While we're still sorting through the crazy
cybersecurity bill proposals in the US, it appears that some in the EU are going through a similar process. The EU Parliament's "Civil Liberties Committee" has approved a legislative proposal concerning "cyber attacks,"
which appears to ramp up criminal penalties for all sorts of broadly defined activities. It even applies criminal penalties to a company if an employee hacks into a competitor's database (even if they weren't told to do it). But where it gets scary is when it appears to directly target "hactivism" like what Anonymous does. While we still think Anonymous' DDoS attacks are incredibly counterproductive, are they really criminal
The Committee's proposals would make it a criminal offence to conduct cyber attacks on computer systems. Individuals would face at least two years in jail if served with the maximum penalty for the offence.
A maximum penalty of at least five years in jail could apply if "aggravating circumstances" or "considerable damage ... financial costs or loss of financial data" occurred, the Parliament said in a statement.
One aggravating circumstance in which the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks". Considerable damage may be said to have occurred through the disruption of system services, according to plans disclosed by the Parliament.
Even more ridiculous? Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer
a criminal? This whole thing seems like a bad overreaction by politicians who are freaked out, but who clearly don't understand the technology in question.