http://www.vnunet.com/News/1126513 By Neil Barrett VNU Business Publications [29-10-2001] The Americans are, it would seem, determined to equate hackers with terrorists: new legal proposals would make many system intrusions a terrorist act. On the face of it this is a surprising thing - some might say an overreaction. There is, though, a form of logic behind it, but one I believe the rest of us would be well advised to avoid. In the US, the major law covering hacking is the Computer Fraud and Abuse statute, which makes it a fraud-related offence, hence the primary responsibility of the US Treasury and its investigative arm, the Secret Service. Yes, the men in dark suits and sunglasses, with hearing aids and hidden guns, are responsible for tracking the night-pale brigade of network freeloaders. But a significant element of this act covers computers that are of 'federal interest': those that carry government traffic, operate directly or indirectly on behalf of a federal agency, or whose impairment would affect the operation of federal government. It's hard to imagine a major hacking target that could not be shoehorned into this loose specification. With worries over the critical national infrastructure - that general federation of networks and systems whose destruction or damage would in turn damage national interests - resulting quite naturally from the events of last month, it is no surprise that this topic is high on the US Government's agenda. But it is hard to make a justification for seeing hackers as terrorists in a legal framework that does not provide this 'federal interest' contingency. The UK's Computer Misuse Act, the nearest equivalent, makes no implied or explicit distinction regarding the systems that are intruded on. This is quite apart from the other major difference in the two laws: that of fraud in the US versus 'unauthorised access', or trespass, in the UK. Because of this, in the UK it would be necessary to introduce computer offences into the Terrorism Act - and indeed, the new version of that act has clauses that would cover the use of terror tactics with computers. However, we have to recognise some simple truths. A significant element of terrorism is that it causes terror. Sure, it has to be politically motivated, performed by an identifiable sub-state group, and illegal, but the major element is that it is intended to induce political activity or changes as a result of terror. Hacking does not cause terror. It makes people angry; it costs money; it can be offensive; it induces trepidation. But no one is likely to say a computer hack induces terror. Take a current TV advert, in which the website of a cheese manufacturer is hacked by a French cheese maker. It's funny! It's not terrifying, and that's what most hacking is like. I'm not saying we shouldn't take it seriously, but we shouldn't reflexively lump hacking in with bombs, bullets and torture simply on the basis of a belief that the terrorists of last month could have done things with a computer, and that some security experts believe a really clever, motivated hacker could intrude on some sensitive control systems. Let's instead make it clear just what we think of terrorism, in all its forms. If hackers eventually start to act like terrorists, then fine. We have laws to cover them. But let's not make a knee-jerk response and automatically interpret hacking as a form of terrorism. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 03:37:19 PST