Attack on critical infrastructure
What the fuck is PRISM then? Ludo?
The European Parliament has agreed to toughen criminal penalties across the EU for cyber attacks, especially any that threaten national infrastructure or are deemed to be aimed at stealing sensitive data. The new directive forces the 28 member states to impose national maximum sentences of at least two years in prison for …
What the fuck is PRISM then? Ludo?
So far, EU cyber law enforcement includes trying to lock someone up for a joke on twitter, trying to extradite Aspergers sufferers to corrupt regimes who exercise capital punishment, trying to jail 9 year-old girls for downloading pop music, and jailing those who provide a search engine capable of throwing up allegedly copyrighted material which technically is no worse than google.
I guess if the MBTA subway hack happened here with these new laws, they'd also get the book thrown at them. National transport infrastructure - check. cyber attack - check. Automatic minimum 5 year jail-time - check. Never mind that the guys responsible were security researchers showing flaws in security for the public interest...
How about they first prove they can apply the law properly - maybe then we can trust them with stronger deterrents. Until then, this move is idiotic, and bordering on dangerous.
It's a good idea - as long as it apples to everyone.
Would be interesting to watch German police marching into Westminister to arrest Hague because GCHQ stored data on Germans.
While I agree that the cases you highlight show that current laws or application of them are flawed, none of them are specifically European laws, they were all national laws.
The twitter prosecutions were made under English law, the extradition was attempted under a UK/US extradition treaty etc.
The problem is companies not being professional in how they deal with personal data but there is a lack of anything of any substance aimed at them.
It's a good job we have all these tough sentences, it keeps the prisons empty as nobody commits crimes for fear of going to jail.
"...cyber intrusions that result in financial costs..." What about companies that claim the costs of subsequently, properly securing their networks were "caused" by the hackers? Has the EU wised up to that one yet?
... the tougher sentences for those in big institutions (corporate or governmental) who manage to leave laptops on the train or fail to secure data so it can be hacked by skiddies?
"if the attack is against a critical infrastructure network, like a power plant, transport or government network, the maximum penalty jumps to at least five years"
What's the penalty for connecting your 'critical infrastructure` to the Internet?
Typically "getting tough" means imposing a minimum sentence -- anyone convicted must serve at least the minimum sentence.
Imposing a maximum sentence means that the convicted criminal could receive any sentence less than that maximum, including no jail time at all, no parole at all, even an absolute discharge.
Neither. The directive is for a minimum maximum. Confusing, I know.
What it means is that all members must have a maximum sentence for the covered 'cyber' crimes that is at least two years, or five for infrastructure.
That doesn't mean members have to sentence everyone convicted to five years - it means they are required to give judges the option of at least that sentence. Judges are free to sentence to less, and individual countries are free to set a maximum higher than the directive requires.
So in most situations, this isn't going to change anything. The only times it'll have any effect are when someone either commits a crime serious enough to earn a sentence higher than the a previous maximum since increased by this directive, or when someone upsets the Powers That Be in government and earns themselves a 'throw the book' order whispered in the prosecution's ear
The crims win.