Attack on critical infrastructure
What the fuck is PRISM then? Ludo?
The European Parliament has agreed to toughen criminal penalties across the EU for cyber attacks, especially any that threaten national infrastructure or are deemed to be aimed at stealing sensitive data. The new directive forces the 28 member states to impose national maximum sentences of at least two years in prison for …
So far, EU cyber law enforcement includes trying to lock someone up for a joke on twitter, trying to extradite Aspergers sufferers to corrupt regimes who exercise capital punishment, trying to jail 9 year-old girls for downloading pop music, and jailing those who provide a search engine capable of throwing up allegedly copyrighted material which technically is no worse than google.
I guess if the MBTA subway hack happened here with these new laws, they'd also get the book thrown at them. National transport infrastructure - check. cyber attack - check. Automatic minimum 5 year jail-time - check. Never mind that the guys responsible were security researchers showing flaws in security for the public interest...
How about they first prove they can apply the law properly - maybe then we can trust them with stronger deterrents. Until then, this move is idiotic, and bordering on dangerous.
While I agree that the cases you highlight show that current laws or application of them are flawed, none of them are specifically European laws, they were all national laws.
The twitter prosecutions were made under English law, the extradition was attempted under a UK/US extradition treaty etc.
Typically "getting tough" means imposing a minimum sentence -- anyone convicted must serve at least the minimum sentence.
Imposing a maximum sentence means that the convicted criminal could receive any sentence less than that maximum, including no jail time at all, no parole at all, even an absolute discharge.
Neither. The directive is for a minimum maximum. Confusing, I know.
What it means is that all members must have a maximum sentence for the covered 'cyber' crimes that is at least two years, or five for infrastructure.
That doesn't mean members have to sentence everyone convicted to five years - it means they are required to give judges the option of at least that sentence. Judges are free to sentence to less, and individual countries are free to set a maximum higher than the directive requires.
So in most situations, this isn't going to change anything. The only times it'll have any effect are when someone either commits a crime serious enough to earn a sentence higher than the a previous maximum since increased by this directive, or when someone upsets the Powers That Be in government and earns themselves a 'throw the book' order whispered in the prosecution's ear