The US has just enacted a new bill allowing judges to send ‘malicious hackers’ to jail for life.
The horrific addition of yet more unchecked invasion-of-privacy powers aside, I’m quite concerned by the sudden equation of hacking and premeditated murder. I suppose the crux of the argument comes in defining what exactly ‘malicious’ entails. Should this hacking cause loss of life, then perhaps life imprisonment is in order (although I suspect numerous manslaughter/murder charges might take precedent). If the result of malicious hacking is the closing of a major North American corporation, the penalty should be no different than say, fraud in the vein of Tyco, Adelphia, WorldCom, Enron (etc, etc) – that is apparently not too much. This feels like particularly reactionary legislation to me. Hacking should quite legitimately be a crime – it’s no different than breaking and entering, petty theft, etc for the most part, and should be treated as such. If it becomes grand theft, treat it as such. If it is industrial sabotage, treat it as such.
I think my issue is with special legislation for hacking in particular – every type of hack can be equated with a physical counterpart. Why not charge someone with that crime? Simply be sure to include ‘hacking’ (and be sure to define what is meant by that) into the list of possible ways said crime could be committed.