UK Plans To Bring In Life Sentences For 'Serious Cyberattacks'

from the because-terrorism dept

At the official State Opening of the UK Parliament, the Queen makes a speech in which she lays out what the UK government hopes to achieve in the new legislative session. It's one of the quainter British ceremonies -- BuzzFeed has a good summary of just how quaint -- but the one-line statements of intent can mask some very far-reaching plans. This year, for example, the Queen's Speech contained the following item :
A serious crime Bill will be brought forward to tackle child neglect, disrupt serious organised crime and strengthen powers to seize the proceeds of crime.
The Guardian has more details of one particular measure the serious crime Bill will contain:
Any hackers that manage to carry out "cyberattacks which result in loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof" would face the full life sentence, according to the serious crime bill proposed in Wednesday's Queen's speech.

As well as targeting cyberterrorists, the new offence in the proposed update to the Computer Misuse Act [CMA] 1990 would also hand harsher sentences to those hackers carrying out industrial espionage, believed to be a growing menace affecting UK business.

The law would have a maximum sentence of 14 years for attacks that create "a significant risk of severe economic or environmental damage or social disruption". Currently, the section of the CMA covering such an offence carries a 10-year sentence.
Much of this is the kind of activity carried out in the form of attacks sponsored by governments outside the UK -- or, as in the case of the NSA, directly by those governments. Despite the recent grandstanding by the US when it filed criminal charges against members of the Chinese military whom it accuses of espionage, there is little hope of ever persuading the main players to hand over their citizens for trial, so the new UK law will be largely ineffectual against the most serious threats.

But there is a real danger in the "or significant risk, thereof" part, since that gives the UK authorities huge scope to claim -- as they have in other contexts -- that some online action "risked" some terrible outcome, even though nothing actually happened. Things are made worse by the fact that there is no public interest defense or exemption for research. As the Guardian notes:

The government has also not addressed complaints over the application of current computer crime law, which some in the security industry claim actually makes the internet less safe.

This is because certain kinds of research could be deemed illegal. Experts known as penetration testers, who look for weaknesses in internet infrastructure, often carry out similar actions to real cybercriminals in their attempts to improve the security of the web, such as scanning for vulnerabilities.

But such research is punishable under British law, even if it is carried out for altruistic ends, leaving potential weaknesses unresolved, critics of the CMA said.
What this means is that while it will fail to tackle the most serious online attacks, and chill research into security flaws, the proposed Bill will conveniently allow the UK government to target groups like Anonymous who carry out high-profile but relatively harmless actions over the Net. This section of the proposed Bill is really about the UK government bolstering its already disproportionate powers to throttle online protests by characterizing them as "serious cyberattacks", and threatening to impose life sentences on anyone involved.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cfaa, computer misuse act, cyberattacks, cybersecurity, hacking, sentencing, uk


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Josh in CharlotteNC (profile), 9 Jun 2014 @ 8:34am

    Crash 0veride would not be impressed.

    link to this | view in thread ]

  2. icon
    silverscarcat (profile), 9 Jun 2014 @ 9:00am

    There's only one thing left to do...

    Disconnect the entire UK government from the internet.

    Or send them rotten bananas.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 9 Jun 2014 @ 10:09am

    > strengthen powers to seize the proceeds of crime

    Ah but of course. I assume they want to be in line with US where "crime pays"...for the police.

    link to this | view in thread ]

  4. identicon
    Michael, 9 Jun 2014 @ 10:09am

    My new title

    Experts known as penetration testers

    Ordering my new business cards right now: "Expert Penetration Tester"

    I need to have t-shirts made up.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 9 Jun 2014 @ 10:12am

    Just insert the word "cyber" and out goes reasonable law making. Should we call the "cybergrandstanding" or maybe "cyberfascism"!

    link to this | view in thread ]

  6. identicon
    Trevor, 9 Jun 2014 @ 10:15am

    Well

    ...or a significant risk thereof

    There you have it. No ACTUAL harm needed. Just a "significant risk."

    How soon do you think it'll be applied to people like Snodwn, Manning, et al?

    "Leaking information regarding anti-terror efforts (mass surveillance) has the significant risk of jeopardizing the lives of operatives and citizens! LIFE."

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 9 Jun 2014 @ 10:18am

    Re: Well

    How soon? They already are... these guys just seem to be making it a little more official if someone actually decided to go and read the books.

    link to this | view in thread ]

  8. icon
    Richard (profile), 9 Jun 2014 @ 10:21am

    NSA

    harsher sentences to those hackers carrying out industrial espionage

    I await with interest the extradition requests for NSA operatives to be sent to the UK for trial...

    link to this | view in thread ]

  9. identicon
    Applesauce, 9 Jun 2014 @ 10:21am

    Exception

    I expect there will be a provision to exempt employees of GHCQ and their NSA co-conspirators, of course.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 9 Jun 2014 @ 10:23am

    When your business is spying the last thing you want is someone fixing things so you have to work at it. Best way is to make a law that claims to be for one thing but is actually for something else.

    So while the general public is wide open to cybercriminals without any method to cure the intrusions, the spying agencies are setup pretty cozy.

    link to this | view in thread ]

  11. icon
    Ramon Creager (profile), 9 Jun 2014 @ 10:32am

    Laws are for the little people


    A serious crime Bill will be brought forward to tackle child neglect, disrupt serious organised crime and strengthen powers to seize the proceeds of crime.


    One can bet that this doesn't apply to the City bankers who robbed us all blind, despite the "serious" label. This bill is all about keeping the unwashed masses in their place.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 9 Jun 2014 @ 10:39am

    It looks like a race between the UK and the US to be the first to pass a we can put you in jail just because we want to act. Political opposition using a computer would achieve this, and they are running towards it, with anti-terrorism and anti-hacking acts.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 9 Jun 2014 @ 10:40am

    Re:

    If the MAFIAA get their way they will add the word Cyber in front of Copyright Infringement for all copyright infringement conducted on the internet to distinguish from the copyright infringement that is conducted without a computer/internet and then will insist on a lifetime sentence given to each and every offender of Cyber Copyright Infringement conducted. God help us all if that should ever happen.

    link to this | view in thread ]

  14. identicon
    Michael, 9 Jun 2014 @ 10:41am

    Re:

    Isn't that already called the Patriot Act in the US?

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 9 Jun 2014 @ 11:16am

    Re: My new title

    "Expert Penetration Tester"

    Yea, thats what she said!

    link to this | view in thread ]

  16. identicon
    zip, 9 Jun 2014 @ 11:37am

    "... or a significant risk thereof"

    The most problematic part of this upcoming law are the weasel words "... or a significant risk thereof."

    How would it feel to spend the rest of your life in prison for a harmless prank that didn't injure anyone, didn't damage any property, and didn't harm national security -- just because the government argues that it "might have"?

    This will in effect give the government immense power to charge anyone with anything, basically making up laws on the fly, and charging people with crimes that never happened, but simply "might have."

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 9 Jun 2014 @ 11:42am

    the UK has gotten this idea from the USA, just as it has gotten the desire to block web sites and introduce censorship. from the USA as well is the desire to do all it possibly can to keep the entertainment industry going, using the 'to protect the children' as the excuse to put the censorship in place. you can bet as well that there will be trumped up and jumped up charges, again as in the USA, just so as to be able to put out the most harsh of sentences for the slightest of convictions

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:00pm

    Calm down, dont worry folks, bring your blood pressure down, its ok son, shhhhhh, you can still hack if your intention is to spy.......see, didnt that make you better

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:04pm

    Hiprocasy does not compute

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:05pm

    Re: There's only one thing left to do...

    Yes, but to all governments

    link to this | view in thread ]

  21. icon
    John Fenderson (profile), 9 Jun 2014 @ 12:09pm

    Re:

    Yup. Use of the prefix "cyber-" indicates, almost without exception, that what is being discussed is bullshit.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:21pm

    Not so much "strengthening powers" more so to ignore and circumvent restraints, CURRENT "LAW", put in place in agreement between a people and its government............the art of lying without lieing, they have had generations to become experts

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:22pm

    Re:

    The human experiment

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:24pm

    Re: My new title

    You should oredr the "raping the people" version

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:27pm

    Re: Well

    Moral of the story
    Start censoring your thoughts folks, or big brother will get you

    And they lived happilly ever after

    link to this | view in thread ]

  26. identicon
    Androgynous Cowherd, 9 Jun 2014 @ 12:27pm

    The Snowden Clause

    Any hackers that manage to carry out "cyberattacks which result in loss of life, serious illness or injury or serious damage to national security...


    Ah, that must be the Snowden Clause. So if anyone defects from GCHQ with a bunch of documents, they can throw the book at her.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:28pm

    Re: Exception

    Nahhhhhh

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 9 Jun 2014 @ 12:29pm

    Re:

    Hammer........head

    link to this | view in thread ]

  29. icon
    That One Guy (profile), 9 Jun 2014 @ 1:02pm

    Re: Exception

    Why go through the extra trouble, they're already immune to the current laws, it's not like they'd have to obey any future laws.

    link to this | view in thread ]

  30. icon
    That One Guy (profile), 9 Jun 2014 @ 1:07pm

    Re: The Snowden Clause

    I was wondering if anyone else caught that.

    By throwing in 'damage to national security', they can threaten any whistleblower with a life sentence for publishing any leaked documents, making exposing government abuse of power or illegal actions carried out by them a more serious crime than accidentally killing someone or crashing the economy.

    link to this | view in thread ]

  31. icon
    DannyB (profile), 9 Jun 2014 @ 2:50pm

    Re:

    Acid Burn would just change the parameters in the URL, which would constitute a real cyberattack.

    link to this | view in thread ]

  32. identicon
    David, 9 Jun 2014 @ 9:17pm

    Re: "... or a significant risk thereof"

    That was pretty much the purported offense giving the UK an excuse to hold and search Greenwald's husband for 10 hours at Heathrow without any kind of proper process.

    Next time, he'll get a life sentence.

    link to this | view in thread ]

  33. identicon
    David, 9 Jun 2014 @ 9:19pm

    Re: Re: The Snowden Clause

    Crashing the economy is not a crime, in particular if it is done in honest greed.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 9 Jun 2014 @ 9:40pm

    Re: Re: Re: The Snowden Clause

    Depends upon how you do it and what social class you are in. If in reference to the recent past, I think there was a bit of corruption, fraud and conspiracy involved. AFAIK, those are all still illegal in lower court, but apparently a-ok in high court.

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 10 Jun 2014 @ 1:55am

    >serious damage to national security

    Translation: Damage the UK's reputation

    That said, I wonder how vague the term "cybercrime" is. Then again, it's the UK, so it's going to be very vague.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 10 Jun 2014 @ 5:22am

    So any imagined violation performed with the help of a communication device and/or electronics can now lead to a life sentence.

    "You, writing those emails commenting on our politics, pose a risk to national security"

    "Nice" that they will add civil/criminal forfeiture to this. Never to late to get some good stuff from the people.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 10 Jun 2014 @ 5:53am

    Re: My new title

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 14 Jun 2014 @ 8:48am

    Cyberbullshit.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.