Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
United Kingdom Crime Government Security The Courts

Life Sentences For Serious Cyberattacks Proposed In Britain 216

Bismillah (993337) writes 'The British government wants life in prison for hackers who cause disruption to computer networks, resulting in loss of life or threat to the country's national security. From the article: "The UK government will seek to amend the 1990 Computer Misuse Act "to ensure sentences for attacks on computer systems fully reflect the damage they cause. Currently, the law provides for a maximum sentence of ten years' imprisonment for those who commit the offence of impairing a computer. A new, aggravated offence of unauthorised access to a computer will be introduced into the Computer Misuse Act by the government, carrying far longer sentences."'
This discussion has been archived. No new comments can be posted.

Life Sentences For Serious Cyberattacks Proposed In Britain

Comments Filter:
  • by johnjaydk ( 584895 ) on Thursday June 05, 2014 @04:35AM (#47170265)

    Stupid gits.

    • by MRe_nl ( 306212 ) on Thursday June 05, 2014 @05:16AM (#47170383)

      No, the death sentence is reserved for politicians and prime ministers who go to war on false pretenses just to get re-elected, resulting in loss of life or threat to the country's national security. From the article: "The UK government will seek to ensure sentences for attacks on society fully reflect the damage they cause".

      • No, the death sentence is reserved for politicians and prime ministers who go to war on false pretenses just to get re-elected

        The strange thing is that this isn't even a very good strategy, at least not in the UK. Blair's administration only just retained power at the general election after going to war in Iraq, and even that was because of a combination of quirks in our electoral system. At the following election, it was closer to "Labour? Who are they?".

    • by infolation ( 840436 ) on Thursday June 05, 2014 @05:38AM (#47170431)
      Until 1998, we had the death penalty as a punishment for high treason against the crown, so under that law it would have been possible to punish a computer offence with death if the defendant had disrupted a computer network with the intention of committing treason.

      But not only was the death penalty for treason abolished [wikipedia.org]; we're prohibited from restoring the death penalty (for any offence) as long as we're signed up to the European Convention on Human Rights.
      • Well, considering the damage various wars have caused to the faith in crown and country, some politicians should be very GLAD there's no death penalty for high treason anymore.

      • Death is reserved for people who are unable to reform and function in society, who are unable to function within the prison system, and who are unable to be medicated into submission for their natural lives. Death is not a punishment, it is a method of protecting society from someone so utterly abhorrent that it is literally impossible to allow them to continue living.

        I don't know of anybody like that. I'm glad we don't have the death penalty.
        • Death is reserved for people who are unable to reform and function in society, who are unable to function within the prison system, and who are unable to be medicated into submission for their natural lives.

          Well, you just described your average politician so I'm not sure what your beef is.

        • And I would add, "who live in a society that is unable to contain them". I could see some banana republic dispatching criminals as it has no reasonable incarceration facilities, but the US doesn't qualify.
      • But not only was the death penalty for treason abolished; we're prohibited from restoring the death penalty (for any offence) as long as we're signed up to the European Convention on Human Rights.

        Damn those pesky human rights. Maybe we could make like the Americans and set up a torture camp on the Falklands so we don't have to obey our own laws.

    • by sa1lnr ( 669048 )

      "A hack that causes deaths, serious illness or injury"

      So what kind of punishment do you propose for such actions?

      • by vivian ( 156520 ) on Thursday June 05, 2014 @06:28AM (#47170599)

        I don't see why causing death by a hack should have any special treatment compared to causing death by an ice pick, a bullet, high voltage electricity, or any other exotic means.

        There should be no special legislation needed for this.

        • by jythie ( 914043 )
          It should not. However throwing it in there makes the law sound reasonable so they can extend the punishment for more abstract crimes like 'our contractor charged us X million dollars to clean up' and 'we lost customers due to our crappy security being exploited'.

          Throw a bit about death and injury in there, but it will probably get used for monetary losses.
        • by MrL0G1C ( 867445 )

          Precisely, and the national security aspect just sounds like a way of jailing any hacker they don't like (think Edward Snowden, Julian Assange) for a long time.

          We already have manslaughter and murder laws, I hate laws that double up on the same crime, they lead to abuse by the justice system.

          • Exactly, because "threat to the country's national security" is such a nebulous term that it could be applied in an awful lot of cases which are very inflated applications of it.

            Unless that is defined pretty rigidly, that gives them a tremendous latitude to apply it whenever they want to.

        • But but but but it was on a computer!

        • I don't see why causing death by a hack should have any special treatment compared to causing death by an ice pick, a bullet, high voltage electricity, or any other exotic means.

          There should be no special legislation needed for this.

          The problem was the legislation that was used to prosecute hacks didn't make this distinction. All they are proposing is to bring it in line with the other, existing, legislation.

        • Because "attack by something I don't understand" is much more scary than "attack with a physical weapon".
      • by geekoid ( 135745 )

        It would be cheaper to have some one constantly monitor them and not allow them to own their own computer, then putting them in prison.

        Reform is always better then punishment.

    • Typical posturing crap from politicians. No doubt teenagers will be sent to prison for life for discovering security vulnerabilities. Having said that the morons known as the general population put up with this shit so lets concentrate on saving the children from terrorists and pedos by turning off the internet. When they have safely grown up we can pay them benefits cheques instead of a job or put them in prison for the rest of their lives sewing mail bags. Lets get our priorities right eh.

      Civilisation is

    • Stupid svns

      FTFY.

    • I guess that law the brits have about causing the death of one of its own citizens can't be found? I'm not to understanding of english law, let me speak this out. "If a person stabs and hacks some slob in the middle of the street, that's murder. Ok, that makes sense. But if that same killer is the one that turns off that same poor slob's life support machine, there is an english question as the, 'cause of death' ?"

      I thought U.S. law enforcement were the lazyest on this planet, now the U.K. is trying to co
    • Because no member of the EU can punish someone by death.

      http://europa.eu/legislation_s... [europa.eu]

  • by ei4anb ( 625481 ) on Thursday June 05, 2014 @04:37AM (#47170271)
    The cyber laws in some countries seem to be inspired by fear of the unknown, reminds me of the Salem Witch Trials. The next test for guilt in "hackers" might be that they float

    http://listverse.com/2012/07/2... [listverse.com]

    • by Anonymous Coward on Thursday June 05, 2014 @05:28AM (#47170413)

      The next test for guilt in "hackers" might be that they float

      Real hackers only use int.

      • The next test for guilt in "hackers" might be that they float

        Real hackers only use int.

        Which is funny if you use a language where "real" means float (i.e. a real number, as opposed to rational or integer). At least Fortran does this, and I think we can all agree that Fortran is one of the few languages fit for a Real hacker.

    • Aapparently we are just over a decade behind the US where a hacker could "start a nuclear war by whistling into a pay phone".

    • The next test for guilt in "hackers" might be that they float

      - What makes you think she's a witch?
      - She turned me into a newt!
      - A newt?
      - I got better.
      - Burn her anyway!
      - Quiet! Quiet!
      - There are ways of telling whether she is a witch.
      - Are there? What are they? Tell us. - Do they hurt?
      - Tell me, what do you do with witches?
      - Burn them!
      - And what do you burn, apart from witches?
      - More witches! - Wood!
      - So why do witches burn?
      - 'Cause they're made of wood? - Good!
      - So, how do we tell if she is made of wood?
      - Build a bridge out of her.
      - Ah, but can you

    • So you mean, there really are no hackers?

    • by laejoh ( 648921 )
      Ah, duck typing!
    • I think it's more about corps not wanting to pay for security. If you just drop the hammer and drop it hard people get the message. Sure, they'll still be attacks (lots of desperate ppl in today's economy), but they'll be fewer. Mean time to failure is important. People are already forgetting about Target, but if those sorts of attacks were monthly companies would have to do something about them.

      Also, the nice thing about using brutal sentencing to slow the pace of attacks is the cost shifting. The Taxp
  • Life Sentences! (Score:4, Insightful)

    by Anonymous Coward on Thursday June 05, 2014 @04:40AM (#47170279)

    How about for corruption, embezzlement and all the other ways criminals and terrorists outright destroy the lives of citizens daily?

    • Re: (Score:3, Insightful)

      Add self-serving & corrupt bankers and lawyers to that lot and you get my vote

    • Re:Life Sentences! (Score:5, Insightful)

      by Opportunist ( 166417 ) on Thursday June 05, 2014 @05:49AM (#47170463)

      You got that wrong. We want to lock up those that could present a danger to the powers that are, not the ones that fund them.

    • You dont count, its only crimes against the State that attract special attention. Nothing like as bad as China but with stuff like this we are equally capable of creating bad law.

    • by alexo ( 9335 )

      How about for corruption, embezzlement and all the other ways criminals and terrorists outright destroy the lives of citizens daily?

      Won't work, because the criminals and terrorists will never agree to it.

    • >How about for corruption, embezzlement and all the other ways criminals and terrorists outright destroy the lives of citizens daily?

      Yeah, but the politicians themselves are often in on those sort of things, so ...

  • by zAPPzAPP ( 1207370 ) on Thursday June 05, 2014 @04:46AM (#47170301)

    The first part 'loss of life' should already be covered by simply applying murder and/or manslaughter charges. There is no reason to invent a new law for this, only because it's done with a computer.

    The second part 'threat to the country's national security' on the other hand is such a broad term, it is basicly a blank check where they can fill in any sentence for any crime as they wish.

    So I guess it's really about the second part, and the first part is only there to give it more weight: 'HACKERS MIGHT KILL YOU!'

    • by DrYak ( 748999 ) on Thursday June 05, 2014 @05:05AM (#47170359) Homepage

      The second part 'threat to the country's national security' on the other hand is such a broad term, it is basicly a blank check where they can fill in any sentence for any crime as they wish.

      Now combine this with the other announcement: "UK Seeks To Hold Terrorism Trial In Secret" so such "threat the national security" rule also means that the trial get to be secret.

      So I guess it's really about the second part, and the first part is only there to give it more weight: 'HACKERS MIGHT KILL YOU!'

      Yup. To me it sounds like "You do something we don't like with a computer? We get the right to disappear you! For Life! Cause, you see, it's a matter of national security. Thus the trial is secret, and the sentence is life"

      • Since embedded computers are so pervasive in domestic appliances, it seems as though some lateral thinking by the security services could result in all sorts of breaches of the law.

        EG:

        People have fridges with embedded computers, that can re-stock themselves with food by ordering online. Disrupting that computerised fridge could be seen as attempting to starve them to death with a computer:

        'cause deadly civil unrest through cutting off food distribution, telecommunications networks or energy supplies'

    • The first part 'loss of life' should already be covered by simply applying murder and/or manslaughter charges. There is no reason to invent a new law for this, only because it's done with a computer.

      A cynical guess as to why they might want a separate law is because the prosecutor doesn't want to have to actually prove murder and/or manslaughter according to conventional standards of evidence.

    • HACKERS MIGHT KILL YOU

      http://intrawebnet.com/wp-cont... [intrawebnet.com] ;)

    • The first part 'loss of life' should already be covered by simply applying murder and/or manslaughter charges. There is no reason to invent a new law for this, only because it's done with a computer.

      That's the problem. In UK law, it is murder if you intended to kill or cause serious injury to someone, and someone dies as a result (may be another person). If some bloody idiot hacks into a hospital's computer system "for the lulu" (Safari replaces a z with an u, and I find it actually more appropriate that way), and as a result people die without any intent to cause death, then apparently this isn't murder currently.

      • What if someone cuts the water or power to the hospitol and mixes suger in the gas of the generator? There is no reason this should specifically include computers and not other attacks.
        • What if someone cuts the water or power to the hospitol and mixes suger in the gas of the generator? There is no reason this should specifically include computers and not other attacks.

          The difference between this and computer hacking is that you have to be physically present. You see a hospital. Your mind realises there is a hospital with people. The hacker doesn't see a hospital, he sees a keyboard and a screen. For some low lives there is no connection between their actions and real people. It's like a violent computer game.

      • The first part 'loss of life' should already be covered by simply applying murder and/or manslaughter charges. There is no reason to invent a new law for this, only because it's done with a computer.

        That's the problem. In UK law, it is murder if you intended to kill or cause serious injury to someone, and someone dies as a result (may be another person). If some bloody idiot hacks into a hospital's computer system "for the lulu" (Safari replaces a z with an u, and I find it actually more appropriate that way), and as a result people die without any intent to cause death, then apparently this isn't murder currently.

        In the UK, I'm, fairly sure this would currently be classed as Involuntary manslaughter: http://en.wikipedia.org/wiki/M... [wikipedia.org] & http://en.wikipedia.org/wiki/I... [wikipedia.org]

        What if someone cuts the water or power to the hospitol and mixes suger in the gas of the generator? There is no reason this should specifically include computers and not other attacks.

        As would this

    • Inddeed. "Threat to the national security" was recently used to quash an investigation into corruption and bribery involved in a deal with Saudi Arabia. Important to have the Saudi royal family on your side, apparently. More important than the law or justice; so the "National Security" card was played and everything got dropped.

      This move is about stopping people like Edward Snowden. It what we've come to expect from the Britsh State.

      Meanwhile, the government gets up to whatever the hell it likes under the u

  • Don't worry (Score:2, Funny)

    by Anonymous Coward

    This will never be abused to give people disproportionate sentences by stretching the definition of what a "threat to the country's national security" is.

  • Loss of life (Score:5, Insightful)

    by penix1 ( 722987 ) on Thursday June 05, 2014 @04:51AM (#47170323) Homepage

    I can see stiffer sentences if the hacking leads to loss of life DIRECTLY. For example, hacking into a hospital system and bringing down critical life saving systems.

    But to me, and I don't know how the UK manslaughter laws are rigged, it would be more helpful to update those laws instead of this one.

    Having said that, national security combined with unauthorized computer access can and will be used against whistleblowers of government abuse. Watch for that to happen.

    • I can see stiffer sentences if the hacking leads to loss of life DIRECTLY. For example, hacking into a hospital system and bringing down critical life saving systems.

      But to me, and I don't know how the UK manslaughter laws are rigged, it would be more helpful to update those laws instead of this one.

      Having said that, national security combined with unauthorized computer access can and will be used against whistleblowers of government abuse. Watch for that to happen.

      I'm generally in favour of people not getting any discounts on sentences for 'cyber attacks'. This is partly because I remember a time long ago when certain egotistical morons saw creating malware and letting it loose on the public as a good career move, a short cut to a well paying job. However, even those people don't deserve a life sentence and whoever thought of that idea should look up the word 'draconian' in a dictionary. If a cyber attack kills somebody use the manslaughter laws, if they cause massiv

      • Re: (Score:3, Interesting)

        by L4t3r4lu5 ( 1216702 )

        If a cyber attack kills somebody use the manslaughter laws

        Exactly.>/i>

        We already have laws covering both unauthorised access to a computer, and covering loss of life (whether negligent, unintentional, or premeditated). You don't need a new law to cover them both!

        Hacker causes life support machines to fail by setting off the sprinkler system, causing electrical faults? Computer Misuse Act (10 years) + Manslaughter (Unintended consequence, maximum life) = sentence
        Hacker causes industrial machinery of previous employer to fail catastrophically intentional

  • by metrix007 ( 200091 ) on Thursday June 05, 2014 @04:59AM (#47170339)

    ...is in a position to criticism the US. I lived in Scotland for years, so I'm fairly familiar with the UK, and from Oz originally.

    The US is losing it's way, but not as badly as the UK. Crazy amounts of surveillance, very poor rights for photographers and journalists, ridiculous laws such as going to jail if you forget an encryption key...

    Not to mention this nonsense. Prison is not meant to be primarily a deterrent, but a way to rehabilitate if possible. Because, you know, the punishment should fit the crime.

    Something all western countries seem to have forgotten...

    • I'm not disagreeing with any of your observations, but I do think "people who live in glass houses" isn't much of an argument, even in the best of cases.
      The way I look at it is all today's governments are abominations, so they all need criticizing. And today happens to be the UK's turn.

    • by Viol8 ( 599362 )

      "Prison is not meant to be primarily a deterrent, but a way to rehabilitate if possible"

      Err , sorry , excuse me? A primary deterrent is exactly what it is and a way to keep criminals out of main society. Rehabilitation comes later if it even works which with a lot of psychopaths and sex offenders it doesn't.

      • by geekoid ( 135745 )

        No, it is not a deterrent. Nor should it be a punishment. It should be focused on rehabilitation.
        It is much cheaper and far more effective, and far better for society.

        A TINY amount of people can't be rehabilitated, but they can be medicated.

    • by Xest ( 935314 )

      "very poor rights for photographers"

      Like what? If you mean you can't go and break into someone's garden and take pictures of them naked through their bedroom window to sell to the tabloid press, then yes, we're absolutely awful in this respect. What a shame.

      Other than that apart from some police officers who got it wrong in terms of letting people take pictures where they actually could I don't really see what the deal is. I've been able to take pictures just fine in everything from military bases, to the L

    • The UK has always had a headstart on corporate-driven fascism, way back to the Empire, but Americans are proving adept at catch-up. See, this kind of sentencing makes perfect sense as soon as you adopt the position that only corporate interests matter.

    • The public has turned into a big sissy, frightened by the slightest perceived threat. And we have no common sense or agreement on what should be considered wrong or illegal. I would rather throw the people that advertise phony medications on the net under the bus than some guy who hacks into a banks computer and tells the world about who has the money in the community.
    • This is why no Briton is in a position to criticism [sic] the US.

      Britons are not party to the nefarious shenannigans of the British state (by and large). Britons who oppose such things should be free to criticise them wherever they happen. As should everyone.

  • Shouldn't maintainers of compromised systems be held liable for skimping on security?

    • by gsslay ( 807818 )

      That's right. Blaming the victim has always been a popular tactic amongst the criminal classes.

      • So you leave your doors unlocked and open when you go out do you?

        I assume nobody in your neighbourhood would even consider walking in and stealing all your shiny things...

        • by gsslay ( 807818 )

          Bad anology.

          If I was foolish enough to leave my door open then I'd get stuff stolen. That would be bad enough. I wouldn't also expect the authorities to come around and hold me liable for having my stuff stolen.

      • That's right. Blaming the victim has always been a popular tactic amongst the criminal classes.

        If you're using an insecure system which you know is an insecure system ... are you still a victim?

        Say you know you're running a system which hasn't been patched for the Heartbleed bug, and you know about the issue (because, you pretty much couldn't know).

        If you get hacked, you're not a victim, you're an idiot.

        • by gsslay ( 807818 )

          ... are you still a victim?

          Yes. Unless you are suggesting that being foolish/ignorant/unaware makes it ok to commit crime against.

          • Unless you are suggesting that being foolish/ignorant/unaware makes it ok to commit crime against.

            No, I'm saying your being foolish/ignorant/unaware in this case means you have only yourself to blame.

            The reality is, computer attacks are automated, widespread, and more or less inevitable.

            The crime is going to happen anyway. But if you don't take your own reasonable steps to ensure it doesn't happen to you then don't be surprised when it happens.

            I'm not saying this is true for all crimes -- but at a certain

  • you know the ones that caused the crash through corruption and fraud...

    Exactly why do the hackers go to jail for making machines write "poop" on the home screen but bankers can cause literal trillions to evaporate and we just shrug?

    Just curious...

  • Obviously, GCHQ has done the most damage to "computer infrastructure" since the Morris worm, and funneled data about British citizens out of the country, into the hands of possible malign foreign actors.

    The whole GCHQ should be arrested for treason.

  • A life sentence does not equate to life in prison. They are almost always eligible for parole after 15 years.

  • .. not what we do. What is doing the GCHQ would be worth to be in jail till the sun turns into nova.

    Even peaceful use of technology could be seen as an hostile act by the authorities that actually use it as a weapon.

  • While I agree with longer sentences for repeat offenders, I can't really condone LIFE sentences for hacking/cracking.

    You have people out there knifing, stabbing, shooting and strangling people when they're not just straight out beating them to death or killing them with a car.

    You have people committing all sorts of frauds that cost people their life savings and endanger their health and well-being.

    All of these people get slaps on the wrist. But a hacker/cracker should get life?

    Uh. WHAT?

    Basically this is y

  • by TractorBarry ( 788340 ) on Thursday June 05, 2014 @07:04AM (#47170711) Homepage

    The phrase "life imprisonment" means nothing in the UK. Recently a man absconded from a prison who was said to be serving 3 life sentences. From reading the newspaper article reporting the case it transpired that his tariff was actually 13 years (sorry can't remember which paper or exact details).

    So when being used by the UK justice system the term "life" would seem to refer to about an average dogs life. It's totally meaningless and quite frankly an insult to your intelligence.

    This being the case "life" for computer related offences will probably mean you serve about 1/2 hour in an open prison - unless you take some money off someone powerful in which case you'll probably get a "life" sentence of about 10 years.

    This doesn't take away fropm the fact that this is anoter pathetic, ill thought out, idea for legislation dreamt up by one of the useless cretins currently in parliament.

    The UK justice system is a sad joke whose only purpose is to protect the rich and powerful (same as the world over really)

  • Those with the fat purses,
    who own the computers,
    do not wish to spend the $ to secure said computers.

    Misuse is a pretty vague term
    Hacking
    impairing
    Attacking
    Are not far behind.

  • ...label pretty much any hacking as "life-threatening or endangering the nation's security". I mean, we've seen this before, in how people who pirate TV shows and software are by American organizations pretty much labelled "terrorists".
  • by Martin S. ( 98249 ) on Thursday June 05, 2014 @07:42AM (#47170935) Journal

    The linked story is Sensationist Bullshit, there is no such measure announced in the Queens speech, (Queens-Speech-2014-The-full-transcript) [telegraph.co.uk]

    The planned "Serious Crime Bill" [www.gov.uk] will ensure sentences for attacks on computer systems fully reflect the damage they cause.

    Given the current Computer Misuse act is absolutely useless [lawteacher.net] this is a good move.

  • the whole "cyberattack" thing is grossly overblown and is primarily a) outrage of US/UK against those doing the same to it as it does to them and b) a mega growth industry to complement or be absorbed by the current military industrial complex.

  • Computer related crimes are already too inflated already, and there are means for which most any serious intrusion could be met with stacked charges. There are probably one or two cases a decade where this might be needed, but I suspect it will be abused far more often than that, especially since 'national security' is involved.
  • How long do you think it will take for them to apply this to some high-school senior that hacks his grades or something? A month?

  • life sentences for people who say cyber [wikipedia.org] when they mean "IT related".
  • ...the penalties are worse for asaulting a computer than they are for asaulting a person!

    • by Morpeth ( 577066 )

      I was thinking the same thing -- never known anyone getting life for aggravated assault, even for attempted murder. Seems like a terribly written law that could be very easily be broadly applied and abused by UK authorities.

  • The real bad guys are simply undeterred by this, and botnets continue to expand.

    Also... this seems wrong... it's like elevating a petty theft to a felony, because of some technicality, the thief wouldn't even have known about.

    The real severe sentence should be on the folks who negligently designed computer networks that were susceptible to easy attack, And/OR the folks who broke policies and allowed them to come under attack.

    For example: If you plug your waterworks into the internet, and some hac

    • You don't get a pass for sticking a spear in someone's chest, just because they exposed their belly.
      • by mysidia ( 191772 )

        You don't get a pass for sticking a spear in someone's chest, just because they exposed their belly.

        It's an irrelevent analogy. A computer system is not someone's belly.

        A more apt analogy is: Some shortsighted folks decided to setup a little tent somewhere in the middle of the interstate, and lie down to take a nap: and they are proposing to execute anyone running over these folks while they were asleep in their tent.

  • .... they have a point. The interdependence of and increasingly wide spread use of computer controlled systems means that it's not a matter of if but when some malicious hacker is going to commit an act which brings widespread devastation, financial damage, perhaps even death. It's no longer just phreaking with the blue boxes any more kiddies. That's why I want to seriously know how Google is going to guard it's self driving cars against deliberate acts of malice. And I'm hoping that the U.S. militar
  • Anyone from the UK care to comment. Because I never thought of the UK as being draconian in their sentencing (if anything, a little light on some crimes).

    What's the sentencing range for serious crimes like rape, aggravated assault, attempted murder, or causing serious bodily harm, etc? I mean do people get life for causing serious injury in the UK? I doubt it, so why does a football hooligan not get life for beating someone severely, but equivalently hurting someone with a computer merits life? Sounds like

  • 10 years and no computer access should be sufficient, they would be mostly harmless by then with technology advancing

    But other crimes for injury and death could be added on instead of just a blank life sentence.

"The great question... which I have not been able to answer... is, `What does woman want?'" -- Sigmund Freud

Working...