Grant Gross reports:
Congress may need to create stiffer penalties for criminal computer hacking to deter the growing number of attacks on U.S. government agencies and businesses, some lawmakers said Wednesday.
Congress may revisit the Computer Fraud and Abuse Act (CFAA), the oft-amended law first passed in 1984, in an effort to counter widespread cyberattacks on U.S. computers, said Rep. Jim Sensenbrenner, a Wisconsin Republican and chairman of the House Judiciary Committee’s crime subcommittee.
Read more on Computerworld. CFAA definitely needs revision – but not to increase penalties as much as exempting responsible disclosure and other acts that should not result in criminal prosecution or prison time.
You think? Like I said before and I will say it again. if your “stealing” from some one, be it in person or from behind the screen of a computer monitor, the punishment should be equal. Just like armed robbery of a bank; aggrevation is aggrevation, whether in person or from an alternate means. Throw the book at em ! Give the computer geek the same sentence as the pperson would get standing there at the teller with a knife or gun, in the case of a bank heist…… if you have a minimum MANDATORY sentence, it should be the same.
Put it in black and white. Draw out different severity levels with pretty accuarte descriptions. Include a cach-all for anything that doesn’t fit give a minimum mandatory sentence in each area.
There are plenty of data breach experts. There have been plenty of costs assocaited with the data breaches. The government needs to ASK FOR ASSISTANCE when it comes to writing rules that will affect businesses.
As a restitutional deterent, have the convited individuals pay restitution, and make it a lien. So if the “poor sap” gets out after 10 years in prison, and gets a job, a portion of every check is taken to pay back the company. Company go out of business? Then the funs are allocated towards a government sponsored “awareness” campaign.
The government, in my opinion is WAAAAAY to soft on what the “people” may say about something. Public pressure makes them back down and soften the edge of something that is critical. The crooks know this, and will CONTINUE to exploit the weak government verbage and “interpretations”.I am sure they accept the very mild punishment that MAY be served up – in some cases if the money trail cannot be found, so the person goes to jail – maybe – and rich(er) because of the act.
Some things you just have to drop heavy on the table and say, this is it. you don’t like it? Tough. Find something else to do in your spare time rather than wreak havoc on computer instruments that you do not physically have ownership of.
The problem with your statement is that people are being prosecuted for felonies when they haven’t stolen anything. For example, violating a site’s TOS by using a fake name or persona if a real name is required gets prosecuted (think of the Laurie Drew case). Aaron Swartz violated TOS but didn’t take anything he couldn’t have obtained anyway, one file at a time, and there’s no proof as to what he was doing with the files. Then there’s “weev,” who just got sentenced for detecting a security hole, downloading data, and sending the data to journalists as proof.
Should all of those cases be prosecuted as felonies with potentially long prison sentences? I don’t think so, but YMMV.