Congress Wants Longer Jail Sentences for Hackers

Members of Congress have published proposals that could result in longer prison sentences for hackers. The move has shocked some commentators who say existing laws are already too draconian.

The House Judiciary committee is looking to expand the Computer Fraud and Abuse Act (CFAA), an anti-hacking bill dating back to 1984.

Under the new proposals, damaging a computer after accessing it without authorization would carry a maximum 10-year prison term, double the current punishment. "Trafficking" passwords would also carry a 10-year penalty.

Hacking and damaging a "critical infrastructure computer" would become the most serious crime, with a maximum 30-year sentence. That would cover any machine that plays a vital role in areas such as power, transportation, and finance. (Source: slate.com)

In some cases, the sentences would apply equally to people who attempted hacking as to those who actually succeeded.

Hacking Could Be Treated As Racketeering

Under the new rules, hacking would become one of the offenses covered by the RICO laws on racketeering. That would mean leaders of hacker groups could be punished whenever the group had carried out two separate offenses, even if the leaders didn't physically perform the hacking. (Source: techdirt.com)

Under the RICO laws, a business that could show damage from hacking would be able to sue the hacking group and could potentially win damages of up to three times the actual financial losses caused by the attacks.

Critics of the proposals say that the existing law on such activity is already too tough. One of the big complaints against the Computer Fraud and Abuse Act is that it was originally designed to only apply to "protected computers" and that this should be a special category that meant only the most serious hacking would earn the maximum penalties.

However, the act is now very dated. The wording used to define "protected computers" means that today virtually any computer connected to the Internet comes into this category.

Existing Hacking Law Already Controversial

The CFAA was already coming under criticism in its current form after two controversial cases. Aaron Swartz, who helped develop the RSS system used in newsreader software and the news sharing site Reddit, took his own life after facing the prospect of a lengthy jail sentence.

Swartz had recently been arrested for hacking the Massachusetts Institute of Technology (MIT) network with the intention of making academic papers publicly available.

Meanwhile, Andrew 'Weev' Auernheimer received a 41-month jail sentence under the CFAA after finding an unprotected list of customer email addresses on an AT&T website and passing them on to a journalist. Auernheimer's supporters said this barely even qualified as hacking.