Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
News

Hackers are 'Terrorists' Under Ashcroft's New Act 1021

Posted by CmdrTaco from the it's-in-the-name-of-freedom-we-swear dept.
Carlos writes "Most computer crimes are considered acts of terrorism under John Ashcroft's proposed 'Anti-Terrorism Act,' according to this story on SecurityFocus. The Act would abolish the statute of limitations for computer crime, retroactively, force convicted hackers to give the government DNA samples for a special federal database, and increase the maximum sentence for computer intrusion to life in prison. Harboring or providing advice to a hacker would be terrorism as well. This is on top of the expanded surveillance powers already reported on. The bill could be passed as early as this week. I feel safer already."
This discussion has been archived. No new comments can be posted.

Hackers are 'Terrorists' Under Ashcroft's New Act More

Hackers are 'Terrorists' Under Ashcroft's New Act

Comments Filter:
  • There are just way too many of us out here.

    Put us all in prison, and prisons will be freer than out here.

    The true hacker is absolutely, completely, devoted to freedom.

    -wp
    • There are far more drug sellers and users than there are security geeks, but Federal and state governments have no problem with the idea of putting them all in prison. So I wouldn't be so cocky.

      (Though security geeks are likely richer and whiter than drug offenders, on average, which will help.)

  • oh, crap... (Score:4, Funny)

    by hugg ( 22953 ) on Monday September 24, 2001 @05:46PM (#2343513)
    Damn, we /.'ed the securityfocus server... that's a DOS attack, isn't it?

    Quick, smash your DSL modems, clear your logs, and run for the hills before the Feds arrive!

  • Umm, Thats not right... (Score:4, Interesting)

    by 11thangel ( 103409 ) on Monday September 24, 2001 @05:47PM (#2343515) Homepage
    Providing advice to a Hacker == criminal offense? Doesn't legal counsel count as advice? Isn't that protected under the 5th ammendment?
    • the bigger problem here, is ... whats advice?

      teaching someone how to disassemble a program?

      teaching assembly language?

      using a non-MS product?

    • Re:Umm, Thats not right... (Score:4, Insightful)

      by Tackhead ( 54550 ) on Monday September 24, 2001 @05:55PM (#2343598)
      > Providing advice to a Hacker == criminal offense?

      "If you have programming skills, get the fuck out of the States and take your skills with you. Your country obviously doesn't want you anymore."

      (Am I now a felon?)

  • Ouch! (Score:5, Interesting)

    by Jeremiah Cornelius ( 137 ) on Monday September 24, 2001 @05:50PM (#2343542) Homepage Journal
    I conduct Penetration Testing and Vulnerability assesments for a living.

    All it takes is one bad customer relationship to cause a false accusation...

    jeremiah cornelius

    • Re:Ouch! (Score:5, Funny)

      by fobbman ( 131816 ) on Monday September 24, 2001 @06:24PM (#2343881) Homepage
      Husband: No, it wasn't an affair, per se. I was actually conducting some Penetration Testing and Vulnerability Assesments on her.

      Boy, was she vulnerable! Glad I was able to help her out, really!

    • Re:Ouch! (Score:3, Funny)

      by kindbud ( 90044 )
      I conduct Penetration Testing and Vulnerability assesments for a living.

      That's why John Ashcroft will be needing a DNA sample from you.

  • My DNA? (Score:5, Insightful)

    by Papa Legba ( 192550 ) on Monday September 24, 2001 @05:50PM (#2343546)
    Why in the world would they need DNA. I am pretty sure that no where in the specs for DNS or IPv4 is it required that my genome sequence be part of the string being sent out.

    So, who wants to take bets that the RIAA get's copyright violaters termed as hackers?

  • Right now, the laws in this country have you by six degrees of separation. If anyone is determined enough, they can convict you and throw you away for life based on laws that reference laws that reference laws. . .

    This is a perfect example. Decrypting DVDs under the DMCA is circumvention. Circumvention is hacking. Hacking is now terrorism.

    Crack a copy of your new CD so you can have burned copies in your car instead of the originals (in case they get stolen), and you are now a terrorist.

    • Re:Six degrees of separation. (Score:5, Funny)

      by dillon_rinker ( 17944 ) on Monday September 24, 2001 @06:11PM (#2343758) Homepage
      Actually, criminal statutes have to be pretty explicit. You can't convict someone of a crime unless it's on the books. If goose-whacking is a crime, and you try but fail to whack a goose, they can't convict you of attempted goose-whacking, because there's no law against attempted goose-whacking. If you talk to people about your plans to whack a goose, they can't convict you of conspiracy to commit goose-whacking because there's no law against conspiring to goose-whack.

      Naturally, it takes a politically-connected DA about a month to remedy the situation, particularly if goose-whackers are a mostly misunderstood minority...

  • Now hang on just a sec... (Score:4, Redundant)

    by w3woody ( 44457 ) on Monday September 24, 2001 @05:51PM (#2343552) Homepage
    I don't mind increase survelance powers in order to fight terrorism. However, scrawling "I love you Crystal" or some such on some web page is not terrorism.

    This thing needs to at least be tempered by a clause which adds or defines criminal intent. That is, if hacking is done with the intent to destroy or disable the United States government and/or make actual acts of terrorism (such as blowing people up) easier, then throw the bastards in jail. But defacing some web site doesn't harm the United States government; it's just annoying as hell. And annoying doesn't deserve life in prison without the possibility of parole--especially since actually killing someone is what I would consider slightly more annoying, yet many types of murder don't get anywhere near life.
    • But defacing some web site doesn't harm the United States government

      I agree with this statement, unless you hack a major commerce site (the government's revenue source) or a major news site (the government's propaganda outlet). In either of those cases, you're actually threatening the government. The safest thing to do is probably to hack a government information website, since there's very little of value there and most likely no one will even see it for weeks.

      Bryguy

    • Re:Now hang on just a sec... (Score:5, Funny)

      by Surak ( 18578 ) <surak&mailblocks,com> on Monday September 24, 2001 @06:55PM (#2344150) Homepage Journal
      I don't mind increase survelance powers in order to fight terrorism. However, scrawling "I love you Crystal" or some such on some web page is not terrorism.

      I've said this before, but it's worth repeating. The laws that apply in the real world should apply in the cyber world.

      Defacing a web face is the same as spraying some grafitti on a wall. Stealing credit card numbers or private information is the same as theft. Bringing down a government web site is sabotage. These should be dealt with the same as they are in the real world.

      Defacing a web site is vandalism, and therefore should be treated as a misdemeanor. Stealing credit card numbers or private information would be a misdemeanor or a felony depending on how much was stolen and how much it's worth. Sabotage, deliberate, willful destruction of government property, including websites, *is* terrorism and should be dealt with as such.

      I don't see why this is so frickin' hard. :-)

  • Umm.. (Score:2)

    by nebby ( 11637 )
    Doesn't the CIA employ many, many crackers to bust into their stuff?
  • this would make def con illegal... a convention of terrorists giving information to each other.

    what next?

  • what about bugtraq? (Score:5, Interesting)

    by Bastian ( 66383 ) on Monday September 24, 2001 @05:52PM (#2343563)
    I don't know much about how this bill would be interpreted were it to come to law, but it seems to me that making security bugs known to the general public could be construed as giving advice to a hacker since, well, it alerts the general public to security problems.
    • I don't know much about how this bill would be interpreted were it to come to law, but it seems to me that making security bugs known to the general public could be construed as giving advice to a hacker since, well, it alerts the general public to security problems.

      Security sites often post code that can be used to exploit a particular hole, so that the hole can be better understood and more easily patched.

      What about tools like L0phtcrack [atstake.com]?

  • perversion (Score:5, Insightful)

    by nodrip ( 459776 ) on Monday September 24, 2001 @05:53PM (#2343571)
    This is a perversion of what Ashcroft requested. Hackers who attempt to disrupt key systems that are vital to protecting human life, for example the FAA's radar systems, are terrorists. And they are.

    • Re:perversion (Score:5, Insightful)

      by Tackhead ( 54550 ) on Monday September 24, 2001 @06:06PM (#2343705)
      > This is a perversion of what Ashcroft requested. Hackers who attempt to disrupt key systems that are vital to protecting human life, for example the FAA's radar systems, are terrorists. And they are.

      On that, we agree.

      Upon reading the draft bill, I'm not happy with all of the provisions in the bill, but I really don't see anything that says "guy with programming sk1llz == terrorist."

      I do see an expansion of The List Of Bad Things We Can Do To Felons (such as DNA sampling), but that's a far cry from "all [cr]ackers are terrorists", let alone "all Hackers are now terrorists and will have to give up DNA samples".

      Indeed, only crackers who attack "protected systems" (meaning .gov and .mil boxen - not the d00d who hax0rz the average web site) appear to be in line to get their asses handed to them on a silver platter under this Act, and those provisions I can support. (Hell, those are about the only provisions I'd support ;-)

      Earlier, I made a post that said "If you've got programming skills, get the hell outa here." I retract that post. This bill, while odious for many means, is not a declaration that American doesn't want its programmers anymore.

      Serves me right for replying to /. before reading the fscking article ;-)

      • CFAA Applies TO EVERY COMPUTER (Score:4, Informative)

        by werdna ( 39029 ) on Monday September 24, 2001 @11:47PM (#2345096) Journal
        Indeed, only crackers who attack "protected systems" (meaning .gov and .mil boxen - not the d00d who hax0rz the average web site) appear to be in line to get their asses handed to them on a silver platter under this Act, and those provisions I can support. (Hell, those are about the only provisions I'd support ;-)

        You are so wrong you can't believe it. The CFAA defines a "protected computer" to mean a computer that is used in interstate commerce. This means any computer connected to the internet or a modem.

        I have litigated CFAA civil actions, and I am here to tell you that virtually ANY unauthorized access where virtually ANY valuable information is received, or where ANY valuable data is modified or changed is quite arguably sufficient to lay down a prima facie case.

        This bill is as bad as you first thought it was.

    • Re:perversion (Score:5, Interesting)

      by -=OmegaMan=- ( 151970 ) on Monday September 24, 2001 @06:27PM (#2343906)
      No, it isn't.

      From the bill:

      "(19) `protected computer' has the meaning set forth in section 1030

      "(20) `computer trespasser' means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.";

      From Title 18 Chapter 47 Sec. 1030:

      (2) the term ''protected computer'' means a computer -

      (A) exclusively for the use of a financial institution or the
      United States Government, or, in the case of a computer not
      exclusively for such use, used by or for a financial
      institution or the United States Government and the conduct
      constituting the offense affects that use by or for the
      financial institution or the Government; or
      (B) which is used in interstate or foreign commerce or
      communication;

      Used in interstate or foreing communication? How many of you connect to machines and/or through machines without crossing state lines?

      Further from the bill:

      ""SS 25. Federal terrorism offense defined

      "As used in this title, the term `Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate-

      -snip-
      1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)
      -snip-

      Okay, so now *maliciously* breaking into basically any computer system is a terrorist act. Couple this with the rest of the increases in anti-terroism this bill contains, and you're doing *LIFE* in FEDERAL PRISON (aka "no parole") because your Anti-CodeRed Perl script took down some dipshit's enterprise server. Meanwhile child molestors get time off for good behavior.

      I don't think anyone thinks "computer crime" shouldn't be punished. Just not to this ridiculous degree.

  • So... (Score:2, Insightful)

    by gwillden ( 447979 )
    All those that detect and report security flaws in systems are terrorists because they comunicate these details to the Crackers (accidentally, but what does that have to do with it?).
    Bummer...
  • Does recommending LINUX count? Does Criticizing Windoze insecurities count? What about BugTraq?

  • hmmm (Score:2, Funny)

    by the_other_one ( 178565 )

    Microsoft regularly gives advice to hackers with this thing called the Knowlege Base.

    They even have a program (IIS) that aids hackers in break in attempts.

    Their new advertisement [theregister.co.uk] advocates the destruction of buildings.

    This is clearly one of the worst terror organizations

    The US and it's allies must take action

  • So now if script kiddi3s in the US, decide to deface chinese websites, the Chinese authorities could legitimately, accuse the US of harboring Terrorists???
  • Let's all remember that this guy lost an election to a corpse, please.

    Seriously, I'm afraid that this line of reasoning is only going to continue under the Bush administration.

    Anyone who violates the conservative faction's very narrow definition of legality and morality is going to face harsher and harsher penalties. It's the 'hackers' right now. I'll be charitable and say that that means anyone who illegally breaks into a computer system or network. It will be expanded in the very near future to include anyone who violates non-circumvention clause of the DMCA. Seriously, how far are those two apart?

    It can be reasonably argued that violating copy protections will put illegal technology or information in the hands of terrorists.

    The logical progression is pretty evident from that point on. Anyone caught breaking a copyright will be targeted, and then anyone who illegaly owns copyrighted material will be targeted.

    Hmmm... I wonder if I should encrypt the stash of Anime fansubs on my HDD. Wait, encryption is going to be illegal to! I'm a terroist either way!

    Congress will just keep passing laws to give Bush and Ashcroft what they want in the name of 'National Security'. Don't think for a second that they won't.

  • A backwards approach to legislation (Score:5, Interesting)

    by melquiades ( 314628 ) on Monday September 24, 2001 @05:59PM (#2343641) Homepage
    This act and the DMCA are eerily similar. Both seek to address particular historical circumstances and events (e.g. Napster, terrorist attacks). Both sets of circumstances are genuinely complex and problematic. And, in both cases, there were already perfectly adequate laws more general laws which address the particular situation. We already have laws to address copyright violation, and we already have laws to convict violent criminals, spies, and yes...even hackers.

    The DMCA and all these supposedly anti-terrorist laws, past and present, take a terribly backward approach to lawmaking. The best laws, like the best software, succeed on minimality and generality. Witness the excellent US constitution, which has been extremely effective considering how long it's been around. The constitution uses very broad terms -- "life", "property", "punishment", "vote" -- and very few specific terms. (Some parts are quite specific, like the quartering of soldiers bit. They seem very quaint now.)

    Laws, like software, tend to break if they are designed in specificity but used in generality. The trouble with these new laws is that they create all kinds of special cases and extra circumstances designed for a particular moment in history, which we'll have to support for decades or even centuries. The new terrorist laws, in a way, are like the 640k RAM limit -- they seem good enough for now, but in the future, they'll cripple and break all kinds of things.

    The difference is, in this case, it is our fundamental freedoms that are being to get crippled and broken. As always, please please please call your representatives and give them a piece of your mind. They are under a lot of pressure right now, and they need to hear from sensible people.
  • Does 2600 magazine qualify as an organization that gives advice to hackers, and would therefore be classified as a terrorist organization under this new bill?
  • Unfortunately, I can't read the actual article, because securityfocus is /.ed, so I'll have to go by the summary.

    abolish the statute of limitations for computer crime, retroactively...

    /me breaks out my copy of the US constitution...

    From Article I, section 9, paragraph 3:
    "No Bill of Attainder or ex post facto Law shall be passed".

    Ex Post Facto refers to laws having a retroactive effect, for those of you wondering.

    So, as always, IANAL, but this sure doesn't sound constitutional to me.

  • So murder is less of an offense than hacking? (Score:4, Insightful)

    by Ingenium13 ( 162116 ) <ingeniumNO@SPAMgmail.com> on Monday September 24, 2001 @06:03PM (#2343684) Homepage
    Basically, if this were to be passed, it would tell the public that cracking/hacking is considered to be worse than murder. They even go so far as to say that giving advice to a cracker/hacker can yield life in prison! Is it just me, or is something seriously wrong here? I could go off and murder somone and receive less of a punishment than someone who defaced a website, resulting in a few hours of repairs by the administrator and the fixing of a securty hole. I'm sorry, but that's just not right.
  • No pets allowed and no internet access allowed.
    We do not harbor terrorists!

    Am I dreaming or is this country really THE America?

  • Where disrupting business is a crime equivalent to murdering thousands.

    And the recording industry was happy because they convinced people that unauthorized duplication was somehow equivalent to theft of property or stealing from ships on the high seas. Well, I think this tops that!

    I think the USA should just take a tip from the Taliban and make all crimes punishable by death or corporeal punishment.

    And the message is clear. If you're a high school student thinking of hacking a bank web site and stealing credit card numbers, forget it, KILL THOUSANDS OF PEOPLE INSTEAD! You'll get the same punishment anyway, so do something more stylish!!
  • So what exactly IS hacking according to the ATA?(how ironic, it's a acrynoum, for a computer term) Seriously, how long before the DCMA is included in this? Will I face federal prosecution for telling a friend about gnutella because the program can be used for illegal stuff? Could CmdrTaco and CowboyNeal be dragged from their homes at 6 in the morning and sent to jail because Slashdot had posted a story that talks about the Microsoft security problem of the week, since that could be concieved as giving advice to hackers? I am writing my senators about this asking them to reject the overly broad terms of the ATA and computer 'hacking'. I hope a number of you do the same.

    -Henry

  • Does that include ... ? (Score:5, Funny)

    by Lumpish Scholar ( 17107 ) on Monday September 24, 2001 @06:15PM (#2343804) Homepage Journal
    Anyone making life easier for a "hacker" (cracker) could be sentenced to life without parole?

    Bill Gates had better pack his bags now! ("... the most cigarettes.")
  • ...or is securityfocus.com one of the slowest, ugliest websites anywhere?
  • I just want to know as anyone found any evidence of terrorists using anything "high tech" for WTC?

    The highest tech I have heard of is using email at Kinko's.

  • Not broad enough! (Score:5, Flamebait)

    by kindbud ( 90044 ) on Monday September 24, 2001 @06:35PM (#2343986) Homepage
    Testifying before the House Judiciary Committee, Ashcroft defended the proposal's definition of terrorism. "I don't believe that our definition of terrorism is so broad," said Ashcroft. "It is broad enough to include things like assaults on computers, and assaults designed to change the purpose of government."

    Seems like this bill needs to be broadened to include itself and John Ashcroft, both of whom seem hell-bent on changing the purpose of government.

  • List of contacts (Score:5, Informative)

    by GigsVT ( 208848 ) on Monday September 24, 2001 @06:36PM (#2343994) Journal

    Judiciary Committee List
    Name, party, state, phone, fax, e-mail.

    James Sensenbrenner, Chair, R-WI, (202) 225-5101,(202) 225-3190,sensen09@mail.house.gov
    Henry Hyde, R-IL, (202) 225-4561, (202) 225-1166.
    John Conyers Jr., D-MI, (202) 225-5126, (202) 225-0072,john.conyers@mail.house.gov
    George Gekas, R-PA, (202) 225-4315, (202) 225-8440, askgeorge@mail.house.gov
    Barney Frank, D-MA, (202) 225-5931, (202) 225-0182
    Howard Coble, R-NC, (202) 225-3065, (202) 225-8611, howard.coble@mail.house.gov
    Howard Berman, D-CA, (202) 225-4695, (202) 225-3196,Howard.Berman@mail.house.gov
    Lamar Smith, R-TX, (202) 225-4236, (202) 225-8628
    Rick Boucher, D-VA, (202) 225-3861, (202) 225-0442,ninthnet@mail.house.gov
    Elton Gallegly, R-CA, (202) 225-5811, (202) 225-1100
    Jerrold Nadler, D-NY, (202) 225-5635, (202) 225-6923, jerrold.nadler@mail.house.gov
    Bob Goodlatte, R-VA, (202) 225-5431, (202) 225-9681,talk2bob@mail.house.gov
    Bobby Scott, D-VA, (202) 225-8351, (202) 225-8354
    Steve Chabot, R-OH, (202) 225-2216, (202) 225-3012
    Mel Watt, D-NC, (202) 225-1510, (202) 225-1512, nc12.public@mail.house.gov
    Bob Barr, R-GA, (202) 225-2931, (202) 225-2944, barr.ga@mail.house.gov
    Zoe Lofgren, D-CA, (202) 225-3072, (202) 225-3336, zoe@lofgren.house.gov
    William Jenkins, R-TN, (202) 225-6356, (202) 225-5714
    Sheila Jackson Lee, D-TX, (202) 225-3816, (202)225-3317, tx18@lee.house.gov
    Christopher Cannon, R-UT, (202) 225-7751, (202)225-5629, cannon.ut03@mail.house.gov
    Maxine Waters, D-CA, (202) 225-2201, (202) 225-7854
    Lindsey Graham, R-SC, (202) 225-5301, (202) 225-3216
    Marty Meehan, D-MA, (202) 225-3411, (202) 226-0771, martin.meehan@mail.house.gov
    Spencer Bachus, R-AL, (202) 225-4921, (202) 225-2082
    William Delahunt, D-MA, (202) 225-3111, (202)225-5658, william.delahunt@mail.house.gov
    John Hostettler, R-IA, (202) 225-4636, (202)225-3284, john.hostettler@mail.house.gov
    Robert Wexler, D-FL, (202) 225-3001, (202) 225-5974
    Mark Green, R-WI, (202) 225-5665, (202) 225-5729, mark.green@mail.house.gov
    Tammy Baldwin, D-W, (202) 225-2906, (202) 225-6942, tammy.baldwin@mail.house.gov
    Ric Keller, R-FL, (202) 225-2176, (202) 225-0999
    Anthony David Weiner, D-NY, (202) 225-6616, (202)226-7253
    Darrell Issa, R-CA, (202) 225-3906, (202) 225-3303
    Adam Schiff, D-CA, (202) 225-4176, (202) 225-5828
    Melissa Hart, R-PA, (202) 225-2565, (202) 226-2274, melissa.hart@mail.house.gov
    Jeff Flake, R-AZ, (202) 225-2635, (202) 226-4386

  • So let's do something about it (Score:5, Informative)

    by GrouchoMarx ( 153170 ) on Monday September 24, 2001 @06:37PM (#2344007) Homepage
    OK, a lot of people are crying that the sky is falling, that the jack-booted Nazis are at the gates in Washington (both the East Coast one and the West Coast one), that the totalitarian Big Brother is at hand. Is it? Hell, I don't know, but I'd rather not find out. This is still a democracy, folks, that means YOU have power. Even between elections, you have power. Because politicians, whatever else they are interested in (money, power, actually helping people, getting blowjobs from secretaries), are interested first and foremost in one thing: Getting reelected. Make them think that if they pass something asinine and unconstitutional, that there WILL be repercussions. Yes, scare the bejebers out of your congressman/woman and senator.

    It takes TEN letters (dead tree letters, email gets deleted immediately) for a Senatorial office to open an issue. TEN. (According to Illinois Senator Dick Durban.) And regardless of the advertising and commercials that politicians raise huge war chests to fund, on election day it is YOUR VOTE that decides who ends up in DC. (East Coast, you have no say over the West Coast one.)

    I'd like to issue a call to everyone who posted something modded up to 3 or above: Write a letter to your representatives with the same level of intelligence and Interesting/Insightful content. Write it once and send it three times, once to your Congressperson, and once to each Senator. Fax it if you'd prefer. (Snail mail and fax are what they like the most.) Keep it to one page. Reference the Constitution. Refer to yourself with your most impressive title. (Professor, Ph.d, Senior Engineer, Graduate Student, Independent Developer) and as a registered voter. In the name of the Tux do not tell them that you don't vote, even if that's the case (in which case you should be ashamed of yourself). Then when the next election rolls around, ignore the commercials, take an hour to do your own research, and vote for the candidate that did not support revoking the 4th Amendment and violating Ex Post Facto. It works. (See also: Former Senator Alan Dixon)

    For those of you in countries outside of the US, the same applies to you. The Canadian, British, Australian, French, German, etc. governments are all popularly elected as well. (At least the active parts of the British government, anyway.) Politicians are the same everywhere. The same tactics apply. Use them. If you don't, you have no one to blame but yourselves.

  • We're already at the point where everything not prohibited is mandatory and there's no way you can go through your day-to-day life without breaking some law or other which may or may not be enforced arbitrairly against you. If our technological edge slides too far and the USA seems like it's in danger of becoming a third world country due to these stupid laws, I'll just move to some more sensible country.

    Of course Congress is also showing quite a bit of reason [cnn.com] in the face of Ashcroft's demands, too, so maybe calmer heads will prevail. Though I tend to be a glass-is-half-empty kind of guy when it comes to such things.

  • security through imprisonment. (Score:4, Funny)

    by _ph1ux_ ( 216706 ) on Monday September 24, 2001 @06:40PM (#2344028)
    John Ashcroft announced today that the NSA has devised a fool proof deterance to E-terrorism. The new method is called Security-Through-Imprisonment, or STI.

    The premise of STI is that civilian and military systems dont need to be secured, but instead laws need to be put in place that will require life sentances for so much as a failed telnet login attempt.

    In response to our questions Ashcroft had the following statement: "Everyone is aware that securing Microsoft products is as futile as the war-on-drugs(TM), so we decided that rather than attempting to fix the systems - we will just send these E-Terrorists to prison for life for their crimes against Freedom(R). It is important for us to protect-our-children's(TM - H. Clinton) future in the wake of this terrible tragedy. Our new policy is called "If you cant do the right thing, then just do something"

  • Sure, but what can we do? (Score:4, Insightful)

    by Rimbo ( 139781 ) <rimbosity@sbcglo[ ].net ['bal' in gap]> on Monday September 24, 2001 @06:46PM (#2344089) Homepage Journal
    Democracy is not a spectator sport. We have to get involved. Who do we write to? Who do we call? Who can we contact to see that this doesn't stand?
  • Is that for IT support staff that have really good skills, some activity may inadvertantly be redefined by others as 'hacking'. (For example, putting a screen saver on the computers in the computer lab.)

    That alone is scary enough, but now even stronger punishments, and treatment as what I am going to guess is a capital crime? Ouch. IT is looking even scarier.

    (Is scarier a word?)

  • This is nothing new... (Score:5, Insightful)

    by Hacker Cracker ( 204131 ) on Monday September 24, 2001 @06:54PM (#2344149)
    It's nothing more than the same old reactionary garbage legislation that's been coming down the pike. And it's not surprising that this is what congress has come up with either--after all, if it didn't work last year, then do more of it next year...

    As David Quinn put it quite eloquently:
    When the Israelites escaped from Egypt in the 13th century B.C., they were literally a lawless horde, because they'd left the Egyptian list of prohibitions behind. They needed their own list of prohibitions, which God provided--the famous ten. But of course ten didn't do it. Hundreds more followed, but they didn't do it either.

    No number has ever done it for us. Not a thousand, ten thousand, a hundred thousand. Even millions don't do it, and so every single year we pay our legislators to come up with more. But no matter how many prohibitions we come up with, they never do the trick, because no prohibited behavior has ever been eliminated by passing a law against it. Every time someone is sent to prison or executed, this is said to be "sending a message" to miscreants, but for some strange reason the message never arrives, year after year, generation after generation, century after century.

    Naturally, we consider this to be a very advanced system.
    Quite depressing, really. (The whole text can be found here [ishmael.com], BTW)

    But what can you expect when the whole world has bought into the idea that there is absolutely nothing that any one person can do to change things [ishmael.com]?

    -- Shamus

    Bleah!

  • Very disturbing, but not quite as bad as it seems. (Score:3, Informative)

    by Dr.Dubious DDQ ( 11968 ) on Monday September 24, 2001 @07:47PM (#2344412) Homepage

    The specific sections of "computer crime" law that appear to be reclassified as "terrorist acts" appear to be only:

    1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)

    Which are:

    • (a) Whoever -
      (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;[...]
    • (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
    • (5)
      (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
    • (Interestingly, they don't seem to include B and C under this act as "terrorism", which are similar to section A, and are almost identical to each other - I have no idea why they have them. "B" says "(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage;". C is word-for-word the same, except without the word "recklessly". ANy idea why they have them both?)
    • (7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section.
    In short, the only "computer crimes" listed as "terrorism" by this act are stealing US Gov't, Inc secrets by computer, maliciously hacking into a system with intent to steal valuables (aside from CPU cycles), and using threats of malicious computer hacking to extort.

    The only one that concerns me very much here is 5A - it seems like high-paid corporate lawyers could easy "prove" that for example, if 1337D00D@scriptkiddy.com maliciously hacks into www.microsoft.com and puts a link to his website on the index page, that he's obtained at least $5000 worth of advertisement...

    Come to think of it, I'm a little leery of the "or exceeds authorized access" bit in (4) - if one "accesses" a computer to purchase and legally download some proprietary "protected" piece of music or video, and finds a way to convert it to a nonproprietary format for personal use, has one "exceeded authorized access" and is therefore not merely a DMCA Criminal but a full-fledged DMCA Terrorist? It's a bit of a stretch, but I think a wealthy corporation can buy enough lawyer-approved powerpoint slides "proving" this to a non-technical jury...

  • NOT After Every Hacker (Score:4, Informative)

    by dragons_flight ( 515217 ) on Monday September 24, 2001 @08:41PM (#2344659) Homepage
    There are only 4 computer related offenses that would be designated under the ATA as "Federal terrorism offenses". Of these 4, the first deals solely with stealing or communicating classified information. The second requires the hacking be used for monetary or material gain beyond just gaining unauthorized access to the computer (unless access is valued over $5000). The third requires that one intentionally cause damage (exceeding $5000, in most cases) to a protected computer, where "protected computer" means US Government, financial institutions, interstate and foreign commerce and communications. The last involves threatening a computer system for purposes of extortion.

    This list hardly seems to encompass "most computer crimes". For instance merely accessing or stealing non-classified information is not a terrorist act. Nor does it include breaking encryption ala DMCA. Defacing websites is not a terrorist act unless the computer belongs to one of the above categories and changing the website results in nontrivial financial losses. Writing viruses/worms is not a terrorist act unless you intentionally use it in a way that damages "protected" computers. (From the wording, I wouldn't interpret this to include merely releasing it into the wild, but a judicial ruling would have to clarify that issue). The crimes they are signaling out are pretty significant stuff and not just any old act of hacking. Let's not further contribute to the FUD.


    What follows are excerpts of the laws in question:

    From The Anti-Terrorism Act of 2001 (Draft 2)
    http://www.eff.org/Privacy/Surveillance/20010919_a ta_bill.html [eff.org]

    Sec. 309: "...the term 'Federal terrorism offense' means a violation of, or an attempt or conspiracy to violate...1030(a)(1), (a)(4), (a)(5)(A), or (a)(7) (relating to protection of computers)..."

    From US Code Title 18, Section 1030
    http://www4.law.cornell.edu/uscode/18/1030.html [cornell.edu]

    (a)(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

    (a)(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

    (a)(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

    (a)(7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section

    Under the same Section, part (d)(e)(2) and (8): (2) the term "protected computer" means a computer -
    • (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
    • (B) which is used in interstate or foreign commerce or communication;
    (8) the term "damage" means any impairment to the integrity or availability of data, a program, a system, or information, that -
    • (A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals;
    • (B) modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals;
    • (C) causes physical injury to any person; or
    • (D) threatens public health or safety;

  • Shifting blame (Score:3, Insightful)

    by Animats ( 122034 ) on Tuesday September 25, 2001 @01:06AM (#2345285) Homepage
    All this looks like an attempt by Ashcroft to shift the blame for the FBI's failure to prevent terrorism. Remember, the FBI was under heavy criticism for dropping the ball in some important cases.

    Whistleblower protection with real teeth would be more effective in cleaning up inept government agencies. So would giving the federal Inspectors General the power to fire Federal employees. But no, Ashcroft's not asking for that.

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close