Hackers are 'Terrorists' Under Ashcroft's New Act 1021
Carlos writes "Most computer crimes are considered acts of terrorism under John Ashcroft's proposed 'Anti-Terrorism Act,' according to this story on SecurityFocus. The Act would abolish the statute of limitations for computer crime, retroactively, force convicted hackers to give the government DNA samples for a special federal database, and increase the maximum sentence for computer intrusion to life in prison. Harboring or providing advice to a hacker would be terrorism as well. This is on top of the expanded surveillance powers already reported on. The bill could be passed as early as this week. I feel safer already."
There's too many of us (Score:2, Informative)
Put us all in prison, and prisons will be freer than out here.
The true hacker is absolutely, completely, devoted to freedom.
-wp
Re:There's too many of us (Score:2)
(Though security geeks are likely richer and whiter than drug offenders, on average, which will help.)
oh, crap... (Score:4, Funny)
Quick, smash your DSL modems, clear your logs, and run for the hills before the Feds arrive!
Umm, Thats not right... (Score:4, Interesting)
Re:Umm, Thats not right... (Score:2)
teaching someone how to disassemble a program?
teaching assembly language?
using a non-MS product?
Flying Instructors (Score:5, Interesting)
Well, you won't go to jail. But the FAA will take your pilot's license away. If you are a pilot, that's nasty. Check out news://rec.aviation.pilots for more.
Without passing a law, without recourse to a *single* elected person, thousands of US citizens have had their source of income removed.
Well, that makes us all safe doesn't it?
Re:Umm, Thats not right... (Score:4, Insightful)
"If you have programming skills, get the fuck out of the States and take your skills with you. Your country obviously doesn't want you anymore."
(Am I now a felon?)
Re:Umm, Thats not right... (Score:2)
Moderators - please mod my original post original post [slashdot.org] down. As in, "(1, Didn't Read The Fscking Article Before Posting)"
Ouch! (Score:5, Interesting)
All it takes is one bad customer relationship to cause a false accusation...
jeremiah cornelius
Re:Ouch! (Score:5, Funny)
Boy, was she vulnerable! Glad I was able to help her out, really!
Re:Ouch! (Score:3, Funny)
That's why John Ashcroft will be needing a DNA sample from you.
My DNA? (Score:5, Insightful)
So, who wants to take bets that the RIAA get's copyright violaters termed as hackers?
Re:My DNA? (Score:4, Funny)
Re:My DNA? (Score:2)
It's so they can identify you when you crash your jumbo-jet into the whitehouse.
Six degrees of separation. (Score:2)
This is a perfect example. Decrypting DVDs under the DMCA is circumvention. Circumvention is hacking. Hacking is now terrorism.
Crack a copy of your new CD so you can have burned copies in your car instead of the originals (in case they get stolen), and you are now a terrorist.
Re:Six degrees of separation. (Score:5, Funny)
Naturally, it takes a politically-connected DA about a month to remedy the situation, particularly if goose-whackers are a mostly misunderstood minority...
Now hang on just a sec... (Score:4, Redundant)
This thing needs to at least be tempered by a clause which adds or defines criminal intent. That is, if hacking is done with the intent to destroy or disable the United States government and/or make actual acts of terrorism (such as blowing people up) easier, then throw the bastards in jail. But defacing some web site doesn't harm the United States government; it's just annoying as hell. And annoying doesn't deserve life in prison without the possibility of parole--especially since actually killing someone is what I would consider slightly more annoying, yet many types of murder don't get anywhere near life.
Re:Now hang on just a sec... (Score:2)
I agree with this statement, unless you hack a major commerce site (the government's revenue source) or a major news site (the government's propaganda outlet). In either of those cases, you're actually threatening the government. The safest thing to do is probably to hack a government information website, since there's very little of value there and most likely no one will even see it for weeks.
Bryguy
Re:Now hang on just a sec... (Score:5, Funny)
I've said this before, but it's worth repeating. The laws that apply in the real world should apply in the cyber world.
Defacing a web face is the same as spraying some grafitti on a wall. Stealing credit card numbers or private information is the same as theft. Bringing down a government web site is sabotage. These should be dealt with the same as they are in the real world.
Defacing a web site is vandalism, and therefore should be treated as a misdemeanor. Stealing credit card numbers or private information would be a misdemeanor or a felony depending on how much was stolen and how much it's worth. Sabotage, deliberate, willful destruction of government property, including websites, *is* terrorism and should be dealt with as such.
I don't see why this is so frickin' hard.
Umm.. (Score:2)
def con (Score:2)
what next?
Re:def con (Score:2)
The FBI will arrest America's best and brightest, crippling high-tech innovation.
No they won't. They'll only arrest those of the best and brightest who bother them. Others of the best and brightest will be threatened arrest and forced to help the government. And then the best of the best and brightest of the brightest won't break the law (or at least won't get caught) in the first place.
what about bugtraq? (Score:5, Interesting)
Re:what about bugtraq? (Score:2)
Security sites often post code that can be used to exploit a particular hole, so that the hole can be better understood and more easily patched.
What about tools like L0phtcrack [atstake.com]?
perversion (Score:5, Insightful)
Re:perversion (Score:5, Insightful)
On that, we agree.
Upon reading the draft bill, I'm not happy with all of the provisions in the bill, but I really don't see anything that says "guy with programming sk1llz == terrorist."
I do see an expansion of The List Of Bad Things We Can Do To Felons (such as DNA sampling), but that's a far cry from "all [cr]ackers are terrorists", let alone "all Hackers are now terrorists and will have to give up DNA samples".
Indeed, only crackers who attack "protected systems" (meaning .gov and .mil boxen - not the d00d who hax0rz the average web site) appear to be in line to get their asses handed to them on a silver platter under this Act, and those provisions I can support. (Hell, those are about the only provisions I'd support ;-)
Earlier, I made a post that said "If you've got programming skills, get the hell outa here." I retract that post. This bill, while odious for many means, is not a declaration that American doesn't want its programmers anymore.
Serves me right for replying to /. before reading the fscking article ;-)
CFAA Applies TO EVERY COMPUTER (Score:4, Informative)
You are so wrong you can't believe it. The CFAA defines a "protected computer" to mean a computer that is used in interstate commerce. This means any computer connected to the internet or a modem.
I have litigated CFAA civil actions, and I am here to tell you that virtually ANY unauthorized access where virtually ANY valuable information is received, or where ANY valuable data is modified or changed is quite arguably sufficient to lay down a prima facie case.
This bill is as bad as you first thought it was.
Re:perversion (Score:5, Interesting)
From the bill:
"(19) `protected computer' has the meaning set forth in section 1030
"(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.";
From Title 18 Chapter 47 Sec. 1030:
(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication;
Used in interstate or foreing communication? How many of you connect to machines and/or through machines without crossing state lines?
Further from the bill:
""SS 25. Federal terrorism offense defined
"As used in this title, the term `Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate-
-snip-
1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)
-snip-
Okay, so now *maliciously* breaking into basically any computer system is a terrorist act. Couple this with the rest of the increases in anti-terroism this bill contains, and you're doing *LIFE* in FEDERAL PRISON (aka "no parole") because your Anti-CodeRed Perl script took down some dipshit's enterprise server. Meanwhile child molestors get time off for good behavior.
I don't think anyone thinks "computer crime" shouldn't be punished. Just not to this ridiculous degree.
Re:perversion (Score:4, Insightful)
Excuse me, but you are quite likely to be wrong. Was your computer, or any computer in your possession, infected with Code Red or Nimda? If so, and if it scanned any computers outside of your state, then it's not really a stretch to say that you were outside of the law.
OK, so as a Slashdot reader, you are less likely to be affected by the above. But how many of your friends were?
Also, this bill will eliminate the statute of limitations on these crimes and allow retroactive prosecution. Therefore, anybody who got Code Red or Nimda can quite plausibly be put in jail for life.
Would they win on defense? Maybe, but they're in jail until the trial is over. And maybe they won't win on defense...
This law hands the power to imprison damn near anyone running Windows IIS over the US government, such that only a lawsuit (inevitably protracted) would get them out.
Who still believes this is about preventing terrorism? What a sick joke! Frankly, I think those proposing this bill are traitors to the United States.
So... (Score:2, Insightful)
Bummer...
Interesting question (Score:2)
hmmm (Score:2, Funny)
Microsoft regularly gives advice to hackers with this thing called the Knowlege Base.
They even have a program (IIS) that aids hackers in break in attempts.
Their new advertisement [theregister.co.uk] advocates the destruction of buildings.
This is clearly one of the worst terror organizations
The US and it's allies must take action
Hack chinese websites.. (Score:2, Interesting)
God Damn, I hate John Ashcroft... (Score:2)
Seriously, I'm afraid that this line of reasoning is only going to continue under the Bush administration.
Anyone who violates the conservative faction's very narrow definition of legality and morality is going to face harsher and harsher penalties. It's the 'hackers' right now. I'll be charitable and say that that means anyone who illegally breaks into a computer system or network. It will be expanded in the very near future to include anyone who violates non-circumvention clause of the DMCA. Seriously, how far are those two apart?
It can be reasonably argued that violating copy protections will put illegal technology or information in the hands of terrorists.
The logical progression is pretty evident from that point on. Anyone caught breaking a copyright will be targeted, and then anyone who illegaly owns copyrighted material will be targeted.
Hmmm... I wonder if I should encrypt the stash of Anime fansubs on my HDD. Wait, encryption is going to be illegal to! I'm a terroist either way!
Congress will just keep passing laws to give Bush and Ashcroft what they want in the name of 'National Security'. Don't think for a second that they won't.
A backwards approach to legislation (Score:5, Interesting)
The DMCA and all these supposedly anti-terrorist laws, past and present, take a terribly backward approach to lawmaking. The best laws, like the best software, succeed on minimality and generality. Witness the excellent US constitution, which has been extremely effective considering how long it's been around. The constitution uses very broad terms -- "life", "property", "punishment", "vote" -- and very few specific terms. (Some parts are quite specific, like the quartering of soldiers bit. They seem very quaint now.)
Laws, like software, tend to break if they are designed in specificity but used in generality. The trouble with these new laws is that they create all kinds of special cases and extra circumstances designed for a particular moment in history, which we'll have to support for decades or even centuries. The new terrorist laws, in a way, are like the 640k RAM limit -- they seem good enough for now, but in the future, they'll cripple and break all kinds of things.
The difference is, in this case, it is our fundamental freedoms that are being to get crippled and broken. As always, please please please call your representatives and give them a piece of your mind. They are under a lot of pressure right now, and they need to hear from sensible people.
Giving advice to hackers (Score:2)
Unconstitutional (Score:2, Informative)
abolish the statute of limitations for computer crime, retroactively...
From Article I, section 9, paragraph 3:
"No Bill of Attainder or ex post facto Law shall be passed".
Ex Post Facto refers to laws having a retroactive effect, for those of you wondering.
So, as always, IANAL, but this sure doesn't sound constitutional to me.
So murder is less of an offense than hacking? (Score:4, Insightful)
Re:So murder is less of an offense than hacking? (Score:2, Funny)
Hacking a military site can affect THOUSANDS of lives and national security.
--jeff
Renting appartments might get hard... (Score:2)
We do not harbor terrorists!
Am I dreaming or is this country really THE America?
welcome to the New America (Score:2)
And the recording industry was happy because they convinced people that unauthorized duplication was somehow equivalent to theft of property or stealing from ships on the high seas. Well, I think this tops that!
I think the USA should just take a tip from the Taliban and make all crimes punishable by death or corporeal punishment.
And the message is clear. If you're a high school student thinking of hacking a bank web site and stealing credit card numbers, forget it, KILL THOUSANDS OF PEOPLE INSTEAD! You'll get the same punishment anyway, so do something more stylish!!
It seems a tad broad to me... (Score:2, Insightful)
-Henry
Does that include ... ? (Score:5, Funny)
Bill Gates had better pack his bags now! ("... the most cigarettes.")
is it just me... (Score:2)
Did terrorist actually use anything hightech? (Score:2, Redundant)
The highest tech I have heard of is using email at Kinko's.
Not broad enough! (Score:5, Flamebait)
Seems like this bill needs to be broadened to include itself and John Ashcroft, both of whom seem hell-bent on changing the purpose of government.
List of contacts (Score:5, Informative)
Judiciary Committee List
Name, party, state, phone, fax, e-mail.
James Sensenbrenner, Chair, R-WI, (202) 225-5101,(202) 225-3190,sensen09@mail.house.gov
Henry Hyde, R-IL, (202) 225-4561, (202) 225-1166.
John Conyers Jr., D-MI, (202) 225-5126, (202) 225-0072,john.conyers@mail.house.gov
George Gekas, R-PA, (202) 225-4315, (202) 225-8440, askgeorge@mail.house.gov
Barney Frank, D-MA, (202) 225-5931, (202) 225-0182
Howard Coble, R-NC, (202) 225-3065, (202) 225-8611, howard.coble@mail.house.gov
Howard Berman, D-CA, (202) 225-4695, (202) 225-3196,Howard.Berman@mail.house.gov
Lamar Smith, R-TX, (202) 225-4236, (202) 225-8628
Rick Boucher, D-VA, (202) 225-3861, (202) 225-0442,ninthnet@mail.house.gov
Elton Gallegly, R-CA, (202) 225-5811, (202) 225-1100
Jerrold Nadler, D-NY, (202) 225-5635, (202) 225-6923, jerrold.nadler@mail.house.gov
Bob Goodlatte, R-VA, (202) 225-5431, (202) 225-9681,talk2bob@mail.house.gov
Bobby Scott, D-VA, (202) 225-8351, (202) 225-8354
Steve Chabot, R-OH, (202) 225-2216, (202) 225-3012
Mel Watt, D-NC, (202) 225-1510, (202) 225-1512, nc12.public@mail.house.gov
Bob Barr, R-GA, (202) 225-2931, (202) 225-2944, barr.ga@mail.house.gov
Zoe Lofgren, D-CA, (202) 225-3072, (202) 225-3336, zoe@lofgren.house.gov
William Jenkins, R-TN, (202) 225-6356, (202) 225-5714
Sheila Jackson Lee, D-TX, (202) 225-3816, (202)225-3317, tx18@lee.house.gov
Christopher Cannon, R-UT, (202) 225-7751, (202)225-5629, cannon.ut03@mail.house.gov
Maxine Waters, D-CA, (202) 225-2201, (202) 225-7854
Lindsey Graham, R-SC, (202) 225-5301, (202) 225-3216
Marty Meehan, D-MA, (202) 225-3411, (202) 226-0771, martin.meehan@mail.house.gov
Spencer Bachus, R-AL, (202) 225-4921, (202) 225-2082
William Delahunt, D-MA, (202) 225-3111, (202)225-5658, william.delahunt@mail.house.gov
John Hostettler, R-IA, (202) 225-4636, (202)225-3284, john.hostettler@mail.house.gov
Robert Wexler, D-FL, (202) 225-3001, (202) 225-5974
Mark Green, R-WI, (202) 225-5665, (202) 225-5729, mark.green@mail.house.gov
Tammy Baldwin, D-W, (202) 225-2906, (202) 225-6942, tammy.baldwin@mail.house.gov
Ric Keller, R-FL, (202) 225-2176, (202) 225-0999
Anthony David Weiner, D-NY, (202) 225-6616, (202)226-7253
Darrell Issa, R-CA, (202) 225-3906, (202) 225-3303
Adam Schiff, D-CA, (202) 225-4176, (202) 225-5828
Melissa Hart, R-PA, (202) 225-2565, (202) 226-2274, melissa.hart@mail.house.gov
Jeff Flake, R-AZ, (202) 225-2635, (202) 226-4386
So let's do something about it (Score:5, Informative)
It takes TEN letters (dead tree letters, email gets deleted immediately) for a Senatorial office to open an issue. TEN. (According to Illinois Senator Dick Durban.) And regardless of the advertising and commercials that politicians raise huge war chests to fund, on election day it is YOUR VOTE that decides who ends up in DC. (East Coast, you have no say over the West Coast one.)
I'd like to issue a call to everyone who posted something modded up to 3 or above: Write a letter to your representatives with the same level of intelligence and Interesting/Insightful content. Write it once and send it three times, once to your Congressperson, and once to each Senator. Fax it if you'd prefer. (Snail mail and fax are what they like the most.) Keep it to one page. Reference the Constitution. Refer to yourself with your most impressive title. (Professor, Ph.d, Senior Engineer, Graduate Student, Independent Developer) and as a registered voter. In the name of the Tux do not tell them that you don't vote, even if that's the case (in which case you should be ashamed of yourself). Then when the next election rolls around, ignore the commercials, take an hour to do your own research, and vote for the candidate that did not support revoking the 4th Amendment and violating Ex Post Facto. It works. (See also: Former Senator Alan Dixon)
For those of you in countries outside of the US, the same applies to you. The Canadian, British, Australian, French, German, etc. governments are all popularly elected as well. (At least the active parts of the British government, anyway.) Politicians are the same everywhere. The same tactics apply. Use them. If you don't, you have no one to blame but yourselves.
I'd Complain But... (Score:2)
Of course Congress is also showing quite a bit of reason [cnn.com] in the face of Ashcroft's demands, too, so maybe calmer heads will prevail. Though I tend to be a glass-is-half-empty kind of guy when it comes to such things.
security through imprisonment. (Score:4, Funny)
The premise of STI is that civilian and military systems dont need to be secured, but instead laws need to be put in place that will require life sentances for so much as a failed telnet login attempt.
In response to our questions Ashcroft had the following statement: "Everyone is aware that securing Microsoft products is as futile as the war-on-drugs(TM), so we decided that rather than attempting to fix the systems - we will just send these E-Terrorists to prison for life for their crimes against Freedom(R). It is important for us to protect-our-children's(TM - H. Clinton) future in the wake of this terrible tragedy. Our new policy is called "If you cant do the right thing, then just do something"
Sure, but what can we do? (Score:4, Insightful)
What bothers/scares me... (Score:2)
That alone is scary enough, but now even stronger punishments, and treatment as what I am going to guess is a capital crime? Ouch. IT is looking even scarier.
(Is scarier a word?)
This is nothing new... (Score:5, Insightful)
As David Quinn put it quite eloquently: Quite depressing, really. (The whole text can be found here [ishmael.com], BTW)
But what can you expect when the whole world has bought into the idea that there is absolutely nothing that any one person can do to change things [ishmael.com]?
-- Shamus
Bleah!
Very disturbing, but not quite as bad as it seems. (Score:3, Informative)
The specific sections of "computer crime" law that appear to be reclassified as "terrorist acts" appear to be only:
1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)
Which are:
- (a) Whoever -
- (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
- (5)
- (Interestingly, they don't seem to include B and C under this act as "terrorism", which are similar to section A, and are almost identical to each other - I have no idea why they have them. "B" says "(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage;". C is word-for-word the same, except without the word "recklessly". ANy idea why they have them both?)
- (7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section.
In short, the only "computer crimes" listed as "terrorism" by this act are stealing US Gov't, Inc secrets by computer, maliciously hacking into a system with intent to steal valuables (aside from CPU cycles), and using threats of malicious computer hacking to extort.(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;[...]
(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
The only one that concerns me very much here is 5A - it seems like high-paid corporate lawyers could easy "prove" that for example, if 1337D00D@scriptkiddy.com maliciously hacks into www.microsoft.com and puts a link to his website on the index page, that he's obtained at least $5000 worth of advertisement...
Come to think of it, I'm a little leery of the "or exceeds authorized access" bit in (4) - if one "accesses" a computer to purchase and legally download some proprietary "protected" piece of music or video, and finds a way to convert it to a nonproprietary format for personal use, has one "exceeded authorized access" and is therefore not merely a DMCA Criminal but a full-fledged DMCA Terrorist? It's a bit of a stretch, but I think a wealthy corporation can buy enough lawyer-approved powerpoint slides "proving" this to a non-technical jury...
NOT After Every Hacker (Score:4, Informative)
This list hardly seems to encompass "most computer crimes". For instance merely accessing or stealing non-classified information is not a terrorist act. Nor does it include breaking encryption ala DMCA. Defacing websites is not a terrorist act unless the computer belongs to one of the above categories and changing the website results in nontrivial financial losses. Writing viruses/worms is not a terrorist act unless you intentionally use it in a way that damages "protected" computers. (From the wording, I wouldn't interpret this to include merely releasing it into the wild, but a judicial ruling would have to clarify that issue). The crimes they are signaling out are pretty significant stuff and not just any old act of hacking. Let's not further contribute to the FUD.
What follows are excerpts of the laws in question:
From The Anti-Terrorism Act of 2001 (Draft 2)
http://www.eff.org/Privacy/Surveillance/20010919_
Sec. 309: "...the term 'Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate...1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)..."
From US Code Title 18, Section 1030
http://www4.law.cornell.edu/uscode/18/1030.html [cornell.edu]
(a)(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
(a)(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
(a)(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(a)(7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section
Under the same Section, part (d)(e)(2) and (8): (2) the term "protected computer" means a computer -
- (A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
- (B) which is used in interstate or foreign commerce or
communication;
(8) the term "damage" means any impairment to the integrity or availability of data, a program, a system, or information, that -Shifting blame (Score:3, Insightful)
Whistleblower protection with real teeth would be more effective in cleaning up inept government agencies. So would giving the federal Inspectors General the power to fire Federal employees. But no, Ashcroft's not asking for that.
Re:Somebody has to say it, but... (Score:3, Insightful)
Re:Somebody has to say it, but... (Score:2, Insightful)
Re:Somebody has to say it, but... (Score:4, Interesting)
That is an excellent example of a victimless "crime" that numerous goodhearted American people are rotting in jail for right now.
Ashcroft's new proposals, though, go far beyond making computer-crime 'crime'. It already is. What he's doing is making it terrorism. People could be jailed for life for the electronic equivilent of graffitti.
"I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."
The irony is that he wants to fight assaults designed to change the purpose of government by changing laws in direct response to a terrorist attack.
The long-term damage from the terror attacks will come from our leaders as they exploit public rage to slip new crap like this into federal law.
Re:Somebody has to say it, but... (Score:4, Interesting)
- it will be a long war
- it will be a secretive war
- the U.S. government will not necessarily reveal evidence against the terrorists they uncover.
- the U.S. government expects all other governments to comply and assist with its anti-terrorist actions.
now make hacking terrorism.now make assisting hacking terrorism.
now make hacking crimes retroactively punishable.
i've read bugtraq for years and have not informed the FBI about all the vulnerabilities released on that mailing list - will this make me negligent and punishable? will my punishment come in the form of an official court prosecution, or will special forces be sent in to take me out without ever letting anyone else know? if i move to Norway, will Norway allow the Navy SEALS to seize me?
Beware, that unmarked white van may be coming for you.
Yeah, sure, very paranoid to think that way, but consider history and consider how other police states have started their lives: will we be naive enough to let this one start as well?
Re:Nobody has to say it, but... (Score:4, Interesting)
If we're lucky, the laws will go that way. I sincerely doubt that the careers of the idiots will, though.
What we need in the US is a law that punishes those who pass blatantly unconstitutional laws. Of course, since Congress routinely exempts themselves from legislation, they'd exempt themselves from this, too!
Re:Somebody has to say it, but... (Score:3, Insightful)
> Say someone hax0rs an air traffic
> control system, do they deserve life
> imprisonment?
Yes, they do. For attempted murder, not for
computer crime. They should be tried and executed
or imprisoned for the crime, not for the means.
If we raise the computer crime to the level of a
capital offense, we DIMINISH the meaning of the
capital offenses we already have.
Re:Somebody has to say it, but... (Score:5, Interesting)
stop and think.
if someone commits credit card fraud with said stolen numbers, then we know who the victim is. but we already have a law for that. until some other crime is committed, there was no victim of simply stealing the numbers.
just because a computer was used to commit the crime, it doesn't mean the crime is somehow worse than the same thing done without a computer. theft is theft, and should be treated as such. it's not like we have separate murder laws for guns vs knives...
Re:Somebody has to say it, but... (Score:3, Insightful)
And if I drive home drunk and get away with it, what's the harm?
Re:Somebody has to say it, but... (Score:4, Insightful)
Of course this is all well known. Best way to hack into a network? Get a job there as a Janitor and find a computer that wasn't logged out of.
Anyhow, criminal Laws can be divided into two categories, I've always though:
Laws that prohibit things that are bad.
Laws that might make it easier to enforce the former laws.
So, killing people is bad, so it's illegal.
Owning a gun isn't bad, but making that illegal is believed to make it easier to enforce the killing people law.
Copyright theft is bad. Being able to back-up an acrobat document isn't bad, and in Russia is actually a right, but DCMA is supposed ot mkae it easier to enforce the "no stealing copyright materials" law.
Re:Somebody has to say it, but... (Score:3, Informative)
I'm not against bad things being a crime, but who gets to define what is a crime or not? And what about when new types of hacking/cracking come out? Maybe windows virus authors should be made criminals? How about websites that use cookies to track you (doubleclick anyone?).
The problem with computers and hacking in general is that it's very hard to narrowly define what is and isn't a crime. Mitnick is a sure sign of this, as is Dimitri. On one side ($$) it's a crime of epic proportions, on the other side it's harmless fun, investigation, proving a point, whatever. This has been a problem since phreaking and probably far before....
Re:Somebody has to say it, but... (Score:2, Insightful)
Oddly enough, according to the bill the deciding determiner of whether the unlawful act is a terrorist act is whether or not it was done for financial gain. So hacking a DB of credit card info ISN'T a terrorist act, while snooping around because you want to learn something IS.
I'm sure that violation of the DMCA will be covered under this act soon, as well...
Re:Somebody has to say it, but... (Score:2, Insightful)
You wouldn't think it was fair to sentence someone who scrawled "Kilroy wuz here '01" on the bathroom wall of a pizza parlor to life in prison, would you? Because that's what this law states: Scrawl your name on any website without the author's permission and be punished as if you were Osama bin Laden's personal hackmeister.
Re:Somebody has to say it, but... (Score:2)
which would get you in deep shit if you were caught.
Re:Somebody has to say it, but... (Score:2)
I kmew this Ashcroft guy was trouble.
Evidence of a social breakdown in the US? (Score:3, Interesting)
Yes, the U.S. may be becoming a police state. Not only does the U.S. have at least three agencies that police the entire world, the NSA, the FBI, and the CIA, but the U.S. has the highest percentage of its citizens in prison of any country ever, in the history of the world.
Here are the official December 31, 2000 prison statistics from the U.S. Department of Justice [usdoj.gov]. Sorry about the formatting. The lameness filter is lame. It won't let me post enough leading dots.
People in federal and state prisons... 1,312,354People in local jails... 621,149
People on probation... 3,839,532
People on parole... 725,527
Total number of citizens... 6,498,562
The total population of the United States [census.gov], projected to September 24, 2001 at 6:34:55 PM PDT is 285,218,008. Therefore, 2.3 percent of the entire U.S. population is in prison or involved with the criminal justice system. But remember, many of those are babies or children. About 3.1 percent of all adult U.S. citizens are in prison, jail, or on probation or parole.
An April 20, 2000 ABC News article, U.S. Prison Population Rising [go.com] says that the percentage of growth of the U.S. prison population is rising.
There is other evidence of social breakdown: An August 19, 1998 BBC News article, The United States of murder [bbc.co.uk], says that the city with the highest murder rate, Washington, D.C., has a murder rate 170 times higher than the city with the lowest murder rate, Brussels, Belgium. The nine U.S. cities in this study of murder rates all were in the list of the 12 cities with highest murder rate.
There is evidence that the secret agencies of the U.S. government and the weapons manufactureres have too much control: What should be the Response to Violence? [hevanet.com].
Re:Somebody has to say it, but... (Score:2, Funny)
Sigh.
Re:Somebody has to say it, but... (Score:3, Funny)
Re:Somebody has to say it, but... (Score:3, Insightful)
But crime punishable by life in prison? With no statute of limitations? Doesn't murder have no statute of limitations and get you life?
There's a difference between 'crime is crime' and having some sense of proportion. geez.
Re:Somebody has to say it, but... (Score:4, Insightful)
Break into their computer, and you're instantly labelled a terrorist. Think there's any chance you'll get much less than the maximum penalty of life? Hell, my high school once informally accused me of piracy (which, incidentally, I was not guilty of) just on the basis that I knew enough and therefore could have done it. If there's anything that makes people paranoid, it's hearing that the Big Bad Hacker is right outside their computer's door.
Fair, no?
Re:Somebody has to say it, but... (Score:2)
Re:Somebody has to say it, but... (Score:2)
But maybe you're right. After we all, we all know the goverment has the best intentions in mind when they pass laws about computer and high-tech crimes. (*cough* DMCA *cough*)
Here's the story. (Score:2, Informative)
By Kevin Poulsen
Sep 23 2001 11:00PM PT
Hackers, virus-writers and web site defacers would face life imprisonment without the possibility of parole under legislation proposed by the Bush Administration that would classify most computer crimes as acts of terrorism.
The Justice Department is urging Congress to quickly approve its Anti-Terrorism Act (ATA), a twenty-five page proposal that would expand the government's legal powers to conduct electronic surveillance, access business records, and detain suspected terrorists.
The proposal defines a list of "Federal terrorism offenses" that are subject to special treatment under law. The offenses include assassination of public officials, violence at international airports, some bombings and homicides, and politically-motivated manslaughter or torture.
Most of the terrorism offenses are violent crimes, or crimes involving chemical, biological, or nuclear weapons. But the list also includes the provisions of the Computer Fraud and Abuse Act that make it illegal to crack a computer for the purpose of obtaining anything of value, or to deliberately cause damage. Likewise, launching a malicious program that harms a system, like a virus, or making an extortionate threat to damage a computer are included in the definition of terrorism.
To date no terrorists are known to have violated the Computer Fraud and Abuse Act. But several recent hacker cases would have qualified as "Federal terrorism offenses" under the Justice Department proposal, including the conviction of Patrick Gregory, a prolific web site defacer who called himself "MostHateD"; Kevin Mitnick, who plead guilty to penetrating corporate networks and downloading proprietary software; Jonathan "Gatsby" Bosanac, who received 18-months in custody for cracking telephone company computers; and Eric Burns, the Shoreline, Washington hacker who scrawled "Crystal, I love you" on a United States Information Agency web site in 1999. The 19-year-old was reportedly trying to impress a classmate with whom he was infatuated.
The Justice Department submitted the ATA to Congress late last week as a response to the September 11th terrorist attacks in New York, Washington and Pennsylvania that killed some 7,000 people.
As a "Federal terrorism offense," the five year statute of limitations for hacking would be abolished retroactively -- allowing computer crimes committed decades ago to be prosecuted today -- and the maximum prison term for a single conviction would be upped to life imprisonment. There is no parole in the federal justice system
Those convicted of providing "advice or assistance" to cyber crooks, or harboring or concealing a computer intruder, would face the same legal repercussions as an intruder. Computer intrusion would also become a predicate offense for the RICO statutes.
DNA samples would be collected from hackers upon conviction, and retroactively from those currently in custody or under federal supervision. The samples would go into the federal database that currently catalogs murderers and kidnappers.
Civil liberties groups have criticized the ATA for its dramatic expansion of surveillance authority, and other law enforcement powers.
But Attorney General John Ashcroft urged swift adoption of the measure Monday.
Testifying before the House Judiciary Committee, Ashcroft defended the proposal's definition of terrorism. "I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."
The Act is scheduled for mark-up by the committee Tuesday morning.
Re:Here's the story. (Score:5, Insightful)
The difference (Score:3, Insightful)
It's still stupid though.
Re:Here's the story. (Score:4, Interesting)
I propose a new Constitutional amendment. The Three-Constitutional Strikes And You're Out amendment. If an elected official votes for three laws that are later found unconstitutional (no statue of limitation, applied retroactively), they are kicked out of office and barred from all government work for life. These people are supposed to know what they are doing and have no fucking excuse for voting for unconstitutional laws.
Re:Somebody has to say it, but... (Score:2, Insightful)
Also, does this mean that we no longer need virus programs and firewalls? I mean, who needs to lock their door when burglary is illegal?
And of course, how does this bode for tech workers? I often have to gain access to a customer's servers. Does this mean a simple "here's some credentials for you to use" is no longer enough? Do I have to have the admin at the customer's site file a contract with his boss and have his boss and himself and myself sign it each and every time I help them out, even if I'm just entering to check their logs because -- hey -- someone might later say it was unauthorized?
Ashcroft can suck my cock -- but we all know these things will be passed. And projects like mozilla.org that have sections on "hacking the code" will become villified for contributing to terrorism. Welcome to the witch-hunts; i'm finding a new line of fucking work.
Re:Somebody has to say it, but... (Score:5, Interesting)
Computer crime should be a crime.
But it already *is* a crime. The question is what is a just response to computer crimes. Some things which are *not* just:
- Sentencing someone to lifetime imprisonment without possibility of parole for a simple computer crime. Remember, if the crime really warranted such a sentence--for example, cracking air traffic control and causing planes to crash into each other; cracking a CIA computer and stealing national secrets--then the criminal would already be liable for serious punishment under existing laws--murder and espionage, in these cases.
- Retroactively eliminating the statute of limitations, allowing people to now be charged with computer "crimes" they committed decades ago.
What's even worse is the provision that giving advice or information which may be used to facilitate computer crimes is not only criminalized but subject to the same penalties.To put it another way, if this law passes then someone could be given life in prison without parole for documenting vulnerabilities which allow systems to be compromised by a cracker or a worm. Indeed, it isn't clear that, with the removal of the statute of limitations, they couldn't charge the people documented the vulnerabilities responsible for eg. Code Red or Nimda under this law.
This provision is like the anti-circumvention provision of the DMCA writ large. Whereas at least the DMCA only applies to access-control restrictions on copyrighted material, this law could potentially make all discussion of any vulnerabilities which allow systems or information to be compromised illegal.
These provisions are so utterly preposterous and out of proportion to the crimes (or so-called crimes) discussed as to boggle the mind.
Re:Somebody has to say it, but... (Score:2, Informative)
Re:Somebody has to say it, but... (Score:2, Insightful)
The problem here isn't so much that they're saying that computer crime is illegal - more that the punishment is ridiculously severe. When deciding on a punishment, you have to decide what the aim of punishment is and how best to achieve that aim. In this case however, the law makers seem to have the aim of getting votes and the best method is to be tough on terrorism of any kind. It pulls at the heart strings of the nation so of course it gets votes.
Besides the political goals though, there are two main aims people have for utilising jail terms as punishment. The first is to remove the villian from society so that we can all forget about them and feel safe again - the death penalty is much more effective at achieving this aim so why not just use it? Some countries take this approach and it works, there is almost zero crime because people know if they commit a crime they are either executed or deported. The problem with this approach is twofold, firstly it expects everyone to lead a near perfect life and never make a mistake (think of how many teenagers commit once off offences to look cool and later learn from their mistakes and go on to be useful to society. The other problem is that eventually you punish the wrong guy and there's no way to set him free again.
The other aim for imprisonment is to teach people a lesson so they can rejoin society and live happily with everyone else again. Countries such as the US and Australia (and many others) with long jail terms don't acheive this goal at all well. The revolving door prison system is well known - most offenders wind up committing more crimes and going back into the system. However, countries which use shorter jail terms tend to have much lower crime rates. Instead of being locked up for 20 years and becoming bitter against society, you spend one or two years in a correctional facility where you are taught skills to help you survive in the world, go through drug rehabilitation if needed and work with councellors to deal with a disturbed past that may be haunting you. After that you have a much better chance of coming back out into society and not only abiding by the law, but also contributing to the community. If you think the cost of this approach is just too great, think about the cost of keeping people in prison for those extra 18 years and you'll find it works out a lot cheaper. It is not a 100% effective measure, some people will recommit and you need to have ways to deal with that - either through different methods of punishment or by longer imprisonments. It does however give criminals a chance to learn from their errors and adopt new skills to remove the temptation to recommit. After all, isn't that what punishment is all about?
I'd love so see some of these bastards go down (Score:2)
I doubt this bill would give me that and I'm not willing to pay the price asked even if it would. Uncle Sam will make his own definition of "protected computer" and it aint me. Enforceability? What a joke. Why should I trade non existent protection for further erosion of the security of my property, papers and personal effects from unreasonable search and seizure?
Anger and vengence are poor advisors and they make bad laws. This set of laws are hyserical.
Re:Harboring the hackers (Score:2)
They harbor data, quite possibly for "crackers", along with other "questionable" sources (along with many legitamite ones too). If I were them, I'd be a little worried.
MadCow.
USA harbors terrorists! (Score:3, Funny)
Is everone infected with Code Red a terrorist?
Silly huh? Well, people thought it was silly to say that the attack would be used as an excuse to abridge our rights further.
Re:calm down (Score:2, Insightful)
Re:calm down (Score:2)
Party politics and blind partisanship is the root cause of an awful lot of bullshit in our government.
Lee
Re:Enough with the whining (Score:2)
Re:Enough with the whining (Score:2, Insightful)
Crime is crime, yes, but the punishment should fit the crime. Adding a few words to a web page as a publicity stunt should not be punished in the same manner as multiple homicide, or armed robbery, or collaborating on a terrorist attack.
I suppose you'd feel comfortable in a society where the judicial system lopped off criminal's bodyparts, as well? Or caned you silly? No thank you. As it is, I think prison should be for VIOLENT OFFENDERS ONLY. There are many ways to pass a sentence on non-violent offenders, without prison, and without impacting society in such a heavy-handed legal and financial way.
--ksw2
Re:Enough with the whining (Score:2)
While there are many things in life that I MUST do, obey the law is not one of them. I think you're a bit confused about the meaning of the word must. Eating is a must, breathing is a must, doing what the state tells me to is not.
Lee
Re:Enough with the whining (Score:2, Insightful)
Re:Well Gee (Score:2)
Re:Hmmmm... (Score:2)
Re:The answer is simple (Score:2)
Re:The answer is simple (Score:3, Insightful)
What you're saying is that smart people like him, who sometimes use a little poor judgment, should be given life sentences in prison? You're saying that was Randall did is on the same level as murder?
Re:oh jesus... (Score:2, Insightful)
It is the same problem people had with the outbreak of school violence. They immediately went to blame violent video games as the 'sole' cause. Also, take cell phones and automobile accidents for example. People blamed those, even though they are one of the smallest causes.
In essence, people look for the easiest thing to blame, which usually ends up being technology, since its 'new,' it must be the source of 'new' problems like terrorism, even though there is no true solution or source to blame for such occurances.
Re:discover a LAN, go to JAIL (Score:3, Informative)
I found this text (from 1030(a)(1), (a)(4), (a)(5)(A)):
(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
so, does this also mean that if I happen to ping some windows box and maybe it crashes when I ping it (that doesn't surprise me, does it surprise you?), and that windows box belongs to some whitehouse bigwig, am I now a terrorist?