The European Parliament has agreed to toughen criminal penalties across the EU for cyber attacks, especially any that threaten national infrastructure or are deemed to be aimed at stealing sensitive data. The new directive forces the 28 member states to impose national maximum sentences of at least two years in prison for …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 5th July 2013 15:42 GMT Steen Hive

Attack on critical infrastructure

What the fuck is PRISM then? Ludo?

8 2
Friday 5th July 2013 15:58 GMT Brenda McViking

Give the toddler a bigger firearm

So far, EU cyber law enforcement includes trying to lock someone up for a joke on twitter, trying to extradite Aspergers sufferers to corrupt regimes who exercise capital punishment, trying to jail 9 year-old girls for downloading pop music, and jailing those who provide a search engine capable of throwing up allegedly copyrighted material which technically is no worse than google.

I guess if the MBTA subway hack happened here with these new laws, they'd also get the book thrown at them. National transport infrastructure - check. cyber attack - check. Automatic minimum 5 year jail-time - check. Never mind that the guys responsible were security researchers showing flaws in security for the public interest...

How about they first prove they can apply the law properly - maybe then we can trust them with stronger deterrents. Until then, this move is idiotic, and bordering on dangerous.

9 2
1. Friday 5th July 2013 19:43 GMT Yet Another Anonymous coward
  
  Re: Give the toddler a bigger firearm
  
  It's a good idea - as long as it apples to everyone.
  
  Would be interesting to watch German police marching into Westminister to arrest Hague because GCHQ stored data on Germans.
  
  2 0
2. Monday 8th July 2013 07:46 GMT Matt 21
  
  Re: Give the toddler a bigger firearm
  
  While I agree that the cases you highlight show that current laws or application of them are flawed, none of them are specifically European laws, they were all national laws.
  
  The twitter prosecutions were made under English law, the extradition was attempted under a UK/US extradition treaty etc.
  
  1 0
Friday 5th July 2013 16:23 GMT h3

The problem is companies not being professional in how they deal with personal data but there is a lack of anything of any substance aimed at them.

2 0
Friday 5th July 2013 17:01 GMT Anonymous Coward

Good Job

It's a good job we have all these tough sentences, it keeps the prisons empty as nobody commits crimes for fear of going to jail.

2 0
Friday 5th July 2013 18:27 GMT AndyBeans

Financial costs?

"...cyber intrusions that result in financial costs..." What about companies that claim the costs of subsequently, properly securing their networks were "caused" by the hackers? Has the EU wised up to that one yet?

3 0
Friday 5th July 2013 20:21 GMT Graham Marsden

And what about...

... the tougher sentences for those in big institutions (corporate or governmental) who manage to leave laptops on the train or fail to secure data so it can be hacked by skiddies?

[Tumbleweed...]

2 0
Friday 5th July 2013 21:48 GMT Anonymous Coward

Attack against critical infrastructure

"if the attack is against a critical infrastructure network, like a power plant, transport or government network, the maximum penalty jumps to at least five years"

What's the penalty for connecting your 'critical infrastructure` to the Internet?

7 0
Saturday 6th July 2013 06:26 GMT WatAWorld

Impose Maximum or Minimum Sentences?

Typically "getting tough" means imposing a minimum sentence -- anyone convicted must serve at least the minimum sentence.

Imposing a maximum sentence means that the convicted criminal could receive any sentence less than that maximum, including no jail time at all, no parole at all, even an absolute discharge.

1 0
1. Saturday 6th July 2013 19:21 GMT Suricou Raven
  
  Re: Impose Maximum or Minimum Sentences?
  
  Neither. The directive is for a minimum maximum. Confusing, I know.
  
  What it means is that all members must have a maximum sentence for the covered 'cyber' crimes that is at least two years, or five for infrastructure.
  
  That doesn't mean members have to sentence everyone convicted to five years - it means they are required to give judges the option of at least that sentence. Judges are free to sentence to less, and individual countries are free to set a maximum higher than the directive requires.
  
  So in most situations, this isn't going to change anything. The only times it'll have any effect are when someone either commits a crime serious enough to earn a sentence higher than the a previous maximum since increased by this directive, or when someone upsets the Powers That Be in government and earns themselves a 'throw the book' order whispered in the prosecution's ear
  
  1 0
Sunday 7th July 2013 20:02 GMT Anonymous Coward

Too Late

The crims win.

0 1