back to article Computer misuse: Brits could face LIFE IN PRISON for serious hacking offences

British computer hackers who severely damage the national security of any country could face life in prison under a new criminal offence proposed in the Serious Crime Bill, however the plan has been attacked for lacking legal certainty by MPs and peers. The Joint Committee on Human Rights raised the alarm last Friday, after …

Page:

  1. Pete 2

    Mightier than the sword

    If "hacking" really is a greater threat to our national safety, then should it not be an equally serious offence to allow, suffer or permit such security holes to exist?

    Using this proposed law as a basis, why don't we disband the british armed services and merely make it a crime for foreigners to invade the UK. That should be enough to stop 'em!

    1. Anonymous Coward
      Anonymous Coward

      Re: Mightier than the sword

      "why don't we disband the british armed services and merely make it a crime for foreigners to invade the UK"

      That's already been done, under the guise of various successive "strategic defence reviews" that have left us with no credible land, air, or sea capabilities. And whilst it is easy to argue that projecting force overseas has rarely ended well, we're now at a position where our armed services couldn't defend the UK, and we rely on the assertion that nobody (other than migrants in Calais) wishes to invade us.

      1. kellerr13

        Re: Mightier than the sword

        The Crown is part of the New World Order, and their goal is to destroy the old, so they can offer the solution of the New World Order.

        One government

        One currency

        Under the control of a few.

        A lot of people will respond on them with violence. The powers that be must have a plan to deal with that.

    2. ecofeco Silver badge

      Re: Mightier than the sword

      Exactly Pete 2. Privatize the profits, socialize the losses.

      Same old story.

      1. Ted Treen
        Big Brother

        Re: Mightier than the sword

        And "...the plan has been attacked for lacking legal certainty..." really means "The bill has been deliberately left vague so it means whatever we want it to mean when we come to use it".

        Plus ça change...

    3. Mark 65

      Re: Mightier than the sword

      I think it is a very sad day when a malicious computer attack (and we all know this law will be abused to its fullest extent) resorts in a more severe punishment than GBH, aggravated assault, armed robbery, rape, and potentially even murder. Certainly leaves me feeling a lot safer knowing thugs, rapists and (potentially) murderers are set free before all those nasty hackers. I guess as far as politicians are concerned hackers can destroy potential directorships whereas murderers just thin the herd.

  2. frank ly

    If I 'hack' North Korea's military system ....

    ... and the North Korean government detects me and provides proof to the UK police, will I go to prison in the UK? Or, will the UK extradite me to North Korea?

    1. YetAnotherLocksmith

      Re: If I 'hack' North Korea's military system ....

      Don't be daft, we don't send our citizens off to face kangaroo courts in foreign places that put innocent people to death for trivial offences.

      Well, as long as they can convince a court they are autistic, anyway.

  3. Stuart 22

    Am I a criminal?

    If I hacked the website of a certain North Korean leader to give him a different haircut?

    1. Anonymous Coward
      Anonymous Coward

      Re: Am I a criminal?

      On the contrary. I think you should be a Nobel nominee.

      1. breakfast

        Re: Am I a criminal?

        "And this year's Nobel prize for hairdressing goes to..."

    2. JLV

      Re: Am I a criminal?

      No, you'd be doing him a favor.

      1. Matt 21

        Re: Am I a criminal?

        While a silly example it does lead me to think about what hacking is.

        Imagine I go to my local electricity supplier's shop and distractedly try and enter by the wrong door, which causes the local grid to go off line. It would be the electricity supplier who was in trouble, not me and rightly so as they shouldn't be stupid enough to make simply trying the wrong door take the grid off line.

        So why should typing a wrong URL be a crime just because of the consequences?

        If I ssh to the wrong IP address and login with a default password, why should that be a crime? It's rare but possible I didn't notice I was on the wrong server.

        Anyway, you see the sort of thing I mean. It seems to me that at the very least there needs to be proof that there was a deliberate attempt to cause serious damage and that a reasonable attempt had been made to mitigate the risk (no default passwords for example).

        In the 1970s my mum, sorry my friend's mum, walked into a car park, opened a blue ford Cortina and started to drive away before she realised it was the wrong one. Not really her fault Ford key security wasn't up to much and while begin a dozy moo is not to be encouraged, I don't think life in prison is an appropriate response....... well perhaps...... no, I'll stand by my first response.

        As for overseas "attacks". Why would anyone allow overseas access to their sensitive infrastructure? You'd have to be exceptionally stupid to do that at a time we're all being told there are evil terrorists queuing up to attack us.

  4. Anonymous Coward
    Anonymous Coward

    computer hackers who damage the national security of any country*

    *unless it happens to be a country on the (current) shit list,

    1. Anonymous Coward
      Anonymous Coward

      Re: computer hackers who damage the national security of any country*

      Or a member of GCHQ doing it...

      1. YetAnotherLocksmith

        Re: computer hackers who damage the national security of any country*

        Or a member of the FBI/government/whoever directing you under threat of a serious sentence.

        Oh, wait.

        1. amanfromMars 1 Silver badge

          Re: computer hackers who damage the national security of any country*

          Ye olde Sabu stinger play, YetAnotherLocksmith.

          Some would call that entrapment ..... and akin to a cheap cheat/subprime ploy.

  5. localzuk

    Needed

    I do think we do need reform with our computer crime laws. The current 5 year maximum is far too low considering the damage that can be caused by "hacking".

    Just need to make sure they get the details right!

    1. N2 Silver badge

      Re: Needed

      I do think we do need reform with our computer crime laws.

      I think we need to reform all our serious criminal laws, whilst the hacker gets 'life', the murderers & so on get a relatively short term.

      1. LucreLout Silver badge

        Re: Needed

        "I think we need to reform all our serious criminal laws, whilst the hacker gets 'life', the murderers & so on get a relatively short term."

        Exactly. I'd rather a hacker damage my PC than break my bones, but under these proposals, he won't be jailed for the latter but may be jailed for life for the former. It's disgusting.

        The last thing this country needs is more laws. We need a much smaller, simplified legal framework, with proper deterrant level jail time for any offence of violence or dishonesty. Not much work in that for lawyers and lefty outreach workers though.

    2. Suricou Raven

      Re: Needed

      Yet most cases of hacking cause minimal damage, at least until the adjusters get involved.

      Perhaps it would be a better idea to tie the sentencing to the damage the attacker either intended to cause, or could reasonably have believed his actions may cause? And not include the cost to the victim of securing their systems like they should have done in the first place.

      1. localzuk

        Re: Needed

        You all seem to be underestimating the damage done to economies by computer crime. Govt figures put the cost to the UK economy at £27bn per year. That's a huge amount of money being lost through crime. That's peoples jobs and livelihoods. That's people's pensions and savings. Are those things only worth a metaphorical slap on the wrist?

        1. heyrick Silver badge

          Re: Needed

          "Govt figures put the cost to the UK economy at £27bn per year." - and proof of that is where? Remember the "cost" supposedly incurred by the actions of the Scottish bloke (whose name I don't remember).

          "That's people's pensions and savings." - the current government is wanting to remove the Winter Fuel Allowance from pensioners living overseas (and some places are colder) saving something in the region of 5m. How much was pissed away on the latest failed IT contract?

          "Are those things only worth a metaphorical slap on the wrist?" - when I could find one of these hard done by pensioners and bludgeon them to death with a frozen salmon, and only get a few years with a possibility of early release if I'm "good", then the logical answer can only be Yes.

          1. localzuk

            Re: Needed

            So you're arguing that our punishments should all be weak because some others are already weak? Surely the answer is to tighten up the weak sentences rather than stick with poor sentencing across the board?

            Here's the report on that number too - https://www.gov.uk/government/publications/the-cost-of-cyber-crime-joint-government-and-industry-report

            1. Paul Crawford Silver badge

              Re: Needed

              Perhaps if some of the punishment was also metered out to those ultimately in charge [1] of the systems being hacked and defrauded when they have not done a good job of securing them, things might change.

              [1] I.e. at the CEO/CFO level, not BOFH. Those who decide how much to spend on security and if changes that make things better are to be vetoed for business reasons.

            2. LucreLout Silver badge

              Re: Needed

              So you're arguing that our punishments should all be weak because some others are already weak?

              Nobody is arguing that.

              Surely the answer is to tighten up the weak sentences rather than stick with poor sentencing across the board?

              The answer is, as always, to prioritise. If securing your computer isn't a priority for you, then why should jail time for your hacker be a priority for society? The time debating this would have been better spent revisiting sentencing for theft and violence such that every instance of GBH and every house broken into results in jail time.

              1. localzuk

                Re: Needed

                @LucreLout - that's victim blaming at its finest. "Why didn't they secure their computers better?!" "Why didn't they have tougher locks on their doors?" "Why was she wearing a short skirt in public?"

                Companies shouldn't have to spend millions of quid on making their systems operate like Fort Knox. The idiots hacking their stuff are the ones who need eliminating.

                @Sir Runcible Spoon - Wait, so you're blaming me for not reading back to the original report, and looking at the article instead?

                1. Sir Runcible Spoon Silver badge

                  Re: Needed

                  @localzuk, you argument appeared to be in favour of this law due to the economic impact that 'hackers' have on this country's finances, yet the bill refers to damage to national security, not the economics of IP theft.

                2. LucreLout Silver badge

                  Re: Needed

                  Companies shouldn't have to spend millions of quid on making their systems operate like Fort Knox. The idiots hacking their stuff are the ones who need eliminating.

                  Oh dear. I think maybe it's best if you take your computer back to PC world: this is not the industry for you.

                  Passing a law in the UK does absolutely nothing to the security requirements of a business, which the minute it is connected to the internet, is within global reach.

                  Taking sensible, and as it happens necessary, precautions isn't victim blaming, it's common sense. In theory you should be able to get barking at the moon drunk, wander through dark alleys in a square yard of cloth, and expect to remain unmolested. In theory you should be able to leave your house unlocked. In reality, you can't.

                  1. localzuk

                    Re: Needed

                    That is the very definition of victim blaming. You're saying that someone who doesn't dress conservatively is basically to blame for being raped. The company that doesn't invest millions in their security systems is asking to be attacked. Your exact words: "If securing your computer isn't a priority for you, then why should jail time for your hacker be a priority for society?"

                    So if a company doesn't secure its network, a hacker shouldn't be prosecuted. That is shifting the blame for a crime onto the company and off the hacker. You are specifically saying that the crime is only a crime if the victim tried to do something to prevent it!

                    As you say, in an ideal world, we wouldn't need to do things to protect ourselves - I don't deny that or the reality of the world we live in, but making the punishment for a crime dependant on the victim having done something to prevent it is simply not the same thing.

                    1. LucreLout Silver badge
                      Mushroom

                      Re: Needed

                      That is the very definition of victim blaming. You're saying that someone who doesn't dress conservatively is basically to blame for being raped.

                      No I'm not, so you can stop assembling that strawman you'd like to build.

                      The company that doesn't invest millions in their security systems is asking to be attacked

                      It doesn't take millions to be reasonably secure. My home PC is reasonably secure. Took me less than 20 mins to achieve. Thanks to estate management software, the same can be done in a corporate environment. Top of the line security may cost millions, but most places neither need it or are willing to pay for it. Companies that don't take sufficient steps to be secure WILL be hacked. They just will. If you can't accept that or understand the reasoning behind it, then you don't belong around computers.

                      So if a company doesn't secure its network, a hacker shouldn't be prosecuted.

                      Nobody said that. Nobody at all.

                      You are specifically saying that the crime is only a crime if the victim tried to do something to prevent it

                      Nobody said that either.

                      making the punishment for a crime dependant on the victim having done something to prevent it is simply not the same thing.

                      And nobody suggested that either.

                      Your lack of ability to read and comprehend what is being written, and your shocking inability to think critically would strongly imply that my earlier hypothesis is correct: you don't belong around computers. Sorry that isn't what you'd like to hear, but it is what it is.

                      Crimes of violence and dishonesty are worse for individuals and worse for society as a whole, than hacking. They must always attract stronger punishments. If there's no space in jail for wannabe gangsters committing GBH, then there's no space for a hacker - whether they're intellectually curious, or simply mailicious.

                3. Vic

                  Re: Needed

                  Companies shouldn't have to spend millions of quid on making their systems operate like Fort Knox.

                  They don't. They just need to ensure that the lock on the front door is made out of something more substantial than camembert. And that there is a front door.

                  If you tried to get the cops to investigate a "burglary", when you'd actually left the premises with all the windows wide open and the keys on a hook on the outside wall, they'd just laugh at you, and your insurance company would as well. But when such idiocy is committed in the digital domain, it is considered appropriate, and we end up with crazy estimates for how "damaging" a given intrusion is. There ought to be parity...

                  Vic.

                  1. fajensen Silver badge

                    Re: Needed

                    I think British law makes a distinction between "Incompetent" and "Negligent". The first one is not good, the second one will land you in jail or at the sharp end of legal action. One cannot claim incompetence if one is a licensed structural engineer, a surgeon or an avionics technician.

                    A lot of management within IT (and in general) go all in for "Incompetent" and are getting away with it under the cloak of total, blubbering, idiocy - while they are nevertheless paid millions. for ....??? incompetent people are not exactly a rare commodity - what happened to The Market here?!

                    Perhaps is is time that there should be a push-back from an "IT Incident Commission" similar to what we have in the usual High-Risk industries, like Air and Rail transport? Start to professionalise the business a bit.

            3. Sir Runcible Spoon Silver badge
              FAIL

              @localzuk

              From the article:

              "British computer hackers who severely damage the national security of any country could face life in prison under a new criminal offence proposed in the Serious Crime Bill"

              From the report:

              "In our study, we have focused on less-understood cyber crimes, including:

              –identity theft and online scams affecting UK citizens;

              –IP theft, industrial espionage and extortion targeted at UK businesses; and

              –fiscal fraud committed against the Government"

              So tell me again why you are throwing tomatoes at an apple-bobbing contest?

            4. fajensen Silver badge

              Re: Needed

              Perhaps, the even simpler answer is to tighten up weak security practices and make management financially responsible?

      2. Vic

        Re: Needed

        And not include the cost to the victim of securing their systems like they should have done in the first place.

        And there's the rub: so many of these incidents use the entire clean-up cost to over-state the "damage" that has occurred, when the bulk of that clean-up is in implementing the security they should have had all along. Actual damages are so trivial you wouldn't even bother filing charges, but then some high-level manager or similar would end up looking stupid - so the costs are inflated to save face. It helps that that facilitates extradition, to boot...

        If the courts were to get wise to this, I guarantee substantially all "hacking" cases would become frivolous.

        Vic.

    3. Anonymous Coward
      Anonymous Coward

      Re: Needed

      'I do think we do need reform with our computer crime laws. The current 5 year maximum is far too low considering the damage that can be caused by "hacking".'

      The problem is that the hacking element attracts the larger sentance rather than the outcome or objective. If you interfere with a system with a reasonable expectation that significant damage or risk of injury etc will occur then their should be a significant penalty associated with that. If you do something where reasonably no signifcant negative consequences can occur it should not be a serious offence. If you hack a government web site to put up a political message embarassing to that government I do not think that is a serious offence.

      Crimes commited via a computer should be punished in line with similar crimes committed with using a computer. At the moment the use of a computrer seems to escalate the seriousness of an offence but I can't understand the logic behind this.

      It does make sense that misuse of a computer is an offence in its own right without having to show malicous intent as a deterrant and to make clear it shoudl not be done but that alone should not be a very serious offence.

  6. Anonymous Coward
    Anonymous Coward

    Who?

    On reading this article, I asked myself the not unreasonable question : "Who the bejesus is Baroness Williams of Trafford'? Naturally, I thought, as one of our top legislators professing on this subject, that she'd be an technology expert. Nothing too heavy, but perhaps a technical or scientific academic background, a career in the civil service in a technical capacity, or even some industrial experience, IBM lifer or something.

    I was to be disapointed.

    Susan has a degree in 'Nutrition' (could be that she spent her undergraduate days just eating) from the University of Huddersfield. She's then had a career as a local councilor, and a few failed attempts to get elected as an MP. The people spoke on each occasion, and decided to pass. She then got herself ennobled.

    One of the few reasons for having an appointed second chamber is so that 'experts' in a given field can be inserted into the legislature, so we don't have to rely on career politicos. Can they not appoint a few techies? Other than Martha of course....

    1. LucreLout Silver badge

      Re: Who?

      "Other than Martha of course...."

      At least Baroness MiLF of SoHo made a success of herself before being ennobled, rather than simply failing repeatedly while hiding from the real world in a nice safe council job.

    2. Anonymous Coward
      Anonymous Coward

      Re: Who?

      > University of Huddersfield

      When I were a lad it was the Huddersfield Polytechnic, or the "Poly" t' locals.

    3. veti Silver badge
      Holmes

      Re: Who?

      Good investigative work there.

      So... we have a nobody, with no relevant background, no relevant training or qualifications, no reputation, and most importantly of all, no political capital of any kind floating this proposal. Where are the actual politicians, you know, people who have to worry about votes, willing to put their names behind it?

      Makes it look very much like a trial balloon, intended to be shot down so that the next marginally-less-outrageous proposal will get an easier ride.

  7. Perpetual Cyclist

    Will this life sentence also apply to every minion in MI6 and GCHQ who regularly hack into every system they can? One law...

  8. amanfromMars 1 Silver badge

    <s>Penetration</s> Testing the System .... Out of this World Style

    The new offence provided for in Clause 40 [PDF: "Unauthorised acts causing, or creating risk of, serious damage", page 30] acknowledges this reality and captures the serious damage that cybercriminals can cause in any country.

    Hmmmm? That is akin to the tilting at windmills in this new age of SMARTR IntelAIgent Server Sharing of Novel Information and Virtual Reality. Talk about flogging a dead horse in an attempt to maintain power and retain control of crazy dream scenario. Is it so hard to learn that things have changed already ……?

    Wholesale radical change is in the making and for the taking and on its merry way ..... but don't for one minute make an easy mistake and expect it to be in any way a normal and/or traditional type of competition and opposition, or expect past failed and failing masters of the Great Games that can be played, be continuing leading lights and commanding controllers of the Future Virtual Terrain Field of Universal Power and Earthly Current with ITs Fiat Currency Control Leverage, for they may not possess the necessary cyber wisdom and free internetworking savvy.

    amanfromMars in reply to Fritz Schiller Oct 22nd 05:34 [1410220534] on http://www.economist.com/news/europe/21625795-populist-parties-are-narrowing-governments-options-europe-squeezed-middle

    Guten Morgen, Fritz,

    Fritz Schiller in reply to PIIGS can´t fly Oct 21st, 15:47 said …

    The funny thing is that the banksters have teamed up with Sparta and surely they hate the common people waking up.

    When Sparta and smarter spooky virtual special forces wake up to the fact that they command and control communications and are keepers of the intelligence that servers and protects the banksters and are complicit in aiding their inept politically incorrect supporters, is the Great Game immediately fundamentally changed with future direction and events for action and reaction to, in the hands, hearts and minds of significant irregular and unconventional others who would be practically anonymous and relatively autonomous.

    And methinks common people waking up is much more something that oppressive banksters and their supporters need rightly fear.

    22 October 2014 05:58

    1. Anonymous Coward
      Anonymous Coward

      Re: <s>Penetration</s> Testing the System .... Out of this World Style

      Why do El Reg continue to allow the deluded ramblings of this tweaker on these forums?

      1. gazthejourno (Written by Reg staff)

        Re: Re: Penetration Testing the System .... Out of this World Style

        amanfrommars' posts are perfectly logical and reasonable.

        1. LucreLout Silver badge

          Re: Penetration Testing the System .... Out of this World Style

          Really? I'd always assumed he was an experimental El Reg AI being tested for inclusion in PARIS/LOHAN #13.

      2. Sir Runcible Spoon Silver badge
        Trollface

        Re: <s>Penetration</s> Testing the System .... Out of this World Style

        "Why do El Reg continue to allow the deluded ramblings of this tweaker on these forums?"

        Just because you don't understand his posts doesn't mean they don't make sense. Not only have you failed to parse his language of choice, but you have failed Boolean algebra too.

      3. veti Silver badge

        Re: <s>Penetration</s> Testing the System .... Out of this World Style

        Let's face it - if "deluded ramblings" were considered off-topic, this would be a very quiet website.

    2. Anonymous Coward
      Holmes

      Re: <s>Penetration</s> Testing the System .... Out of this World Style

      Put baldly, we who are technologically gifted or skilled can, with the mere addition of a cheap bit of hardware, are a threat to those with any form of power (economic, force, ...). Much as not all that long ago with firearms or earlier with the bow or crossbow, we can reach out and touch someone except now that can be half-way around the globe. This law is just another example of how *they* are reacting to such a threat to their power. Expect far worse. The frog has to be conditioned by increments to allow the process to continue. 'Twouldn't do to have it hop out prematurely.

      1. ecofeco Silver badge

        Re: <s>Penetration</s> Testing the System .... Out of this World Style

        Exactly Jack. Exactly.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020