EU Cybercrime Bill Targets Anonymous: Makes It A Criminal Offense To Conduct 'Cyber Attack'
from the seems-a-bit-broad dept
While we're still sorting through the crazy cybersecurity bill proposals in the US, it appears that some in the EU are going through a similar process. The EU Parliament's "Civil Liberties Committee" has approved a legislative proposal concerning "cyber attacks," which appears to ramp up criminal penalties for all sorts of broadly defined activities. It even applies criminal penalties to a company if an employee hacks into a competitor's database (even if they weren't told to do it). But where it gets scary is when it appears to directly target "hactivism" like what Anonymous does. While we still think Anonymous' DDoS attacks are incredibly counterproductive, are they really criminal?The Committee's proposals would make it a criminal offence to conduct cyber attacks on computer systems. Individuals would face at least two years in jail if served with the maximum penalty for the offence.Even more ridiculous? Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer a criminal? This whole thing seems like a bad overreaction by politicians who are freaked out, but who clearly don't understand the technology in question.
A maximum penalty of at least five years in jail could apply if "aggravating circumstances" or "considerable damage ... financial costs or loss of financial data" occurred, the Parliament said in a statement.
One aggravating circumstance in which the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks". Considerable damage may be said to have occurred through the disruption of system services, according to plans disclosed by the Parliament.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymous, cybercrime, european union, hactivism
Reader Comments
Subscribe: RSS
View by: Time | Thread
Proposed by the clueless, and punishing everyone.
Giving people power gives them brain damage, prove otherwise.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
And thus sets back European security research by decades
Way to go, ignorant assholes.
[ link to this | view in chronology ]
Re: And thus sets back European security research by decades
Revolution #9
[ link to this | view in chronology ]
Re: And thus sets back European security research by decades
So this law basically will make a criminal out of most network security professionals who will have to choose to be a criminal or change their job. They cannot do their job effectively without these tools and yet having them will be illegal.
On the other hand the true hackers will throw a party and run wild. Suddenly every hackers greatest enemy has been shut down by the government because the destructive hackers don't care about the law.
[ link to this | view in chronology ]
Re: Re: And thus sets back European security research by decades
If you outlaw hacker tools people will be cracking systems with slide rules.
[ link to this | view in chronology ]
Because we all know the usual idiots are going to accuse Mike of supporting Anonymous attacks...
Now, I've been very clear since Anonymous started this effort -- shutting down various websites using what is effectively crowdsourced distributed denial of service attacks -- that I think the strategy is really dumb.
I think that denial of service attacks are a pretty dumb idea.
I've been on record for a while now that I think the strategy of doing DDoS attacks on websites that people don't like is a bad idea, that will lead to backlash.
[ link to this | view in chronology ]
Re: Because we all know the usual idiots are going to accuse Mike of supporting Anonymous attacks...
Their business is disrupted for a short time, people get their message out. (Most times DDOS attacks are followed with twitter or facebook announcements as to why the attack occured)
I get the idea behind the attacks, but it seems they're leading to a more, and more locked-down internet for the rest of us who don't participate in them, but protest these companies in our own ways.
With that said, they seem like the kids are having fun, but it's all fun and games until the internet is no longer useful for the rest of us.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Giving up a password = the password protected stuff can now be accessed, where it couldn't be before.
Unencrypting a HD = the encrypted stuff can now be accessed, where it couldn't be before.
What kind of drugs was the judge on to think there is any difference at all between those two?
[ link to this | view in chronology ]
Re:
Why you should never talk to the police EVER video.
http://www.youtube.com/watch?v=i8z7NC5sgik&feature=my_liked_videos&list=LLykP7pfCDlv 4ksMbbYzbR4A
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
How would this apply to zombie botnets, I wonder?
"Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer a criminal?"
That would be the logical conclusion for anyone who knows what they're talking about. I have Wireshark installed on my laptop, nmap and a live CD of Backtrack for diagnostics of my company network. Apparently I need to go to jail...
[ link to this | view in chronology ]
Re:
Soon we'll have cops dropping flash drives with hack tools on them to run sting operations on people who pick them up.
[ link to this | view in chronology ]
"It has protruding wires, it must be a bomb!"
"There are musics there, it must be illegal!"
"I don't understand this piece of software, it must be a hack!"
"You're pretty knowledgeable with computers, you must be fluent in every piece of software."
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
That's a tazing.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
prison time!
After making your statements, you can walk straight to the mearest prison, do not pass the dole office, do not collect 70 quid.
[ link to this | view in chronology ]
"considerable damage ... financial costs or loss of financial data"
[ link to this | view in chronology ]
Re: "considerable damage ... financial costs or loss of financial data"
This way they can just sue the bad actors for whatever losses are caused by their failure to protect data in their care.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Guyz
They're gonna come for me. :(
[ link to this | view in chronology ]
[ link to this | view in chronology ]
- Peasants have hacking tools (for chopping down trees).
- Orcs have hacking tools too (for chopping down peasants).
- Considerable damage is happening all the time (it *is* war, after all), which, in turn, brings considerable financial loss (to your enemy, hopefully).
- I tend to play with AI players. Does ganging up on the enemy together with the AI count as using "botnets specifically designed for large-scale attacks"?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
That was the sound of both Mike's opinion and the criticisms being made sailing above your head high enough to bring satellites out of orbit.
SOP, of course.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Define 'hacking software and tools'.
The DOS prompt?
Telnet?
IP Scanners?
Ethernet Sniffers?
All of those - while being critical tools to 'hack' - are also have a quite legitimate and sometimes necessary role.
I sweep subnets often at work looking for Remote Access Controllers since they don't register with DNS, and we don't use WINS.
Ethernet Sniffers are sometimes the only way to track down rouge traffic on a LAN, situational, of course.
And some of these tools are on just about every windows/linux install - so they need to arrest everyone with a computer.
[ link to this | view in chronology ]
Re:
You guys are way too literal for your own good sometimes.
[ link to this | view in chronology ]
Re: Re:
So while yes, claiming that this will outlaw ping is hyperbole, it's still an overreaching law written by those who know nothing about technology.
[ link to this | view in chronology ]
Re: Re: Re:
Agreed. Also, pretty much anything considered a 'hacking tool' (including malware) can be and is used for stress testing and security audits.
I'll even add another example for you. When Conficker was big, I infected a computer on my test network on purpose to test the removal tools for it. That way if it got past all of the safeguards that we put in place, I knew that I could remove it safely and effectively.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
https://www.eff.org/sites/default/files/filenode/Submission-Parliament-Hacking-Tools-vf.pdf
[ link to this | view in chronology ]
And when "law enforcement" does it?
Or is it as usual, laws only apply to non-governmental groups (ie: everyone not on tax-payer payroll)?
[ link to this | view in chronology ]
Re: And when "law enforcement" does it?
> it was to coordinate or pay a group from India
> to coordinate a DDoS against The Pirate Bay?
No.
This is a proposed EU law. If passed, it will only apply to EU member countries. Since neither the US nor India are EU member countries, nothing they do will be criminalized under this law.
[ link to this | view in chronology ]
Re: Re: And when "law enforcement" does it?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: a hammer is not a weapon
If something can plausibly be used as a weapon, police may treat it as a weapon - so, your opinion is interesting, but not the one that ultimately matters.
[ link to this | view in chronology ]
Re: Re: a hammer is not a weapon
[ link to this | view in chronology ]
To further your analogy. No it is not about tools like hammers, more like tools like knives. The country where I live it is illegal to carry a knife in public places unless I have specific legal reason to, like carpenters are allowed to if they are working in a public place. Now regardless of my intent to use it to hurt someone with said knife I still run the risk of being jailed up to six months.
This is a case where a tool like nmap would be classified as a cyber attack tool Possesion and/or distribution such a tool would carry to the risk iregardless of intent at least two years of jail time in a pound-you-in-the-ass prison.
Read the comments from about the intent(under the header mens rea) part from EFF https://www.eff.org/sites/default/files/filenode/Submission-Parliament-Hacking-Tools-vf.pdf
[ link to this | view in chronology ]
Goodbye White hats
1) White hat hackers driven away. Young hackers driven heavily towards black hat pursuits.
2) Supply of new security professionals drys up. Supply of black hat hackers increases.
3) Firesale/Nuke hack gets through the inadequate security.
4) Chaos, death, destruction.
5) Building a new world from the ashes, if anyone is left.
Conclusion:
Politicians are horrible strategists.
[ link to this | view in chronology ]
Re: Goodbye White hats
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Regulation is going cancerous.
In the future the aforementioned cancer and its carriers will likely be targeted and eradicated.
[ link to this | view in chronology ]
im sure there terrified of the mean old politicians/possible pedophiles that wrote this.
[ link to this | view in chronology ]
I dare the government to arrest me since all of that is "hacker software".
(If I need to check for holes in my config, I use nmap. If I need to test the network; ping/traceroute. Need to compile? GCC. Need to have a secure connection to a remote server? SSH and bash. IF I NEED A FUCKING WEB SERVER, I USE LIGHTTPD).
ffs, seriously
[ link to this | view in chronology ]
"I acknowledge ... that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge that you never intended to make any financial gain for yourself from these offences,"
he was found guilty and sentenced to jail time under Computer Misuse Act despite having no criminal intent associated with his actions. The EU Cybercrime bill not only would allow this kind of abuse across all of Europe, it would be worse than the CMA or the US CFAA.
http://www.out-law.com/en/articles/2012/february/british-facebook-hacker-sentenced-to-eight -months-in-jail/
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Arrests
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Unrelated but ....not
http://www.guardian.co.uk/commentisfree/2012/apr/04/national-liberty-counter-terrori sm-secret-courts
[ link to this | view in chronology ]
Compromise Amendments
You can read a debate along with the compromise amendment here:
http://forum.intern0t.org/security-news-feeds/4177-update-existing-eu-cyber-law-makes-worse-g ood-guys.html
(The compromise amendment comes directly from the Europa Parlament)
[ link to this | view in chronology ]