EU Cybercrime Bill Targets Anonymous: Makes It A Criminal Offense To Conduct 'Cyber Attack'

from the seems-a-bit-broad dept

While we're still sorting through the crazy cybersecurity bill proposals in the US, it appears that some in the EU are going through a similar process. The EU Parliament's "Civil Liberties Committee" has approved a legislative proposal concerning "cyber attacks," which appears to ramp up criminal penalties for all sorts of broadly defined activities. It even applies criminal penalties to a company if an employee hacks into a competitor's database (even if they weren't told to do it). But where it gets scary is when it appears to directly target "hactivism" like what Anonymous does. While we still think Anonymous' DDoS attacks are incredibly counterproductive, are they really criminal?
The Committee's proposals would make it a criminal offence to conduct cyber attacks on computer systems. Individuals would face at least two years in jail if served with the maximum penalty for the offence.

A maximum penalty of at least five years in jail could apply if "aggravating circumstances" or "considerable damage ... financial costs or loss of financial data" occurred, the Parliament said in a statement.

One aggravating circumstance in which the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks". Considerable damage may be said to have occurred through the disruption of system services, according to plans disclosed by the Parliament.
Even more ridiculous? Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer a criminal? This whole thing seems like a bad overreaction by politicians who are freaked out, but who clearly don't understand the technology in question.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: anonymous, cybercrime, european union, hactivism


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 4 Apr 2012 @ 3:50am

    And this is what we get for having laws pushed by hysterical media reports.
    Proposed by the clueless, and punishing everyone.

    Giving people power gives them brain damage, prove otherwise.

    link to this | view in chronology ]

    • identicon
      Lord Binky, 4 Apr 2012 @ 7:38am

      Re:

      Actually there are studies that show the more power someone has the less brainpower they put into their decisions. It's really sad that in the study I remember, just being told what your position of power was in the decision tree determined whether you decided based on data or shiny advertising like a three year old.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 3:50am

    And thus sets back European security research by decades

    Since of course "hacking tools" will be interpreted (at the first available) opportunity to include anything that they want it to include. It's only a matter of time until someone gets sent to prison for "ping" and "traceroute".

    Way to go, ignorant assholes.

    link to this | view in chronology ]

    • icon
      gorehound (profile), 4 Apr 2012 @ 5:18am

      Re: And thus sets back European security research by decades

      +1
      Revolution #9

      link to this | view in chronology ]

    • icon
      Machin Shin (profile), 4 Apr 2012 @ 5:45am

      Re: And thus sets back European security research by decades

      Well whats worse is what do you think network security guys use to make sure their network is secure? In order to secure a network you have to find the holes and to find the holes you use the same "hacker tools" the bad hackers use.

      So this law basically will make a criminal out of most network security professionals who will have to choose to be a criminal or change their job. They cannot do their job effectively without these tools and yet having them will be illegal.

      On the other hand the true hackers will throw a party and run wild. Suddenly every hackers greatest enemy has been shut down by the government because the destructive hackers don't care about the law.

      link to this | view in chronology ]

      • icon
        That Anonymous Coward (profile), 4 Apr 2012 @ 5:49am

        Re: Re: And thus sets back European security research by decades

        If you outlaw hacker tools only hackers will have... er wait...
        If you outlaw hacker tools people will be cracking systems with slide rules.

        link to this | view in chronology ]

    • identicon
      Silence8, 4 Apr 2012 @ 12:26pm

      Re: Because we all know the usual idiots are going to accuse Mike of supporting Anonymous attacks...

      The way I see the DDOS attacks is, they're the modern equivalent of picketing a business.

      Their business is disrupted for a short time, people get their message out. (Most times DDOS attacks are followed with twitter or facebook announcements as to why the attack occured)

      I get the idea behind the attacks, but it seems they're leading to a more, and more locked-down internet for the rest of us who don't participate in them, but protest these companies in our own ways.

      With that said, they seem like the kids are having fun, but it's all fun and games until the internet is no longer useful for the rest of us.

      link to this | view in chronology ]

  • icon
    felsby (profile), 4 Apr 2012 @ 3:54am

    Cannot wait to read about investigators facing encrypted drives: Give us the password so we can put you in jail!

    link to this | view in chronology ]

    • icon
      Machin Shin (profile), 4 Apr 2012 @ 6:26am

      Re:

      This has happened already, there have been some big debates over the legality of demanding a password from someone. In the US at least we are protected from being forced to say anything incriminating. So the question is does that cover me with holding my password.

      link to this | view in chronology ]

      • icon
        Watchit (profile), 4 Apr 2012 @ 8:41am

        Re: Re:

        I think there was one ruling where the judge said it was ok to force someone to give up a password for a computer.

        link to this | view in chronology ]

        • icon
          The Infamous Joe (profile), 4 Apr 2012 @ 9:49am

          Re: Re: Re:

          No, it's far more of a stretch than that. To route around the fifth amendment, the judge said the woman had to unencrypt the drive or face contempt of court charges, but since she wasn't actually telling anyone the password, she wasn't being forced to incriminate herself.

          link to this | view in chronology ]

          • icon
            That One Guy (profile), 4 Apr 2012 @ 4:03pm

            Re: Re: Re: Re:

            I'm confused...

            Giving up a password = the password protected stuff can now be accessed, where it couldn't be before.

            Unencrypting a HD = the encrypted stuff can now be accessed, where it couldn't be before.

            What kind of drugs was the judge on to think there is any difference at all between those two?

            link to this | view in chronology ]

    • icon
      Pwdrskir (profile), 4 Apr 2012 @ 7:05pm

      Re:

      Plead the 5th and ask for your lawyer.

      Why you should never talk to the police EVER video.
      http://www.youtube.com/watch?v=i8z7NC5sgik&feature=my_liked_videos&list=LLykP7pfCDlv 4ksMbbYzbR4A

      link to this | view in chronology ]

  • icon
    Jeremy Lyman (profile), 4 Apr 2012 @ 3:55am

    How can something be “no less than three if it exceeds six?” I mean, six’s still more than three, right?

    link to this | view in chronology ]

    • identicon
      Jareth Cutestory, 4 Apr 2012 @ 5:27am

      Re:

      I know right! That makes no sense. And did you know Justice is blind? I sure as heck didn't.

      link to this | view in chronology ]

  • icon
    PaulT (profile), 4 Apr 2012 @ 4:08am

    "the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks""

    How would this apply to zombie botnets, I wonder?

    "Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer a criminal?"

    That would be the logical conclusion for anyone who knows what they're talking about. I have Wireshark installed on my laptop, nmap and a live CD of Backtrack for diagnostics of my company network. Apparently I need to go to jail...

    link to this | view in chronology ]

    • icon
      That Anonymous Coward (profile), 4 Apr 2012 @ 4:22am

      Re:

      Assume the position and stay where you are, they will be arriving by black helicopter shortly.

      Soon we'll have cops dropping flash drives with hack tools on them to run sting operations on people who pick them up.

      link to this | view in chronology ]

  • icon
    Keii (profile), 4 Apr 2012 @ 4:20am

    It's a modern day witch hunt.

    "It has protruding wires, it must be a bomb!"

    "There are musics there, it must be illegal!"

    "I don't understand this piece of software, it must be a hack!"

    "You're pretty knowledgeable with computers, you must be fluent in every piece of software."

    link to this | view in chronology ]

  • identicon
    abc gum, 4 Apr 2012 @ 4:31am

    Write a hello world program?
    That's a tazing.

    link to this | view in chronology ]

  • identicon
    izzitme101, 4 Apr 2012 @ 4:35am

    prison time!

    I guess its time for everyone to just drop everything, and voluntarily walk to the nearest police station, and admit every crime we are all accused of.
    After making your statements, you can walk straight to the mearest prison, do not pass the dole office, do not collect 70 quid.

    link to this | view in chronology ]

  • icon
    Dionaea (profile), 4 Apr 2012 @ 4:37am

    "considerable damage ... financial costs or loss of financial data"

    And how the hell are they going to determine what considerable damage is? The copyright trolls think downloading a single song causes them thousands of dollars of damage and the scariest thing is that judges agree with them sometimes. How much are corporations going to claim for being taken offline or having a damaging message up for several hours? If you don't define the size of the stick they're allowed to use to beat people up they're gonna go for a trunk of a sequoia tree...

    link to this | view in chronology ]

    • icon
      That Anonymous Coward (profile), 4 Apr 2012 @ 4:55am

      Re: "considerable damage ... financial costs or loss of financial data"

      Buying legislation was cheaper than actually putting any security on their sites.
      This way they can just sue the bad actors for whatever losses are caused by their failure to protect data in their care.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 4:42am

    I like the part where you get more jail time if they have greater data loss. Make sure the company your attacking has good backups!

    link to this | view in chronology ]

  • icon
    Squig (profile), 4 Apr 2012 @ 4:58am

    How nice of them to give all Pirate Parties in Europe a big boost!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 5:42am

    and as per usual, everything that is detrimental to citizens or is done without the permission of citizens is ok. yet another law put into place by stupid old farts that have no fucking clue what the hell they are voting on, let alone for! about time for a complete change of age group in politics, letting the tech generation deal with things. if not, instead of making progress we will be regressing, not just stagnating.

    link to this | view in chronology ]

    • icon
      Chuck Norris' Enemy (deceased) (profile), 4 Apr 2012 @ 6:17am

      Re:

      You realize how screwed up our governments are when a Civil Liberties Committee is writing laws to take away civil liberties.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 6:10am

    Guyz

    I have wireshark and visual studio installed on my computer. I'm fucked aren't I?

    They're gonna come for me. :(

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 6:16am

    Hands need outlawing, too! And brains! ONLY ZOMBIES ARE SAFE FROM THE ABTI-HACKING BILL!!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 6:24am

    Oh, oh. What's this bill going to do to my Warcraft matches?

    - Peasants have hacking tools (for chopping down trees).
    - Orcs have hacking tools too (for chopping down peasants).
    - Considerable damage is happening all the time (it *is* war, after all), which, in turn, brings considerable financial loss (to your enemy, hopefully).
    - I tend to play with AI players. Does ganging up on the enemy together with the AI count as using "botnets specifically designed for large-scale attacks"?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 6:43am

    They are ABSOLUTELY criminal. As someone who champions the value of free speach and claims that removing content is a violation of constitutional rights you should be condemning ALL DOS attacks. The entire purpose of these attacks is to CENSOR websites. You complain about censorship when it's the government doing it but you don't think it is wrong when hackers do it? How can anyone take you seriously when you are so hypocritical.

    link to this | view in chronology ]

    • icon
      PaulT (profile), 4 Apr 2012 @ 6:51am

      Re:

      Whoosh!!!

      That was the sound of both Mike's opinion and the criticisms being made sailing above your head high enough to bring satellites out of orbit.

      SOP, of course.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Apr 2012 @ 8:11am

        Re: Re:

        I agree with you, but show your work. If you don't, you are as bad as the person you're whooshing.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Apr 2012 @ 8:41am

        Re: Re:

        No his criticisms are not because of the censoring but because he felt their actions are ineffective if not counter-productive. He never complained that the DOS attacks censor content.

        link to this | view in chronology ]

  • icon
    Overcast (profile), 4 Apr 2012 @ 6:47am

    Even more ridiculous? Merely "possessing... hacking software and tools" could lead to criminal charges.

    Define 'hacking software and tools'.

    The DOS prompt?
    Telnet?
    IP Scanners?
    Ethernet Sniffers?

    All of those - while being critical tools to 'hack' - are also have a quite legitimate and sometimes necessary role.

    I sweep subnets often at work looking for Remote Access Controllers since they don't register with DNS, and we don't use WINS.

    Ethernet Sniffers are sometimes the only way to track down rouge traffic on a LAN, situational, of course.

    And some of these tools are on just about every windows/linux install - so they need to arrest everyone with a computer.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2012 @ 7:25am

      Re:

      They are not critical tools to hack in and of themselves. Used in normal means, they are not hacking tools, any more than a hammer is a weapon. But if you use that hammer to start whacking people in the head, it becomes a weapon.

      You guys are way too literal for your own good sometimes.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Apr 2012 @ 7:38am

        Re: Re:

        You do realize that some of the tools that will be branded as hacking tools because they are "obviously" hacking tools (I'm looking at LOIC, here) actually do have practical uses? LOIC can be (and regularly is) used to stress test web servers.

        So while yes, claiming that this will outlaw ping is hyperbole, it's still an overreaching law written by those who know nothing about technology.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 Apr 2012 @ 8:15am

          Re: Re: Re:

          You do realize that some of the tools that will be branded as hacking tools because they are "obviously" hacking tools (I'm looking at LOIC, here) actually do have practical uses? LOIC can be (and regularly is) used to stress test web servers.


          Agreed. Also, pretty much anything considered a 'hacking tool' (including malware) can be and is used for stress testing and security audits.

          I'll even add another example for you. When Conficker was big, I infected a computer on my test network on purpose to test the removal tools for it. That way if it got past all of the safeguards that we put in place, I knew that I could remove it safely and effectively.

          link to this | view in chronology ]

          • icon
            Watchit (profile), 4 Apr 2012 @ 8:53am

            Re: Re: Re: Re:

            exactly, but there is no provision in the law that differentiates "hacking tools" and "hacking tools with a legitimate purpose". While the "intended purpose" of the law isn't to go after those legitimate uses, laws with the ability to be abused will be, and there is no denying that.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 4 Apr 2012 @ 11:41am

              Re: Re: Re: Re: Re:

              But it is not only tools that are affected. It might even chill legitimate research. Germany has the laws and because of that "A Bug Hunter's Diary" http://nostarch.com/bughunter.htm lack the actual exploits. And occasionally the exploits are necessary to convince and embarrass vendors if they claim a DOS instead of a arbitrary code execution.

              link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 6:58am

    These people are mentally deranged and need to be dispatched to the looney bin post haste.

    link to this | view in chronology ]

  • icon
    Robert (profile), 4 Apr 2012 @ 7:24am

    And when "law enforcement" does it?

    Is it still criminal when law enforcement does it? For example, will it be criminal for FBI or NSA or whoever it was to coordinate or pay a group from India to coordinate a DDoS against The Pirate Bay? Of course that was at the behest of Hollywood, but still.

    Or is it as usual, laws only apply to non-governmental groups (ie: everyone not on tax-payer payroll)?

    link to this | view in chronology ]

    • icon
      btr1701 (profile), 4 Apr 2012 @ 10:44am

      Re: And when "law enforcement" does it?

      > will it be criminal for FBI or NSA or whoever
      > it was to coordinate or pay a group from India
      > to coordinate a DDoS against The Pirate Bay?

      No.

      This is a proposed EU law. If passed, it will only apply to EU member countries. Since neither the US nor India are EU member countries, nothing they do will be criminalized under this law.

      link to this | view in chronology ]

      • identicon
        lol, 4 Apr 2012 @ 11:16am

        Re: Re: And when "law enforcement" does it?

        they will catch up. if theres one thing the US and india will never miss its a chance to screw people over.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 7:35am

    Is UK law written by private jails too? Making it illegal to own a computer with ping/tracert/telnet sounds like it'd be an easy way for them to make a few extra million.

    link to this | view in chronology ]

  • identicon
    Pete Austin, 4 Apr 2012 @ 7:42am

    Re: a hammer is not a weapon

    Try that argument the next time you fly somewhere, and take along your hammer. Please can you get a friend to video the reaction of the security guards when you use the words, "whacking people in the head".

    If something can plausibly be used as a weapon, police may treat it as a weapon - so, your opinion is interesting, but not the one that ultimately matters.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 4 Apr 2012 @ 4:20pm

      Re: Re: a hammer is not a weapon

      Problem with that is given just a little time you can use anything as a weapon, so attempting to outlaw something because it might would be used illegally would be downright impossible, as it would apply to almost anything and everything in existence.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 8:00am

    33.

    To further your analogy. No it is not about tools like hammers, more like tools like knives. The country where I live it is illegal to carry a knife in public places unless I have specific legal reason to, like carpenters are allowed to if they are working in a public place. Now regardless of my intent to use it to hurt someone with said knife I still run the risk of being jailed up to six months.

    This is a case where a tool like nmap would be classified as a cyber attack tool Possesion and/or distribution such a tool would carry to the risk iregardless of intent at least two years of jail time in a pound-you-in-the-ass prison.

    Read the comments from about the intent(under the header mens rea) part from EFF https://www.eff.org/sites/default/files/filenode/Submission-Parliament-Hacking-Tools-vf.pdf

    link to this | view in chronology ]

  • identicon
    Cowardly Anonymous, 4 Apr 2012 @ 8:40am

    Goodbye White hats

    Let's see here:

    1) White hat hackers driven away. Young hackers driven heavily towards black hat pursuits.

    2) Supply of new security professionals drys up. Supply of black hat hackers increases.

    3) Firesale/Nuke hack gets through the inadequate security.

    4) Chaos, death, destruction.

    5) Building a new world from the ashes, if anyone is left.


    Conclusion:
    Politicians are horrible strategists.

    link to this | view in chronology ]

    • icon
      Watchit (profile), 4 Apr 2012 @ 8:54am

      Re: Goodbye White hats

      They kids could be driven to gray hat pursuits as well, not exactly legal, but not exactly sinister either.

      link to this | view in chronology ]

  • icon
    Ninja (profile), 4 Apr 2012 @ 8:40am

    Cybersecurity has become the new child porn of the censorship advocates...

    link to this | view in chronology ]

  • identicon
    Ure O'Peanonion, 4 Apr 2012 @ 10:32am

    Regulation is going cancerous.

    Regulation is going cancerous.

    In the future the aforementioned cancer and its carriers will likely be targeted and eradicated.

    link to this | view in chronology ]

  • identicon
    lol, 4 Apr 2012 @ 10:40am

    so the EU is going to arrest the entire internet?
    im sure there terrified of the mean old politicians/possible pedophiles that wrote this.

    link to this | view in chronology ]

  • icon
    Tux (profile), 4 Apr 2012 @ 11:47am

    I use nmap, traceroute, ping, GCC, binutils, bash, lighttpd and SSH on a daily basis for legitimate reasons.

    I dare the government to arrest me since all of that is "hacker software".

    (If I need to check for holes in my config, I use nmap. If I need to test the network; ping/traceroute. Need to compile? GCC. Need to have a secure connection to a remote server? SSH and bash. IF I NEED A FUCKING WEB SERVER, I USE LIGHTTPD).

    ffs, seriously

    link to this | view in chronology ]

  • icon
    aldestrawk (profile), 4 Apr 2012 @ 12:28pm

    There was an incident in Britain, which already has a law similar to the CFAA in the US, where Glenn Mangham was sentenced several weeks ago to 8 months in jail for doing security research. He found a security vulnerability in Facebook and collected evidence (internal Facebook documents and code) to present to Facebook as proof of the vulnerability. Despite the judge in his case stating:

    "I acknowledge ... that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge that you never intended to make any financial gain for yourself from these offences,"

    he was found guilty and sentenced to jail time under Computer Misuse Act despite having no criminal intent associated with his actions. The EU Cybercrime bill not only would allow this kind of abuse across all of Europe, it would be worse than the CMA or the US CFAA.

    http://www.out-law.com/en/articles/2012/february/british-facebook-hacker-sentenced-to-eight -months-in-jail/

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2012 @ 1:05pm

      Re:

      Yeah, and the real question is. Does it make us as users safer? I don't think so.

      link to this | view in chronology ]

  • icon
    Wally (profile), 4 Apr 2012 @ 1:51pm

    Arrests

    When Anonymous attacks, there is a huge effort to stay anonymous....redundant sounding no? Making "cyber attacks" illegal means they have to find ways to arrest people they cannot even trace an IP address to.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2012 @ 3:00pm

    They are trying to build a police state like the us. More of your tax money hard at work.

    link to this | view in chronology ]

  • icon
    pesti (profile), 4 Apr 2012 @ 11:18pm

    Unrelated but ....not

    link to this | view in chronology ]

  • identicon
    MaXe, 11 Apr 2012 @ 5:33am

    Compromise Amendments

    I am still surprised to see these news almost 2 weeks after they initially hit the web, and even more surprised that people seems to either be unaware of the compromise amendments that doesn't criminalize whitehats / ethical hackers.

    You can read a debate along with the compromise amendment here:
    http://forum.intern0t.org/security-news-feeds/4177-update-existing-eu-cyber-law-makes-worse-g ood-guys.html

    (The compromise amendment comes directly from the Europa Parlament)

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.