back to article Computer misuse: Brits could face LIFE IN PRISON for serious hacking offences

British computer hackers who severely damage the national security of any country could face life in prison under a new criminal offence proposed in the Serious Crime Bill, however the plan has been attacked for lacking legal certainty by MPs and peers. The Joint Committee on Human Rights raised the alarm last Friday, after …

  1. Pete 2 Silver badge

    Mightier than the sword

    If "hacking" really is a greater threat to our national safety, then should it not be an equally serious offence to allow, suffer or permit such security holes to exist?

    Using this proposed law as a basis, why don't we disband the british armed services and merely make it a crime for foreigners to invade the UK. That should be enough to stop 'em!

    1. Anonymous Coward
      Anonymous Coward

      Re: Mightier than the sword

      "why don't we disband the british armed services and merely make it a crime for foreigners to invade the UK"

      That's already been done, under the guise of various successive "strategic defence reviews" that have left us with no credible land, air, or sea capabilities. And whilst it is easy to argue that projecting force overseas has rarely ended well, we're now at a position where our armed services couldn't defend the UK, and we rely on the assertion that nobody (other than migrants in Calais) wishes to invade us.

      1. kellerr13

        Re: Mightier than the sword

        The Crown is part of the New World Order, and their goal is to destroy the old, so they can offer the solution of the New World Order.

        One government

        One currency

        Under the control of a few.

        A lot of people will respond on them with violence. The powers that be must have a plan to deal with that.

    2. ecofeco Silver badge

      Re: Mightier than the sword

      Exactly Pete 2. Privatize the profits, socialize the losses.

      Same old story.

      1. Ted Treen
        Big Brother

        Re: Mightier than the sword

        And "...the plan has been attacked for lacking legal certainty..." really means "The bill has been deliberately left vague so it means whatever we want it to mean when we come to use it".

        Plus ça change...

    3. Mark 65

      Re: Mightier than the sword

      I think it is a very sad day when a malicious computer attack (and we all know this law will be abused to its fullest extent) resorts in a more severe punishment than GBH, aggravated assault, armed robbery, rape, and potentially even murder. Certainly leaves me feeling a lot safer knowing thugs, rapists and (potentially) murderers are set free before all those nasty hackers. I guess as far as politicians are concerned hackers can destroy potential directorships whereas murderers just thin the herd.

  2. frank ly

    If I 'hack' North Korea's military system ....

    ... and the North Korean government detects me and provides proof to the UK police, will I go to prison in the UK? Or, will the UK extradite me to North Korea?

    1. YetAnotherLocksmith Silver badge

      Re: If I 'hack' North Korea's military system ....

      Don't be daft, we don't send our citizens off to face kangaroo courts in foreign places that put innocent people to death for trivial offences.

      Well, as long as they can convince a court they are autistic, anyway.

  3. Stuart 22

    Am I a criminal?

    If I hacked the website of a certain North Korean leader to give him a different haircut?

    1. Anonymous Coward
      Anonymous Coward

      Re: Am I a criminal?

      On the contrary. I think you should be a Nobel nominee.

      1. breakfast Silver badge

        Re: Am I a criminal?

        "And this year's Nobel prize for hairdressing goes to..."

    2. JLV

      Re: Am I a criminal?

      No, you'd be doing him a favor.

      1. Matt 21

        Re: Am I a criminal?

        While a silly example it does lead me to think about what hacking is.

        Imagine I go to my local electricity supplier's shop and distractedly try and enter by the wrong door, which causes the local grid to go off line. It would be the electricity supplier who was in trouble, not me and rightly so as they shouldn't be stupid enough to make simply trying the wrong door take the grid off line.

        So why should typing a wrong URL be a crime just because of the consequences?

        If I ssh to the wrong IP address and login with a default password, why should that be a crime? It's rare but possible I didn't notice I was on the wrong server.

        Anyway, you see the sort of thing I mean. It seems to me that at the very least there needs to be proof that there was a deliberate attempt to cause serious damage and that a reasonable attempt had been made to mitigate the risk (no default passwords for example).

        In the 1970s my mum, sorry my friend's mum, walked into a car park, opened a blue ford Cortina and started to drive away before she realised it was the wrong one. Not really her fault Ford key security wasn't up to much and while begin a dozy moo is not to be encouraged, I don't think life in prison is an appropriate response....... well perhaps...... no, I'll stand by my first response.

        As for overseas "attacks". Why would anyone allow overseas access to their sensitive infrastructure? You'd have to be exceptionally stupid to do that at a time we're all being told there are evil terrorists queuing up to attack us.

  4. Anonymous Coward
    Anonymous Coward

    computer hackers who damage the national security of any country*

    *unless it happens to be a country on the (current) shit list,

    1. Anonymous Coward
      Anonymous Coward

      Re: computer hackers who damage the national security of any country*

      Or a member of GCHQ doing it...

      1. YetAnotherLocksmith Silver badge

        Re: computer hackers who damage the national security of any country*

        Or a member of the FBI/government/whoever directing you under threat of a serious sentence.

        Oh, wait.

        1. amanfromMars 1 Silver badge

          Re: computer hackers who damage the national security of any country*

          Ye olde Sabu stinger play, YetAnotherLocksmith.

          Some would call that entrapment ..... and akin to a cheap cheat/subprime ploy.

  5. localzuk Silver badge

    Needed

    I do think we do need reform with our computer crime laws. The current 5 year maximum is far too low considering the damage that can be caused by "hacking".

    Just need to make sure they get the details right!

    1. N2

      Re: Needed

      I do think we do need reform with our computer crime laws.

      I think we need to reform all our serious criminal laws, whilst the hacker gets 'life', the murderers & so on get a relatively short term.

      1. LucreLout

        Re: Needed

        "I think we need to reform all our serious criminal laws, whilst the hacker gets 'life', the murderers & so on get a relatively short term."

        Exactly. I'd rather a hacker damage my PC than break my bones, but under these proposals, he won't be jailed for the latter but may be jailed for life for the former. It's disgusting.

        The last thing this country needs is more laws. We need a much smaller, simplified legal framework, with proper deterrant level jail time for any offence of violence or dishonesty. Not much work in that for lawyers and lefty outreach workers though.

    2. Suricou Raven

      Re: Needed

      Yet most cases of hacking cause minimal damage, at least until the adjusters get involved.

      Perhaps it would be a better idea to tie the sentencing to the damage the attacker either intended to cause, or could reasonably have believed his actions may cause? And not include the cost to the victim of securing their systems like they should have done in the first place.

      1. localzuk Silver badge

        Re: Needed

        You all seem to be underestimating the damage done to economies by computer crime. Govt figures put the cost to the UK economy at £27bn per year. That's a huge amount of money being lost through crime. That's peoples jobs and livelihoods. That's people's pensions and savings. Are those things only worth a metaphorical slap on the wrist?

        1. heyrick Silver badge

          Re: Needed

          "Govt figures put the cost to the UK economy at £27bn per year." - and proof of that is where? Remember the "cost" supposedly incurred by the actions of the Scottish bloke (whose name I don't remember).

          "That's people's pensions and savings." - the current government is wanting to remove the Winter Fuel Allowance from pensioners living overseas (and some places are colder) saving something in the region of 5m. How much was pissed away on the latest failed IT contract?

          "Are those things only worth a metaphorical slap on the wrist?" - when I could find one of these hard done by pensioners and bludgeon them to death with a frozen salmon, and only get a few years with a possibility of early release if I'm "good", then the logical answer can only be Yes.

          1. localzuk Silver badge

            Re: Needed

            So you're arguing that our punishments should all be weak because some others are already weak? Surely the answer is to tighten up the weak sentences rather than stick with poor sentencing across the board?

            Here's the report on that number too - https://www.gov.uk/government/publications/the-cost-of-cyber-crime-joint-government-and-industry-report

            1. Paul Crawford Silver badge

              Re: Needed

              Perhaps if some of the punishment was also metered out to those ultimately in charge [1] of the systems being hacked and defrauded when they have not done a good job of securing them, things might change.

              [1] I.e. at the CEO/CFO level, not BOFH. Those who decide how much to spend on security and if changes that make things better are to be vetoed for business reasons.

            2. LucreLout

              Re: Needed

              So you're arguing that our punishments should all be weak because some others are already weak?

              Nobody is arguing that.

              Surely the answer is to tighten up the weak sentences rather than stick with poor sentencing across the board?

              The answer is, as always, to prioritise. If securing your computer isn't a priority for you, then why should jail time for your hacker be a priority for society? The time debating this would have been better spent revisiting sentencing for theft and violence such that every instance of GBH and every house broken into results in jail time.

              1. localzuk Silver badge

                Re: Needed

                @LucreLout - that's victim blaming at its finest. "Why didn't they secure their computers better?!" "Why didn't they have tougher locks on their doors?" "Why was she wearing a short skirt in public?"

                Companies shouldn't have to spend millions of quid on making their systems operate like Fort Knox. The idiots hacking their stuff are the ones who need eliminating.

                @Sir Runcible Spoon - Wait, so you're blaming me for not reading back to the original report, and looking at the article instead?

                1. Sir Runcible Spoon

                  Re: Needed

                  @localzuk, you argument appeared to be in favour of this law due to the economic impact that 'hackers' have on this country's finances, yet the bill refers to damage to national security, not the economics of IP theft.

                2. LucreLout

                  Re: Needed

                  Companies shouldn't have to spend millions of quid on making their systems operate like Fort Knox. The idiots hacking their stuff are the ones who need eliminating.

                  Oh dear. I think maybe it's best if you take your computer back to PC world: this is not the industry for you.

                  Passing a law in the UK does absolutely nothing to the security requirements of a business, which the minute it is connected to the internet, is within global reach.

                  Taking sensible, and as it happens necessary, precautions isn't victim blaming, it's common sense. In theory you should be able to get barking at the moon drunk, wander through dark alleys in a square yard of cloth, and expect to remain unmolested. In theory you should be able to leave your house unlocked. In reality, you can't.

                  1. localzuk Silver badge

                    Re: Needed

                    That is the very definition of victim blaming. You're saying that someone who doesn't dress conservatively is basically to blame for being raped. The company that doesn't invest millions in their security systems is asking to be attacked. Your exact words: "If securing your computer isn't a priority for you, then why should jail time for your hacker be a priority for society?"

                    So if a company doesn't secure its network, a hacker shouldn't be prosecuted. That is shifting the blame for a crime onto the company and off the hacker. You are specifically saying that the crime is only a crime if the victim tried to do something to prevent it!

                    As you say, in an ideal world, we wouldn't need to do things to protect ourselves - I don't deny that or the reality of the world we live in, but making the punishment for a crime dependant on the victim having done something to prevent it is simply not the same thing.

                    1. LucreLout
                      Mushroom

                      Re: Needed

                      That is the very definition of victim blaming. You're saying that someone who doesn't dress conservatively is basically to blame for being raped.

                      No I'm not, so you can stop assembling that strawman you'd like to build.

                      The company that doesn't invest millions in their security systems is asking to be attacked

                      It doesn't take millions to be reasonably secure. My home PC is reasonably secure. Took me less than 20 mins to achieve. Thanks to estate management software, the same can be done in a corporate environment. Top of the line security may cost millions, but most places neither need it or are willing to pay for it. Companies that don't take sufficient steps to be secure WILL be hacked. They just will. If you can't accept that or understand the reasoning behind it, then you don't belong around computers.

                      So if a company doesn't secure its network, a hacker shouldn't be prosecuted.

                      Nobody said that. Nobody at all.

                      You are specifically saying that the crime is only a crime if the victim tried to do something to prevent it

                      Nobody said that either.

                      making the punishment for a crime dependant on the victim having done something to prevent it is simply not the same thing.

                      And nobody suggested that either.

                      Your lack of ability to read and comprehend what is being written, and your shocking inability to think critically would strongly imply that my earlier hypothesis is correct: you don't belong around computers. Sorry that isn't what you'd like to hear, but it is what it is.

                      Crimes of violence and dishonesty are worse for individuals and worse for society as a whole, than hacking. They must always attract stronger punishments. If there's no space in jail for wannabe gangsters committing GBH, then there's no space for a hacker - whether they're intellectually curious, or simply mailicious.

                3. Vic

                  Re: Needed

                  Companies shouldn't have to spend millions of quid on making their systems operate like Fort Knox.

                  They don't. They just need to ensure that the lock on the front door is made out of something more substantial than camembert. And that there is a front door.

                  If you tried to get the cops to investigate a "burglary", when you'd actually left the premises with all the windows wide open and the keys on a hook on the outside wall, they'd just laugh at you, and your insurance company would as well. But when such idiocy is committed in the digital domain, it is considered appropriate, and we end up with crazy estimates for how "damaging" a given intrusion is. There ought to be parity...

                  Vic.

                  1. fajensen

                    Re: Needed

                    I think British law makes a distinction between "Incompetent" and "Negligent". The first one is not good, the second one will land you in jail or at the sharp end of legal action. One cannot claim incompetence if one is a licensed structural engineer, a surgeon or an avionics technician.

                    A lot of management within IT (and in general) go all in for "Incompetent" and are getting away with it under the cloak of total, blubbering, idiocy - while they are nevertheless paid millions. for ....??? incompetent people are not exactly a rare commodity - what happened to The Market here?!

                    Perhaps is is time that there should be a push-back from an "IT Incident Commission" similar to what we have in the usual High-Risk industries, like Air and Rail transport? Start to professionalise the business a bit.

            3. Sir Runcible Spoon
              FAIL

              @localzuk

              From the article:

              "British computer hackers who severely damage the national security of any country could face life in prison under a new criminal offence proposed in the Serious Crime Bill"

              From the report:

              "In our study, we have focused on less-understood cyber crimes, including:

              –identity theft and online scams affecting UK citizens;

              –IP theft, industrial espionage and extortion targeted at UK businesses; and

              –fiscal fraud committed against the Government"

              So tell me again why you are throwing tomatoes at an apple-bobbing contest?

            4. fajensen

              Re: Needed

              Perhaps, the even simpler answer is to tighten up weak security practices and make management financially responsible?

      2. Vic

        Re: Needed

        And not include the cost to the victim of securing their systems like they should have done in the first place.

        And there's the rub: so many of these incidents use the entire clean-up cost to over-state the "damage" that has occurred, when the bulk of that clean-up is in implementing the security they should have had all along. Actual damages are so trivial you wouldn't even bother filing charges, but then some high-level manager or similar would end up looking stupid - so the costs are inflated to save face. It helps that that facilitates extradition, to boot...

        If the courts were to get wise to this, I guarantee substantially all "hacking" cases would become frivolous.

        Vic.

    3. Anonymous Coward
      Anonymous Coward

      Re: Needed

      'I do think we do need reform with our computer crime laws. The current 5 year maximum is far too low considering the damage that can be caused by "hacking".'

      The problem is that the hacking element attracts the larger sentance rather than the outcome or objective. If you interfere with a system with a reasonable expectation that significant damage or risk of injury etc will occur then their should be a significant penalty associated with that. If you do something where reasonably no signifcant negative consequences can occur it should not be a serious offence. If you hack a government web site to put up a political message embarassing to that government I do not think that is a serious offence.

      Crimes commited via a computer should be punished in line with similar crimes committed with using a computer. At the moment the use of a computrer seems to escalate the seriousness of an offence but I can't understand the logic behind this.

      It does make sense that misuse of a computer is an offence in its own right without having to show malicous intent as a deterrant and to make clear it shoudl not be done but that alone should not be a very serious offence.

  6. Anonymous Coward
    Anonymous Coward

    Who?

    On reading this article, I asked myself the not unreasonable question : "Who the bejesus is Baroness Williams of Trafford'? Naturally, I thought, as one of our top legislators professing on this subject, that she'd be an technology expert. Nothing too heavy, but perhaps a technical or scientific academic background, a career in the civil service in a technical capacity, or even some industrial experience, IBM lifer or something.

    I was to be disapointed.

    Susan has a degree in 'Nutrition' (could be that she spent her undergraduate days just eating) from the University of Huddersfield. She's then had a career as a local councilor, and a few failed attempts to get elected as an MP. The people spoke on each occasion, and decided to pass. She then got herself ennobled.

    One of the few reasons for having an appointed second chamber is so that 'experts' in a given field can be inserted into the legislature, so we don't have to rely on career politicos. Can they not appoint a few techies? Other than Martha of course....

    1. LucreLout

      Re: Who?

      "Other than Martha of course...."

      At least Baroness MiLF of SoHo made a success of herself before being ennobled, rather than simply failing repeatedly while hiding from the real world in a nice safe council job.

    2. Anonymous Coward
      Anonymous Coward

      Re: Who?

      > University of Huddersfield

      When I were a lad it was the Huddersfield Polytechnic, or the "Poly" t' locals.

    3. veti Silver badge
      Holmes

      Re: Who?

      Good investigative work there.

      So... we have a nobody, with no relevant background, no relevant training or qualifications, no reputation, and most importantly of all, no political capital of any kind floating this proposal. Where are the actual politicians, you know, people who have to worry about votes, willing to put their names behind it?

      Makes it look very much like a trial balloon, intended to be shot down so that the next marginally-less-outrageous proposal will get an easier ride.

  7. Perpetual Cyclist

    Will this life sentence also apply to every minion in MI6 and GCHQ who regularly hack into every system they can? One law...

  8. amanfromMars 1 Silver badge

    <s>Penetration</s> Testing the System .... Out of this World Style

    The new offence provided for in Clause 40 [PDF: "Unauthorised acts causing, or creating risk of, serious damage", page 30] acknowledges this reality and captures the serious damage that cybercriminals can cause in any country.

    Hmmmm? That is akin to the tilting at windmills in this new age of SMARTR IntelAIgent Server Sharing of Novel Information and Virtual Reality. Talk about flogging a dead horse in an attempt to maintain power and retain control of crazy dream scenario. Is it so hard to learn that things have changed already ……?

    Wholesale radical change is in the making and for the taking and on its merry way ..... but don't for one minute make an easy mistake and expect it to be in any way a normal and/or traditional type of competition and opposition, or expect past failed and failing masters of the Great Games that can be played, be continuing leading lights and commanding controllers of the Future Virtual Terrain Field of Universal Power and Earthly Current with ITs Fiat Currency Control Leverage, for they may not possess the necessary cyber wisdom and free internetworking savvy.

    amanfromMars in reply to Fritz Schiller Oct 22nd 05:34 [1410220534] on http://www.economist.com/news/europe/21625795-populist-parties-are-narrowing-governments-options-europe-squeezed-middle

    Guten Morgen, Fritz,

    Fritz Schiller in reply to PIIGS can´t fly Oct 21st, 15:47 said …

    The funny thing is that the banksters have teamed up with Sparta and surely they hate the common people waking up.

    When Sparta and smarter spooky virtual special forces wake up to the fact that they command and control communications and are keepers of the intelligence that servers and protects the banksters and are complicit in aiding their inept politically incorrect supporters, is the Great Game immediately fundamentally changed with future direction and events for action and reaction to, in the hands, hearts and minds of significant irregular and unconventional others who would be practically anonymous and relatively autonomous.

    And methinks common people waking up is much more something that oppressive banksters and their supporters need rightly fear.

    22 October 2014 05:58

    1. Anonymous Coward
      Anonymous Coward

      Re: <s>Penetration</s> Testing the System .... Out of this World Style

      Why do El Reg continue to allow the deluded ramblings of this tweaker on these forums?

      1. gazthejourno (Written by Reg staff)

        Re: Re: Penetration Testing the System .... Out of this World Style

        amanfrommars' posts are perfectly logical and reasonable.

        1. LucreLout

          Re: Penetration Testing the System .... Out of this World Style

          Really? I'd always assumed he was an experimental El Reg AI being tested for inclusion in PARIS/LOHAN #13.

      2. Sir Runcible Spoon
        Trollface

        Re: <s>Penetration</s> Testing the System .... Out of this World Style

        "Why do El Reg continue to allow the deluded ramblings of this tweaker on these forums?"

        Just because you don't understand his posts doesn't mean they don't make sense. Not only have you failed to parse his language of choice, but you have failed Boolean algebra too.

      3. veti Silver badge

        Re: <s>Penetration</s> Testing the System .... Out of this World Style

        Let's face it - if "deluded ramblings" were considered off-topic, this would be a very quiet website.

    2. Anonymous Coward
      Holmes

      Re: <s>Penetration</s> Testing the System .... Out of this World Style

      Put baldly, we who are technologically gifted or skilled can, with the mere addition of a cheap bit of hardware, are a threat to those with any form of power (economic, force, ...). Much as not all that long ago with firearms or earlier with the bow or crossbow, we can reach out and touch someone except now that can be half-way around the globe. This law is just another example of how *they* are reacting to such a threat to their power. Expect far worse. The frog has to be conditioned by increments to allow the process to continue. 'Twouldn't do to have it hop out prematurely.

      1. ecofeco Silver badge

        Re: <s>Penetration</s> Testing the System .... Out of this World Style

        Exactly Jack. Exactly.

  9. Select * From Handle
    Coat

    #ThingsLongerThanPistoriusSentence

    I'll get my coat...

  10. jake Silver badge

    "Serious Crime Bill"?

    Is there a "Not Very Serious Crime Bill"?

    How about "Not Serious At All Crime Bill"?

    Or perhaps "Not A Crime, But We've Riled Up The Proles, So Let's Make It A Crime Bill".

    Just wondering.

    1. Suricou Raven

      Re: "Serious Crime Bill"?

      The 'not very serious crime' is the crime directed against you, a person without either money, fame or political connections.

    2. Phil O'Sophical Silver badge
      Coat

      Re: "Serious Crime Bill"?

      Hacker: I look down on him because I do serious crime.

      Murderer: I look up to him ↑ because he does serious crime; but I look down on him ↓ because he is just a bit of a lad. I don't do very serious crime.

      Bit of a lad: I know my place. I look up to them both. But I don't look up to the murderer as much as I look up to then hacker, because he has got real terrorist potential.

      Hacker: I have got real terrorist potential, but I don't kill people. So sometimes I look up to the murderer.

      Murderer: I still look up to the hacker because although I kill people, I am vulgar. But I am not as vulgar as the lad so I still look down on him.

      Lad: I know my place. I look up to them both; but while I am a penniless thieving wanker, I am industrious and trustworthy. Had I the inclination, I could look down on them. But I don't.

      We all know our place, but what do we get out of it?

      Hacker: I get life in jail.

      Murderer: I get 5 years and a feeling of inferiority from the hacker, but a feeling of superiority over the thieving wankers.

      Lad: I get stopped and searched. Every day.

      (apologies to Python)

      1. Zog_but_not_the_first
        Coffee/keyboard

        Re: "Serious Crime Bill"?

        Upvote for making me laugh at this time of day.

        Pedant note: It was from the Frost Report.

        1. Phil O'Sophical Silver badge

          Re: "Serious Crime Bill"?

          Pedant note: It was from the Frost Report.

          Ah, it was indeed, thanks. Co-written by Marty Feldman, I hadn't realised that.

      2. toxicdragon

        Re: "Serious Crime Bill"?

        If this is the sketch I think it is, its not python, its the two ronnies + stephen fry,

        1. Someonehasusedthathandle

          Re: "Serious Crime Bill"?

          John Cleese not Fry

          (Sorry to be pedantic but Fry doesn't deserve the credit)

          1. toxicdragon

            Re: "Serious Crime Bill"?

            Ah, its probably a different version than the one I am thinking of then

            1. Lallabalalla

              Re: "Serious Crime Bill"?

              They did a remake - the original was still the 2 Ronnies but with Cleese in The Frost Report. In black and white!

      3. EddieD

        Re: "Serious Crime Bill"?

        ITYM "apologies to "The Frost Report"" (notably Ronnies Barker and Corbett are in this sketch...)

        As with the 4 Yorkshiremen (originally from the "At last the 1948 show", with Cleese, Chapman, Brooke-Taylor and Feldman), many sketches are attributed to the Pythons, and indeed now performed by the Pythons, that were not their material, which may be why their reputation is enhanced beyond their actual talent...in my opinion. They were good, but not as good as the goggles of edited hindsight suggest.

        I'm officially old enough to be a pedantic curmudgeon.

      4. Snowy Silver badge

        Re: "Serious Crime Bill"?

        The video http://www.youtube.com/watch?v=K2k1iRD2f-c (first part of it) or the remake http://www.youtube.com/watch?v=0JSahEDRjvw

      5. John H Woods Silver badge

        Re: "Serious Crime Bill"?

        ^^ COTW

      6. Roger Varley

        Re: "Serious Crime Bill"?

        It's not Python. That's from the Frost Report, performed by John Cleese and the Ronnies, Baker and Corbett. Written by Marty Feldman and John Law.

    3. billse10

      Re: "Serious Crime Bill"?

      I don't know if there is a "Not A Crime, But We've Riled Up The Proles, So Let's Make It A Crime Bill", but there is a "Not a crime if the council or police do it but it is if anyone else tries Act".

      It's called RIPA.

  11. MJI Silver badge

    A village has lost its idiot.

    Why would it matter if a British person wrecked the Norks only computer?

    Why would it matter if a British security person hacked into say a Middle East system to dig up ISIS information?

    This idiot wants to criminalise GCHQ!

  12. James 51

    For goodness sakes, if they want to get Gary McKinnon that badly they should just say so.

  13. Anonymous Coward
    Stop

    So let me get this right....

    ...if I hack (not that I'd have a clue how to) into the Israeli defence force and told a load of Palestinians that they we're going to lob a load of cluster bombs in the general area of a Hamas leader. Will I be charged as i clearly have SAVED a lot of lives.

    Actually take it further....

    Do the above and inform a Hamas leader he is about to be assassinated at 3pm outside the mosque, so he avoids the assassination.

    Israel may say I have compromised the security of a nation, but the Palestinians will say I saved the security of a nation.

    One man's terrorist and all that.

    1. Sir Runcible Spoon

      Re: So let me get this right....

      At time of posting the score is 5/5 on this one.

      It's nice to see a balance between the terrorists and freedom fighters for once.

  14. LucreLout

    "if I hack (not that I'd have a clue how to) into the Israeli defence force and told a load of Palestinians that they we're going to lob a load of cluster bombs in the general area of a Hamas leader. Will I be charged as i clearly have SAVED a lot of lives."

    No you haven't. You've aided and abetted a terrorist. The computer misuse act will be the least of your worries, as you quite rightly board a plane for gitmo/wherever, never to be seen again.

    1. DropBear

      There are times I definitely decry the lack of a persistent "people filter" for the comments; if using "quite rightly" and "gitmo" in the same sentence doesn't warrant it, I really don't know what would.

      1. toxicdragon

        I thought it was obvious enough that the joke icon wasn't needed?

        1. Sir Runcible Spoon
          Paris Hilton

          "I thought it was obvious enough that the joke icon wasn't needed?"

          The trouble is, there really are people out there that will have this opinion for real, not just in jest. How are we to know unless the icons are used?

          I've just had a look through some previous postings and it's clear the joker is not an outrageous lunatic, but who does that every time they read a comment that might or might not be for real?

  15. Flocke Kroes Silver badge

    Corruptissima re publica plurimae leges

    How many laws have we got already?

    1. billse10

      Re: Corruptissima re publica plurimae leges

      et quis custodiet ipsos custodes?

      apologies for misquote

    2. Anonymous Coward
      Anonymous Coward

      Re: Corruptissima re publica plurimae leges

      "How many laws have we got already?"

      I lost count after NuLabour added 3000 more criminal offences to the statute books. Many of them were poorly drafted by single issue pressure group consultants. Too many left the matter of ambiguous details to the appeal courts to sort out if/when the Police/CPS saw an opportunity for mission creep "pour encourager les autres".

      1. Dr Dan Holdsworth

        Re: Corruptissima re publica plurimae leges

        To be honest we really do need a damn good clear-out of most of this cruft. An automatic sunset clause would probably do the trick nicely. So, if a law has languished unused for more than one calendar year, then it automatically gets repealed, unless a free majority vote of Parliament rescues it for another year.

        That would either make Parliament run round like a headless chicken continually voting to rescue unused and unloved laws (which would preclude their enacting any more), or it would rapidly reduce the number of laws on the statute books to a workable minimum.

        Added to this, there needs to be a stringent limit on the amount of secondary legislation permitted. This is things such as those regulations permitted by such acts as the European Communities Act, an enabler which permits laws to be brought into force without going through Parliament. As this is bypassing the regulatory chambers we have, it is introducing an awful lot of complete gibberish onto the statute books unseen and unread by Parliament.

  16. smudge
    Headmaster

    Any place?

    To provide greater clarity on this point, therefore, Amendment 17 replaces the reference to damage to human welfare in any country with a reference to damage to human welfare in any place. Amendment 18 similarly replaces the reference to damage to the environment in any country with a reference to damage to the environment of any place.

    So what's the definition of "any place". Are they about to outlaw interplanetary hacking? Inter-galactic? Have they taken the possibility of the multi-verse into account?

    1. amanfromMars 1 Silver badge

      Re: Any place?

      So what's the definition of "any place". Are they about to outlaw interplanetary hacking? Inter-galactic? Have they taken the possibility of the multi-verse into account? .... smudge

      Howdy, smudge,

      Pity the poor stupid legalised idiot who would imagine they have any jurisdiction in the Live Operational Virtual Environment Space/Cyberspace Place.

      1. amanfromMars 1 Silver badge

        Re: Useful Idiots and Virtual Pioneers, who be Chalk and Cheese and Not the Same in Any Place

        Dutch Initiative ....... https://blog.cyberwar.nl/2014/10/the-dutch-defense-cyber-command-a-new-operational-capability-colonel-hans-folmer-2014/ heralding dDutch Initiative ..... http://www.ur2die4.com/ddutch-initiative/

        AIVD/MIVD showing MI5/MI6/NSA/CIA the Future Way?

        1. amanfromMars 1 Silver badge

          Re: Useful Idiots and Virtual Pioneers, who be Chalk and Cheese and Not the Same in Any Place

          AIVD/MIVD showing MI5/MI6/NSA/CIA the Future Way?

          Or are they just into better copying and deploying their Type Skunkworks Shenanigans?

          Either way, Bravo, Nederlands. Late to the party maybe but the fun and games are only just starting and in dire straits need of some novel direction in these stoned age times full of crazies and wannabe Napoleons.

    2. Solmyr ibn Wali Barad

      Re: Any place?

      It's as clear as it gets, citizen.

      Anybody doing anything, anywhere, will get any number of years.

  17. Anonymous Coward
    Anonymous Coward

    Boobquake?

    To challenge assertations that skimpy clothing cause earthquakes, you will remember that a group of women organized over the internet to spend a day wearing skimpy clothing, during which time there was an earthquake.

    If there is a case for prosecution under this law for such events, I point and laugh at this law.

    1. YetAnotherLocksmith Silver badge

      Re: Boobquake?

      There are hundreds of earthquakes every day. So was there a statistically significant variation in earthquakes on the day?

      1. Sir Runcible Spoon

        Re: Boobquake?

        Yet the application of the law now insists that the defendants prove that they were NOT the cause of the earthquake, statistical anomaly or not.

  18. Teiwaz

    Falling in line with the EU (excuse) again?

    "necessary to overhaul the Computer Misuse Act 1990 so as the British government could fall in line with the EU."

    Don't the government want to opt out of some EU legislation that isn't convenient?

    I personally think the whole UKIP thing is right-wing political maneauvering in order to get support for dropping most of the socialist directives of the EU, such as Human Rights.

    "prevent individuals from obtaining tools such as malware with the intention to personally commit a cyber crime."

    As Malware is often delivered unsolicited, all they'd need additionally is a thoughtles tweet, blog post etc that criticises the current status quo of modern society in some way (and it won't matter if it's tongue in cheek as law givers and enforcers don't have a concept of a sense of humour).

    I notice also 'individuals'. So their intent is that corporations/governments are allowed to obtain Malware then?

    Life Imprisonment is a ridiculous idea as well, have they forgotten that the prison system is (a) flawed as a reformation system, (b) not up to dealing with more long-stay detaines, (c) We are a small landmass. unlike America, which still has plenty of space. I'd remind the 'Empire remembering' establishment that Australia is picky about it's immigrants these days, and all you've left is the Falklands, which also has finite space.

    1. Anonymous Coward
      Anonymous Coward

      Re: Falling in line with the EU (excuse) again?

      and all you've left is the Falklands,

      There's a bit more than that, the sun still doesn't set on it. Anyway, Mars will be available soon, perhaps via a PPI?

    2. David L Webb

      Re: Falling in line with the EU (excuse) again?

      "prevent individuals from obtaining tools such as malware with the intention to personally commit a cyber crime."

      This is already covered by the amendments made to the Computer Misuse Act by The Police and Justice Act 2006 which made it an offence to make, supply or obtain articles for use in a computer misuse offence see

      https://wiki.openrightsgroup.org/wiki/Police_and_Justice_Bill_2006#Making.2C_supplying_or_obtaining_articles_for_use_in_computer_misuse_offences

  19. Anonymous Coward
    Anonymous Coward

    Threats of "Life In Prison"

    Part and parcel of moving towards a Plea Bargain based legal system ("Plead guilty and we'll give you five years, else we'll go to trial and you'll be in prison for life."). It can really avoid the expenses and effort involved with those pesky trials.

    Also useful for putting just about *anyone* in prison for five years.

  20. Anonymous Coward
    Anonymous Coward

    Amendment - 1

    "British computer hackers who severely damage the national security of any country could face life in prison" [insert] unless a member of a covert, state-sponsored, organisation.

  21. The Mole

    "It also does not enable UK law enforcement agencies to take action against UK citizens committing cyber crime offences whilst physically outside the UK on the basis of their nationality alone."

    Good, and that is the way it should stay. Whilst I quite agree that some really really serious crimes should allow extra-territorial jurisdiction (crimes against humanity for instance), hacking certainly isn't one - let the country where you perform the act in prosecute the act.

  22. CommanderGalaxian

    "A perpetrator, sitting in their bedroom in London..."

    Doesn't she mean an office in Cheltenham?

  23. southpacificpom

    Life in prison?

    You mean like your own bed, free meals, exercise courtyard etc... in order to detain you?

    Probably similar to working as a programmer at Google then.

  24. Dan Paul

    This law is just another overreaction like "The War on Drugs".

    It seems that lawmakers everywhere only know how to over react to topical threats. Simply creating an offense does not equate to enforcing those offenses.

    To begin with, these "lawmakers" (EVERYWHERE) don't even understand the difference between hackers and crackers, let alone understanding the principle of the Punishment must fit the Crime.

    A 13 year old who hacks into the school records database to increase his grade (get him a job)does not deserve the same inexorable punishment as some one who cracks a banks security and steals the last two digits of every transaction for 5 years (Give him the same penalty as Grand Theft).

    No consideration is given in any case to those security researchers who are trying to find out how a particular piece of malware works, the cops know better, then mere possession of malware for any purpose will land you in the slammer.

    The general vagueness of the offenses contained in the law is ridiculous as they can grass up ANYONE for almost ANY reason.

    And nowhere does it even hint at making the computer user/company being cracked responsible for providing a level of security one would expect for the sums of money involved. Too many get off scott free even though it was THEIR lack of security that allowed the cracker to steal OUR money.

    Personally, if the password was guessed and that password is P@ssw0rd, then maybe the real criminal is not the hacker but the user. I think there are some celebutard iCloud users that fit that description.

    1. Lyndon Hills 1

      Re: This law is just another overreaction like "The War on Drugs".

      Compare and contrast with the damage caused by the financial meltdown, and the average sentence served by the senior bankers responsible.

      1. Sir Runcible Spoon

        Re: This law is just another overreaction like "The War on Drugs".

        A question that just drifted across my mind - what if your PC was part of a Botnet that performed a DDoS on a government web site like HMRC?

        1. Mark 85

          Re: This law is just another overreaction like "The War on Drugs".

          Short answer: Your ass is grass and they are the lawnmower. You empowered, aided, abetted (add more legal babble as required) by downloading (knowingly or unknowingly) the malware that put your PC on the botnet.

  25. Alan Johnson

    Seriously confusing draft

    The drafting is fundamentally flawed at the most basic level. In some cases it is clearly intended that a list of conditions shoudl be logically ANDed together in another place that they should be logically ORed together with no text at all to distinguish between the to cases. This is just broken. Which interpretation will prefail?

    At a more fundamental level why do we need it? I am still very sceptical about the idea of hacking causing deaths and similar and for the all the most serious consequences surely we have enough laws already to cover death, serious economic damage etc.

  26. Peter Sommer
    Alert

    10 years maximum penalty under s 3 Computer Misuse Act, not 5

    10 years maximum penalty under s 3 Computer Misuse Act, not 5!

  27. JaitcH
    WTF?

    Whose rules RULE?

    I have citizenship of, and passports from, three countries and work in a fourth.

    My employer supplies legally manufactured military electronic equipment, designed/fabricated in the fourth country, whose political interests are adverse to the first three countries. The fourth country supports, and recognises, countries in Eastern Asia and Middle East.

    Presently we market most of our products through a government arms agency, as do the other countries.

    The question arises is just whose legislation prevails?

    This the the problem when the UK or the US extends it's 'jurisdiction' beyond it's recognised territory.

  28. Daniel von Asmuth
    Pirate

    punish serious hacking offences

    Offend a serious hacker like L. B. Torvalds or R.M. Stallman and spend the rest of your miserable life off-line!

  29. Anonymous Coward
    Anonymous Coward

    And people wonder

    Why I am working on "Project Looking-Glass" .. aka interdimensional travel.

    As it turns out sending people to Never-Never land (M3X-151) is easy, getting back isn't.

  30. Anonymous Coward
    Anonymous Coward

    Re. Inter Arma Enim Silent Leges

    roughtly translated "In times of war the law falls silent"

    The problem is that when governments start rewriting laws to catch individuals out, the war has already long since been lost.

    Case in point, changing Social Security rules to prevent "frivolous wasting of money" could mean anything from buying a £10 phone topup to get Internet credit to apply for a job, or spending £490 on a new phone because to get the same exact phone on contract is nearly £900 over 2 years.

    Depends on context and timing.

    AC, because posting this probably breaks some (imaginary) law or other.

  31. abit

    Hacker vs. Cracker

    Anyone ever going to care to note the differences?

    It takes multitude of efforts and attitudes to turn a cracker into one ethical hacker. But crackers breed like rabbits and the numbers are on their side.

    It takes nearly a miracle to turn one sob ethical hacker into some second-rate cracker. Yet there comes the lawyer to alter the way things are, for the better I suppose?

  32. This post has been deleted by its author

  33. Vladimir Plouzhnikov

    Definitions

    "Damage to national security" = "a major embarrassment for the government, resulting in it having to publicly admit disregarding the law and making further manipulation of public opinion more awkward or difficult"

    "Damage to the environment" = "a Cabinet minister being forced to resign due to exposition of a sexual impropriety/financial irregularities/drug abuse"

    Bless them, the politicians. Sometimes they are as transparent in their motivations as little children...

  34. J__M__M

    Vagueness may not be permissible in the definition of criminal offences, but it sure as hell is permissible in the definition of criminal offenses.

  35. Anonymous Coward
    Anonymous Coward

    Re. Looking-Glass

    Starting to wish I'd chosen another name for it now, judging by the kookery on remote viewing.

    Not that I entirely disagree with the methodology but if RV worked then doubtless CHQG and 6IM would be using it all the time with an entire ward um.. office full of psychics doped up on weed um.. "psychotronic enhancement pharmaceuticals"...

  36. Anonymous Coward
    Anonymous Coward

    It's a bit like....

    ....when Kevin Mitnick was arrested and sent to prison with no trial for a while. Most murders that he was in prison with couldn't understand why he faced more jail time than they did.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like