Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[ISN] Tough Cybercrime Laws Questioned
From: William Knowles (wkC4I.ORG)
Date: Wed Nov 22 2000 - 13:30:42 CST
Dan Verton, Computerworld
Monday, November 20, 2000
A leading criminal defense attorney who specializes in cybercrime
stunned a crowd of industry security experts last week, charging that
computer crime laws are too vague and that tougher penalties for
hackers would do little to enhance security.
"Without clarity in the criminal law, we don't know what our goals
are," said attorney Jennifer Stisa Granick, speaking at the San
Francisco-based Computer Security Institute's 27th Annual Computer
Security Conference and Exhibition. She added that some of the
proposals now being debated are fraught with problems. (See "Looking
for Help to Fight Cybercrime." )
For example, Granick argues that harsher sentences for hackers
wouldn't serve as a deterrent. "When people do the crime, they don't
think they're going to get caught," the San Francisco-based lawyer
She also says stiffer sentences might encourage false guilty pleas by
forcing defendants who maintain their innocence to choose a two-year
plea bargain arrangement to avoid the possibility of losing in court
and getting a 10-year jail term.
'Penalty Should Match the Crime'
Daniel J. Ryan, a lawyer and former director of information systems
security at the Pentagon, says that while he also has never met a
criminal who thought he would be caught, that's not an idea upon which
to base laws. "There are organized hacker groups to which the
[racketeering] laws probably can and should be applied," Ryan says.
"The penalty should match the crime and fit the harm that's caused,"
says David Loundy, an attorney who specializes in technology issues at
the firm D'Ancona & Pflaum LLC in Chicago. Teenage hackers who
frequently don't have a criminal motive are too often "treated as if
they are the most evil people in the world," he says.
However, Granick accuses the U.S. Federal Bureau of Investigation of
"chilling" legitimate research by law-abiding citizens. She says she
has received complaints at meetings of a Chicago-based group of
legitimate security professionals and hackers called "2600" that FBI
surveillance has crossed the line, with FBI officials warning some
members that they shouldn't be associating with certain individuals.
"People who should be beneath the notice of law enforcement" are being
told that what they're doing is wrong, Granick says.
Steven Berry, a supervisory special agent at the FBI, denies the
allegations. "The FBI fully supports the right of each and every
American citizen to join any group which he or she wishes to join," he
says. "The FBI's only concern is when the actions of these groups
violate any laws over which the FBI has been given jurisdiction."
Anthony D'Amato, Leighton professor of Law at Evanston, Illinois-based
Northwestern University, says he considered attending the last meeting
of the 2600 group. "If I had done so, I'd prefer being warned by the
FBI to being watched by the FBI," he says.
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERVSecurityFocus.com with a message body of