EU Cybercrime Bill Targets Anonymous: Makes It A Criminal Offense To Conduct 'Cyber Attack'

from the seems-a-bit-broad dept

While we're still sorting through the crazy cybersecurity bill proposals in the US, it appears that some in the EU are going through a similar process. The EU Parliament's "Civil Liberties Committee" has approved a legislative proposal concerning "cyber attacks," which appears to ramp up criminal penalties for all sorts of broadly defined activities. It even applies criminal penalties to a company if an employee hacks into a competitor's database (even if they weren't told to do it). But where it gets scary is when it appears to directly target "hactivism" like what Anonymous does. While we still think Anonymous' DDoS attacks are incredibly counterproductive, are they really criminal?
The Committee's proposals would make it a criminal offence to conduct cyber attacks on computer systems. Individuals would face at least two years in jail if served with the maximum penalty for the offence.

A maximum penalty of at least five years in jail could apply if "aggravating circumstances" or "considerable damage ... financial costs or loss of financial data" occurred, the Parliament said in a statement.

One aggravating circumstance in which the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks". Considerable damage may be said to have occurred through the disruption of system services, according to plans disclosed by the Parliament.
Even more ridiculous? Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer a criminal? This whole thing seems like a bad overreaction by politicians who are freaked out, but who clearly don't understand the technology in question.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    That Anonymous Coward (profile), Apr 4th, 2012 @ 3:50am

    And this is what we get for having laws pushed by hysterical media reports.
    Proposed by the clueless, and punishing everyone.

    Giving people power gives them brain damage, prove otherwise.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Lord Binky, Apr 4th, 2012 @ 7:38am

      Re:

      Actually there are studies that show the more power someone has the less brainpower they put into their decisions. It's really sad that in the study I remember, just being told what your position of power was in the decision tree determined whether you decided based on data or shiny advertising like a three year old.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 3:50am

    And thus sets back European security research by decades

    Since of course "hacking tools" will be interpreted (at the first available) opportunity to include anything that they want it to include. It's only a matter of time until someone gets sent to prison for "ping" and "traceroute".

    Way to go, ignorant assholes.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      gorehound (profile), Apr 4th, 2012 @ 5:18am

      Re: And thus sets back European security research by decades

      +1
      Revolution #9

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Machin Shin (profile), Apr 4th, 2012 @ 5:45am

      Re: And thus sets back European security research by decades

      Well whats worse is what do you think network security guys use to make sure their network is secure? In order to secure a network you have to find the holes and to find the holes you use the same "hacker tools" the bad hackers use.

      So this law basically will make a criminal out of most network security professionals who will have to choose to be a criminal or change their job. They cannot do their job effectively without these tools and yet having them will be illegal.

      On the other hand the true hackers will throw a party and run wild. Suddenly every hackers greatest enemy has been shut down by the government because the destructive hackers don't care about the law.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        That Anonymous Coward (profile), Apr 4th, 2012 @ 5:49am

        Re: Re: And thus sets back European security research by decades

        If you outlaw hacker tools only hackers will have... er wait...
        If you outlaw hacker tools people will be cracking systems with slide rules.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Silence8, Apr 4th, 2012 @ 12:26pm

      Re: Because we all know the usual idiots are going to accuse Mike of supporting Anonymous attacks...

      The way I see the DDOS attacks is, they're the modern equivalent of picketing a business.

      Their business is disrupted for a short time, people get their message out. (Most times DDOS attacks are followed with twitter or facebook announcements as to why the attack occured)

      I get the idea behind the attacks, but it seems they're leading to a more, and more locked-down internet for the rest of us who don't participate in them, but protest these companies in our own ways.

      With that said, they seem like the kids are having fun, but it's all fun and games until the internet is no longer useful for the rest of us.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    felsby (profile), Apr 4th, 2012 @ 3:54am

    Cannot wait to read about investigators facing encrypted drives: Give us the password so we can put you in jail!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Jeremy Lyman (profile), Apr 4th, 2012 @ 3:55am

    How can something be “no less than three if it exceeds six?” I mean, six’s still more than three, right?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    PaulT (profile), Apr 4th, 2012 @ 4:08am

    "the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks""

    How would this apply to zombie botnets, I wonder?

    "Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer a criminal?"

    That would be the logical conclusion for anyone who knows what they're talking about. I have Wireshark installed on my laptop, nmap and a live CD of Backtrack for diagnostics of my company network. Apparently I need to go to jail...

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That Anonymous Coward (profile), Apr 4th, 2012 @ 4:22am

      Re:

      Assume the position and stay where you are, they will be arriving by black helicopter shortly.

      Soon we'll have cops dropping flash drives with hack tools on them to run sting operations on people who pick them up.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Keii (profile), Apr 4th, 2012 @ 4:20am

    It's a modern day witch hunt.

    "It has protruding wires, it must be a bomb!"

    "There are musics there, it must be illegal!"

    "I don't understand this piece of software, it must be a hack!"

    "You're pretty knowledgeable with computers, you must be fluent in every piece of software."

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    abc gum, Apr 4th, 2012 @ 4:31am

    Write a hello world program?
    That's a tazing.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    izzitme101, Apr 4th, 2012 @ 4:35am

    prison time!

    I guess its time for everyone to just drop everything, and voluntarily walk to the nearest police station, and admit every crime we are all accused of.
    After making your statements, you can walk straight to the mearest prison, do not pass the dole office, do not collect 70 quid.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Dionaea (profile), Apr 4th, 2012 @ 4:37am

    "considerable damage ... financial costs or loss of financial data"

    And how the hell are they going to determine what considerable damage is? The copyright trolls think downloading a single song causes them thousands of dollars of damage and the scariest thing is that judges agree with them sometimes. How much are corporations going to claim for being taken offline or having a damaging message up for several hours? If you don't define the size of the stick they're allowed to use to beat people up they're gonna go for a trunk of a sequoia tree...

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That Anonymous Coward (profile), Apr 4th, 2012 @ 4:55am

      Re: "considerable damage ... financial costs or loss of financial data"

      Buying legislation was cheaper than actually putting any security on their sites.
      This way they can just sue the bad actors for whatever losses are caused by their failure to protect data in their care.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 4:42am

    I like the part where you get more jail time if they have greater data loss. Make sure the company your attacking has good backups!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Squig (profile), Apr 4th, 2012 @ 4:58am

    How nice of them to give all Pirate Parties in Europe a big boost!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 5:42am

    and as per usual, everything that is detrimental to citizens or is done without the permission of citizens is ok. yet another law put into place by stupid old farts that have no fucking clue what the hell they are voting on, let alone for! about time for a complete change of age group in politics, letting the tech generation deal with things. if not, instead of making progress we will be regressing, not just stagnating.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Chuck Norris' Enemy (deceased) (profile), Apr 4th, 2012 @ 6:17am

      Re:

      You realize how screwed up our governments are when a Civil Liberties Committee is writing laws to take away civil liberties.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 6:10am

    Guyz

    I have wireshark and visual studio installed on my computer. I'm fucked aren't I?

    They're gonna come for me. :(

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 6:16am

    Hands need outlawing, too! And brains! ONLY ZOMBIES ARE SAFE FROM THE ABTI-HACKING BILL!!!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 6:24am

    Oh, oh. What's this bill going to do to my Warcraft matches?

    - Peasants have hacking tools (for chopping down trees).
    - Orcs have hacking tools too (for chopping down peasants).
    - Considerable damage is happening all the time (it *is* war, after all), which, in turn, brings considerable financial loss (to your enemy, hopefully).
    - I tend to play with AI players. Does ganging up on the enemy together with the AI count as using "botnets specifically designed for large-scale attacks"?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 6:43am

    They are ABSOLUTELY criminal. As someone who champions the value of free speach and claims that removing content is a violation of constitutional rights you should be condemning ALL DOS attacks. The entire purpose of these attacks is to CENSOR websites. You complain about censorship when it's the government doing it but you don't think it is wrong when hackers do it? How can anyone take you seriously when you are so hypocritical.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      PaulT (profile), Apr 4th, 2012 @ 6:51am

      Re:

      Whoosh!!!

      That was the sound of both Mike's opinion and the criticisms being made sailing above your head high enough to bring satellites out of orbit.

      SOP, of course.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 4th, 2012 @ 8:11am

        Re: Re:

        I agree with you, but show your work. If you don't, you are as bad as the person you're whooshing.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 4th, 2012 @ 8:41am

        Re: Re:

        No his criticisms are not because of the censoring but because he felt their actions are ineffective if not counter-productive. He never complained that the DOS attacks censor content.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Overcast (profile), Apr 4th, 2012 @ 6:47am

    Even more ridiculous? Merely "possessing... hacking software and tools" could lead to criminal charges.

    Define 'hacking software and tools'.

    The DOS prompt?
    Telnet?
    IP Scanners?
    Ethernet Sniffers?

    All of those - while being critical tools to 'hack' - are also have a quite legitimate and sometimes necessary role.

    I sweep subnets often at work looking for Remote Access Controllers since they don't register with DNS, and we don't use WINS.

    Ethernet Sniffers are sometimes the only way to track down rouge traffic on a LAN, situational, of course.

    And some of these tools are on just about every windows/linux install - so they need to arrest everyone with a computer.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 4th, 2012 @ 7:25am

      Re:

      They are not critical tools to hack in and of themselves. Used in normal means, they are not hacking tools, any more than a hammer is a weapon. But if you use that hammer to start whacking people in the head, it becomes a weapon.

      You guys are way too literal for your own good sometimes.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 4th, 2012 @ 7:38am

        Re: Re:

        You do realize that some of the tools that will be branded as hacking tools because they are "obviously" hacking tools (I'm looking at LOIC, here) actually do have practical uses? LOIC can be (and regularly is) used to stress test web servers.

        So while yes, claiming that this will outlaw ping is hyperbole, it's still an overreaching law written by those who know nothing about technology.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Apr 4th, 2012 @ 8:15am

          Re: Re: Re:

          You do realize that some of the tools that will be branded as hacking tools because they are "obviously" hacking tools (I'm looking at LOIC, here) actually do have practical uses? LOIC can be (and regularly is) used to stress test web servers.


          Agreed. Also, pretty much anything considered a 'hacking tool' (including malware) can be and is used for stress testing and security audits.

          I'll even add another example for you. When Conficker was big, I infected a computer on my test network on purpose to test the removal tools for it. That way if it got past all of the safeguards that we put in place, I knew that I could remove it safely and effectively.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Watchit (profile), Apr 4th, 2012 @ 8:53am

            Re: Re: Re: Re:

            exactly, but there is no provision in the law that differentiates "hacking tools" and "hacking tools with a legitimate purpose". While the "intended purpose" of the law isn't to go after those legitimate uses, laws with the ability to be abused will be, and there is no denying that.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Apr 4th, 2012 @ 11:41am

              Re: Re: Re: Re: Re:

              But it is not only tools that are affected. It might even chill legitimate research. Germany has the laws and because of that "A Bug Hunter's Diary" http://nostarch.com/bughunter.htm lack the actual exploits. And occasionally the exploits are necessary to convince and embarrass vendors if they claim a DOS instead of a arbitrary code execution.

               

              reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 6:58am

    These people are mentally deranged and need to be dispatched to the looney bin post haste.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 7:15am

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Robert (profile), Apr 4th, 2012 @ 7:24am

    And when "law enforcement" does it?

    Is it still criminal when law enforcement does it? For example, will it be criminal for FBI or NSA or whoever it was to coordinate or pay a group from India to coordinate a DDoS against The Pirate Bay? Of course that was at the behest of Hollywood, but still.

    Or is it as usual, laws only apply to non-governmental groups (ie: everyone not on tax-payer payroll)?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      btr1701 (profile), Apr 4th, 2012 @ 10:44am

      Re: And when "law enforcement" does it?

      > will it be criminal for FBI or NSA or whoever
      > it was to coordinate or pay a group from India
      > to coordinate a DDoS against The Pirate Bay?

      No.

      This is a proposed EU law. If passed, it will only apply to EU member countries. Since neither the US nor India are EU member countries, nothing they do will be criminalized under this law.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        lol, Apr 4th, 2012 @ 11:16am

        Re: Re: And when "law enforcement" does it?

        they will catch up. if theres one thing the US and india will never miss its a chance to screw people over.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 7:35am

    Is UK law written by private jails too? Making it illegal to own a computer with ping/tracert/telnet sounds like it'd be an easy way for them to make a few extra million.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Pete Austin, Apr 4th, 2012 @ 7:42am

    Re: a hammer is not a weapon

    Try that argument the next time you fly somewhere, and take along your hammer. Please can you get a friend to video the reaction of the security guards when you use the words, "whacking people in the head".

    If something can plausibly be used as a weapon, police may treat it as a weapon - so, your opinion is interesting, but not the one that ultimately matters.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Apr 4th, 2012 @ 4:20pm

      Re: Re: a hammer is not a weapon

      Problem with that is given just a little time you can use anything as a weapon, so attempting to outlaw something because it might would be used illegally would be downright impossible, as it would apply to almost anything and everything in existence.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 8:00am

    33.

    To further your analogy. No it is not about tools like hammers, more like tools like knives. The country where I live it is illegal to carry a knife in public places unless I have specific legal reason to, like carpenters are allowed to if they are working in a public place. Now regardless of my intent to use it to hurt someone with said knife I still run the risk of being jailed up to six months.

    This is a case where a tool like nmap would be classified as a cyber attack tool Possesion and/or distribution such a tool would carry to the risk iregardless of intent at least two years of jail time in a pound-you-in-the-ass prison.

    Read the comments from about the intent(under the header mens rea) part from EFF https://www.eff.org/sites/default/files/filenode/Submission-Parliament-Hacking-Tools-vf.pdf

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Cowardly Anonymous, Apr 4th, 2012 @ 8:40am

    Goodbye White hats

    Let's see here:

    1) White hat hackers driven away. Young hackers driven heavily towards black hat pursuits.

    2) Supply of new security professionals drys up. Supply of black hat hackers increases.

    3) Firesale/Nuke hack gets through the inadequate security.

    4) Chaos, death, destruction.

    5) Building a new world from the ashes, if anyone is left.


    Conclusion:
    Politicians are horrible strategists.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Apr 4th, 2012 @ 8:40am

    Cybersecurity has become the new child porn of the censorship advocates...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ure O'Peanonion, Apr 4th, 2012 @ 10:32am

    Regulation is going cancerous.

    Regulation is going cancerous.

    In the future the aforementioned cancer and its carriers will likely be targeted and eradicated.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    lol, Apr 4th, 2012 @ 10:40am

    so the EU is going to arrest the entire internet?
    im sure there terrified of the mean old politicians/possible pedophiles that wrote this.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Tux (profile), Apr 4th, 2012 @ 11:47am

    I use nmap, traceroute, ping, GCC, binutils, bash, lighttpd and SSH on a daily basis for legitimate reasons.

    I dare the government to arrest me since all of that is "hacker software".

    (If I need to check for holes in my config, I use nmap. If I need to test the network; ping/traceroute. Need to compile? GCC. Need to have a secure connection to a remote server? SSH and bash. IF I NEED A FUCKING WEB SERVER, I USE LIGHTTPD).

    ffs, seriously

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    aldestrawk (profile), Apr 4th, 2012 @ 12:28pm

    There was an incident in Britain, which already has a law similar to the CFAA in the US, where Glenn Mangham was sentenced several weeks ago to 8 months in jail for doing security research. He found a security vulnerability in Facebook and collected evidence (internal Facebook documents and code) to present to Facebook as proof of the vulnerability. Despite the judge in his case stating:

    "I acknowledge ... that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge that you never intended to make any financial gain for yourself from these offences,"

    he was found guilty and sentenced to jail time under Computer Misuse Act despite having no criminal intent associated with his actions. The EU Cybercrime bill not only would allow this kind of abuse across all of Europe, it would be worse than the CMA or the US CFAA.

    http://www.out-law.com/en/articles/2012/february/british-facebook-hacker-sentenced-to-eight -months-in-jail/

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Wally (profile), Apr 4th, 2012 @ 1:51pm

    Arrests

    When Anonymous attacks, there is a huge effort to stay anonymous....redundant sounding no? Making "cyber attacks" illegal means they have to find ways to arrest people they cannot even trace an IP address to.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 4th, 2012 @ 3:00pm

    They are trying to build a police state like the us. More of your tax money hard at work.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    pesti (profile), Apr 4th, 2012 @ 11:18pm

    Unrelated but ....not

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    MaXe, Apr 11th, 2012 @ 5:33am

    Compromise Amendments

    I am still surprised to see these news almost 2 weeks after they initially hit the web, and even more surprised that people seems to either be unaware of the compromise amendments that doesn't criminalize whitehats / ethical hackers.

    You can read a debate along with the compromise amendment here:
    http://forum.intern0t.org/security-news-feeds/4177-update-existing-eu-cyber-law-makes-worse-g ood-guys.html

    (The compromise amendment comes directly from the Europa Parlament)

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This