life in prison. Harboring or providing advice to a hacker would be terrorism as well. This is on top of the expanded surveillance powers already reported on. The bill could be passed as early as this week. I feel safer already."
Umm, Thats not right... (Score:4, Interesting)
Ouch! (Score:5, Interesting)
All it takes is one bad customer relationship to cause a false accusation...
jeremiah cornelius
what about bugtraq? (Score:5, Interesting)
Re:Somebody has to say it, but... (Score:5, Interesting)
stop and think.
if someone commits credit card fraud with said stolen numbers, then we know who the victim is. but we already have a law for that. until some other crime is committed, there was no victim of simply stealing the numbers.
just because a computer was used to commit the crime, it doesn't mean the crime is somehow worse than the same thing done without a computer. theft is theft, and should be treated as such. it's not like we have separate murder laws for guns vs knives...
This will never work. (Score:0, Interesting)
Hack chinese websites.. (Score:2, Interesting)
A backwards approach to legislation (Score:5, Interesting)
The DMCA and all these supposedly anti-terrorist laws, past and present, take a terribly backward approach to lawmaking. The best laws, like the best software, succeed on minimality and generality. Witness the excellent US constitution, which has been extremely effective considering how long it's been around. The constitution uses very broad terms -- "life", "property", "punishment", "vote" -- and very few specific terms. (Some parts are quite specific, like the quartering of soldiers bit. They seem very quaint now.)
Laws, like software, tend to break if they are designed in specificity but used in generality. The trouble with these new laws is that they create all kinds of special cases and extra circumstances designed for a particular moment in history, which we'll have to support for decades or even centuries. The new terrorist laws, in a way, are like the 640k RAM limit -- they seem good enough for now, but in the future, they'll cripple and break all kinds of things.
The difference is, in this case, it is our fundamental freedoms that are being to get crippled and broken. As always, please please please call your representatives and give them a piece of your mind. They are under a lot of pressure right now, and they need to hear from sensible people.
Re:Somebody has to say it, but... (Score:5, Interesting)
Computer crime should be a crime.
But it already *is* a crime. The question is what is a just response to computer crimes. Some things which are *not* just:
To put it another way, if this law passes then someone could be given life in prison without parole for documenting vulnerabilities which allow systems to be compromised by a cracker or a worm. Indeed, it isn't clear that, with the removal of the statute of limitations, they couldn't charge the people documented the vulnerabilities responsible for eg. Code Red or Nimda under this law.
This provision is like the anti-circumvention provision of the DMCA writ large. Whereas at least the DMCA only applies to access-control restrictions on copyrighted material, this law could potentially make all discussion of any vulnerabilities which allow systems or information to be compromised illegal.
These provisions are so utterly preposterous and out of proportion to the crimes (or so-called crimes) discussed as to boggle the mind.
Re:Somebody has to say it, but... (Score:4, Interesting)
That is an excellent example of a victimless "crime" that numerous goodhearted American people are rotting in jail for right now.
Ashcroft's new proposals, though, go far beyond making computer-crime 'crime'. It already is. What he's doing is making it terrorism. People could be jailed for life for the electronic equivilent of graffitti.
"I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."
The irony is that he wants to fight assaults designed to change the purpose of government by changing laws in direct response to a terrorist attack.
The long-term damage from the terror attacks will come from our leaders as they exploit public rage to slip new crap like this into federal law.
Re:perversion (Score:5, Interesting)
From the bill:
"(19) `protected computer' has the meaning set forth in section 1030
"(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.";
From Title 18 Chapter 47 Sec. 1030:
(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication;
Used in interstate or foreing communication? How many of you connect to machines and/or through machines without crossing state lines?
Further from the bill:
""SS 25. Federal terrorism offense defined
"As used in this title, the term `Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate-
-snip-
1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)
-snip-
Okay, so now *maliciously* breaking into basically any computer system is a terrorist act. Couple this with the rest of the increases in anti-terroism this bill contains, and you're doing *LIFE* in FEDERAL PRISON (aka "no parole") because your Anti-CodeRed Perl script took down some dipshit's enterprise server. Meanwhile child molestors get time off for good behavior.
I don't think anyone thinks "computer crime" shouldn't be punished. Just not to this ridiculous degree.
Re:Here's the story. (Score:4, Interesting)
I propose a new Constitutional amendment. The Three-Constitutional Strikes And You're Out amendment. If an elected official votes for three laws that are later found unconstitutional (no statue of limitation, applied retroactively), they are kicked out of office and barred from all government work for life. These people are supposed to know what they are doing and have no fucking excuse for voting for unconstitutional laws.
Re:what about bugtraq? (Score:1, Interesting)
Only tech-illiterate judges can think that. A novel detailing a murder could be construed as giving advice to killers, if you don't know anything about novels.
Flying Instructors (Score:5, Interesting)
Well, you won't go to jail. But the FAA will take your pilot's license away. If you are a pilot, that's nasty. Check out news://rec.aviation.pilots for more.
Without passing a law, without recourse to a *single* elected person, thousands of US citizens have had their source of income removed.
Well, that makes us all safe doesn't it?
Re:Somebody has to say it, but... (Score:2, Interesting)
Re:no it isn't (Score:2, Interesting)
Piecing it together:
Sec. 2510. Definitions -
(17) ''electronic storage'' means -
(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication; and
(18) ''aural transfer'' means a transfer containing the human voice at any point between and including the point of origin and the point of reception.
(19) `protected computer' has the meaning set forth in section 1030; and
(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.
This area relates to making it legal to listen in on computer communications. e.g., the fbi and cia under these provisions are not commiting a crime. no big deal.
On the next (big) point:
from the proposal:
1030(a)(1), (a)(4), (a)(5)(A), or (a)(7)
(relating to protection of computers),
You sited A-2, note A2 is not mentioned.
From section 1030 a1, a4, a5a, and a7 -
(http://www4.law.cornell.edu/uscode/18/1030.html)
(a) Whoever -
(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section
Hacking Hotmail or any other communication system for fun, would not fall under this bill.
Re:Nobody has to say it, but... (Score:4, Interesting)
If we're lucky, the laws will go that way. I sincerely doubt that the careers of the idiots will, though.
What we need in the US is a law that punishes those who pass blatantly unconstitutional laws. Of course, since Congress routinely exempts themselves from legislation, they'd exempt themselves from this, too!
Re:Hacking IS A COMPUTER CRIME YOU STUPID IDIOT!!! (Score:2, Interesting)
Mashiki
--
Assholes, I'm surounded by Assholes!
--
Re:Somebody has to say it, but... (Score:4, Interesting)
now make assisting hacking terrorism.
now make hacking crimes retroactively punishable.
i've read bugtraq for years and have not informed the FBI about all the vulnerabilities released on that mailing list - will this make me negligent and punishable? will my punishment come in the form of an official court prosecution, or will special forces be sent in to take me out without ever letting anyone else know? if i move to Norway, will Norway allow the Navy SEALS to seize me?
Beware, that unmarked white van may be coming for you.
Yeah, sure, very paranoid to think that way, but consider history and consider how other police states have started their lives: will we be naive enough to let this one start as well?
Evidence of a social breakdown in the US? (Score:3, Interesting)
Yes, the U.S. may be becoming a police state. Not only does the U.S. have at least three agencies that police the entire world, the NSA, the FBI, and the CIA, but the U.S. has the highest percentage of its citizens in prison of any country ever, in the history of the world.
Here are the official December 31, 2000 prison statistics from the U.S. Department of Justice [usdoj.gov]. Sorry about the formatting. The lameness filter is lame. It won't let me post enough leading dots.
People in federal and state prisons... 1,312,354People in local jails... 621,149
People on probation... 3,839,532
People on parole... 725,527
Total number of citizens... 6,498,562
The total population of the United States [census.gov], projected to September 24, 2001 at 6:34:55 PM PDT is 285,218,008. Therefore, 2.3 percent of the entire U.S. population is in prison or involved with the criminal justice system. But remember, many of those are babies or children. About 3.1 percent of all adult U.S. citizens are in prison, jail, or on probation or parole.
An April 20, 2000 ABC News article, U.S. Prison Population Rising [go.com] says that the percentage of growth of the U.S. prison population is rising.
There is other evidence of social breakdown: An August 19, 1998 BBC News article, The United States of murder [bbc.co.uk], says that the city with the highest murder rate, Washington, D.C., has a murder rate 170 times higher than the city with the lowest murder rate, Brussels, Belgium. The nine U.S. cities in this study of murder rates all were in the list of the 12 cities with highest murder rate.
There is evidence that the secret agencies of the U.S. government and the weapons manufactureres have too much control: What should be the Response to Violence? [hevanet.com].
Re:The answer is simple (Score:1, Interesting)
My letter to my congressmen (Score:2, Interesting)
Sen. Kay Bailey Hutchison,
Rep. Joe Barton,
A second attack on the freedoms of Americans is happening right now, and you're on the front lines. Please help defend my freedom.
I know that times like these compel one to try to do something about it, to fight for our freedoms and security. I can only assume that this urge is what is driving the current push for laws that ostensibly increase our national security, but in fact restrict our freedoms without measurable increase in security.
You are doing more than your fair share to fight for the American way if you resist the urge to pass oppressive laws in a time of crisis. Please don't let national law be driven by current events. The strength of our nation lies in the freedom it grants its citizens, not the power of the government to control those citizens.
That said, I would like to list some laws which I believe are currently under consideration, and which I feel gravely impact the freedoms on which America is founded.
1) The Mobilization Against Terrorism Act a.k.a. Anti-Terrorism Act proposed by Attorney General Ashcroft. If I understand this bill correctly, it would for example treat computerized graffiti (defacing a governmental web page) as an act of terrorism punishable by life in prison. While defacing government property is obviously a crime, there are already laws on the books with reasonable punishments for these crimes. This bill also appears to violate our ex post facto protections granted by Article I, Section 9 of the Constitution.
2) Amendment S.A. 1562 of H.R. 2500, the Combating Terrorism Act, sections 816, 832, 833 and 834. This bill appears to grant broad rights to government agencies regarding computerized wire taps. There are already mechanisms for obtaining the right to a wire tap (warrants). I feel this act is an abridgement of our fourth amendment protections against unreasonable search and seizure.
3) The draft Public Safety and Cyber Security Enhancement Act (PSCSEA). Restrictions on cryptography can only hurt legitimate uses, never criminal or terroristic uses. Cryptographic algorithms are well known and software providing strong encryption is easily obtainable, regardless of US law. If its use is criminalized, will that stop criminals from using it? Also, encrypted communications can NOT be identified if the communicating parties use commonly known methods of steganography. The kind of messages that terrorists would send back and forth could easily be hidden undetectably in any public internet forum, video stream, photograph, sound or other file. Criminalizing encryption will only restrict law abiding citizens from protecting personal and financial information.
4) The draft legislation titled "Security Systems Standards and Certification Act" (SSSCA). This law grants unprecented rights to intellectual property holders (including virtually eliminating Fair Use rights, first sale doctrine, and public domain rights). At the same time, it increases the cost of all computer systems and eliminates an entire computing industry founded on openness and freedom. (There is publically available software which allows one to operate a computer while legally paying no license fees. This software and any like it would be untenable since anyone could alter the program to disable the copy protections required under the SSSCA. This software (Linux) is an incredible boon to students, non-profit organizations, and low income users everywhere.)
I am a computer software developer. Intellectual property is my livelihood. Please follow the guidelines given by the founding fathers in our Constitution with respect to IP. The limited monopoly on intellectual property is a sacrifice we make to satisfy the real goal.
From the US Constitution: "To promote the progress of science and useful arts by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries." The goal of intellectual property rights is to promote the progress of science and useful arts, not to guarantee income in perpetuity.
How you vote affects how I vote. Please help protect the freedom of American citizens.
Regards,
Bobby Martin
CEO NavTools Inc.
Here is a list of articles further enumerating the concerns about current legistlation:
http://www.securityfocus.com/news/257
http://www.aclu.org/action/liberty107.html
http://www.politechbot.com/docs/hollings.090701
http://www.eff.org/alerts/20010921_eff_wiretap_
Re:Somebody has to say it, but... (Score:1, Interesting)
My company, a defense industry manufacturer, lost an entire month's wort of business because of Code Red and changes to various systems that required us to change our IP and implement new procedures. We were NOT infected but were measurably Affected.
Jeremy
Re:Size Matters (Score:1, Interesting)