US government mulls crucifixion for hackers

The US, which tends to think stiff punishments are the cure for crime after the death penalty stopped all murders, is considering making hacking a more serious offence.

Apparently the move comes at the request of the White House, which wants harsher sentences for breaking into computer networks.

Obama has been giving Congress a Chinese burn to pass stronger cybersecurity measures, including a doubling of the maximum sentence for potentially endangering national security to 20 years.

Given that US prosecutors think that even getting access to a webpage could be considered endangering national security, we could see hacking getting some people jailed for longer than gun crime.

There is a lot of pressure on the government for a knee-jerk reaction to the recent cases of hacks on multinational companies and institutions, including Sony, Citigroup and the IMF.

Sony faces dozens of lawsuits related to the theft of consumer data from its Playstation network.

In that case most of the data was on insecure servers, so it looks like the government is going for the hackers rather than the companies who don’t bother with making sure their servers are hack proof. It is a bit like demanding that rain be arrested because a person could not be arsed to buy a raincoat.

James Lewis, of the Center for Strategic and International Studies think tank, told Reuters  that “hacktivists” made “a big mistake” in going after the public websites of the FBI and the CIA.

The current law is the Computer Fraud and Abuse Act which gives a 10-year prison sentences for breaking into a US government computer if national security is at stake. You get five years for breaking into a computer in order to steal, and one year for stealing a password to a financial institution or accessing a government computer to deface it.

The White House wants 20 years when national security is threatened, ten years for computer thefts up to $5,000 and three years for defacing a government computer.

Tougher sentences have not featured in any of the current cybersecurity legislation introduced or circulating in Congress. It would be nice to think that’s because common sense might have filtered through to the law makers.

Prosecutors have been hinting that the levels of punishment are fine, it is just that the cops can’t actually catch the really good cyber criminals.

This means that the people who face the tougher sentences will  likely be kids playing around with hacking software and forgetting to mask their IP addresses.