Hacktivism

we're taking a deeper look at the idea of hacktivism, and how activists use technology to push forward a social or political agenda. To try and understand the laws around hacking and the future of hacktivism, Marketplace Tech host Ben Johnson talked to Molly Sauter, a doctoral researcher and author of the book, “The Coming Swarm: DDoS Actions, Hacktivism, and Civil Disobedience on the Internet.” Below is an edited transcript of their conversation. A rising and often unseen crime wave is mushrooming in America. There are approximately 300,000 reported malicious cyber incidents per year, including up to 194,000 that could credibly be called individual or system-wide breaches or attempted breaches. This is likely a vast undercount since many victims don't report break-ins, to begin with. Attacks cost the US economy anywhere from $57 billion to $109 billion annually and these costs are increasing.

Yes, hacktivism should be punishable. Cybercrime is a type of crime that not only destroys the security system of a country but also its financial system. One supporter of legislation against cybercrime, Rep. Lamar Smith (R-Texas), stated, "Our mouse can be just as dangerous as a bullet or a bomb." Cyber attackers should be penalized and punished severely and most cybercrimes have penalties reflecting the severity of the crime committed. Although in the past many laws against cybercrimes were insufficient, law enforcement agencies and governments have recently proposed many innovative plans for fighting cybercrimes.

Cybercrime must be dealt with very seriously because it causes a lot of damage to businesses and the actual punishment should depend on the type of fraud used. The penalty for illegally accessing a computer system ranges from 6 months to 5 years. The penalty for the unofficial modification on a computer ranges from 5 to 10 years.  Other penalties are listed below: Telecommunication service theft: The theft of telecommunication services is a very common theft and is punished with a heavy fine and imprisonment. Communications intercept crime: This is a Class-D crime which is followed by a severe punishment of 1 to 5 years of imprisonment with a fine. Other cybercrimes like telecommunication piracy, offensive material dissemination, and other cyber frauds also belong to this category. Information Technology Act-2000: According to this act, different penalties are available for different crimes. Computer source document tampering: The person who changes the source code on the website or any computer program will get a punishment up to 3 years of imprisonment or fine. The individual who hacks the computer or computer devices will get imprisonment up to 3 years or a fine. The government protected system: An act of trying to gain access to a system which is a protected system by the government will result in imprisonment for 10 years and a heavy fine. The introduction of such penalties have to lead to a drastic reduction in the cybercrime rates as more and more criminals are becoming aware of the penalties related to them. Spreading the word about the penalties of cybercrime can serve as a deterrent against such crime. Penalties relating to cybercrime will vary depending on the country and legislation in place.

Judges are struggling to determine the appropriate punishments for cyber crimes even as U.S. law enforcement works to bring more of the Internet’s bad actors to justice. Cybercrime is such a recent phenomenon that there are few guideposts for judges to use, experts, say. Judges typically seek guidance from a number of places when determining a sentence, but the first port of call is the Sentencing Guidelines, federal rules that lay out a uniform sentencing policy for different felonies and serious misdemeanors. But in the realm of cybercrime, those guidelines are extremely broad and carry stiff penalties. The maximum penalty for computer abuse crimes under the federal anti-hacking law — known as the Computer Fraud and Abuse Act, or CFAA — is 10 years for first offenders and 20 years for repeat offenders. One of the factors the guidelines tell judges to take into account is the so-called “loss,” or the financial harm caused by cybercrime. But the guidelines define “loss” far more broadly for CFAA convictions than they do for other crimes. Loss can include any reasonable cost to the victim — including the cost of restoring a system or conducting a damage assessment — whether or not that loss was foreseeable. Such broad definitions “give prosecutors wide discretion to ratchet potential sentences for defendants who insist on exercising their constitutional right to go to trial,” says the Electronic Frontier Foundation (EFF), which supports an overhaul of CFAA. But with the limited number of cybercrime convictions compared to other crimes, judges have little to go on aside from the Sentencing Guidelines. An increased focus on investigating and prosecuting cyber crimes has placed added pressure on the legal system to assess responsibility appropriately and mete out punishments that act as a deterrent. Critics say it’s not just the Sentencing Guidelines for CFAA that need reform — they say the law itself is both draconian and stymies legitimate security research. Observers say sentencing for cyber crimes will continue to be a moving target.

...