[ISN] Sentencing Study Probes Hacker Motives

From: InfoSec News (isnat_private)
Date: Sun Apr 07 2002 - 22:26:40 PDT

  • Next message: InfoSec News: "[ISN] Hacking up, disclosure down, FBI survey says"

    By Alex Handy 
    APRIL 8, 2002 
    A computer-savvy law professor on the United States Sentencing
    Commission launches a rare study that may decide how hackers are
    sentenced in federal court
    The courts may someday treat recreational hackers with a gentler
    justice than malicious intruders and cyber thieves, depending on the
    results of a study being spearheaded by a member of the government
    commission responsible for setting federal sentences.
    Since September 11 and the passing of the USA Patriot Act into law,
    hackers have been lumped into an homogeneous and enigmatic category of
    evildoers, along with terrorists, drug dealers, and arms smugglers.  
    The act provides for a maximum of ten years in jail for first time
    computer criminals, and the definitions of these crimes are vague at
    But the USA Patriot Act alone does not govern how judges sentence
    hackers. That job is left up to the United States Sentencing
    Commission (USSC), and the task of discerning the harmless intrusion
    from the harmful has fallen squarely on the shoulders of Michael
    Edmund O'Neill.
    The USSC, as O'Neill puts it, "creates sentencing guidelines for all
    federal courts. It crafts the guidelines that enable judges to choose
    appropriate sentences within statutorily authorized ranges." That
    means that the commission is responsible for building charts and
    formulae that tell federal judges what range of possible sentences a
    criminal should face -- from probation to life imprisonment. The term
    "guidelines" is slightly misleading here: these guidelines are
    binding, and all federal judges must sentence according to them.
    Currently, the guidelines regarding computer crime are the same as for
    larceny, embezzlement and theft, with factors like financial loss and
    "use of special skills" dictating the offender's sentence. O'Neill
    hopes to refine the guidelines for computer crime, possibly making the
    intruder's motives a factor in their legal fate.
    O'Neill is certainly the commissioner most qualified for the task. He
    describes himself as the product of what was possibly the most
    technologically advanced high school in Wisconsin. In the mid 1980's,
    while other schools were struggling to keep their Apple IIs up to
    date, O'Neill's high school was teaching its students how to program
    C, Fortran, and Cobol. Later, while he attended Brigham Young
    University in Utah, O'Neill got a summer job writing WordPerfect's
    first thesaurus in C.
    It's not the sort of background you'd expect to see behind Clinton's
    last appointee to the seven-person United States Sentencing
    Commission. When he's not writing sentencing guidelines, O'Neill is an
    assistant law professor at George Mason University, and it is here
    that he is undertaking his academic study on the causes and rationales
    behind computer crime.
    Sentences Rarely Drop The rationale most commonly found: Money. Those
    that would steal credit card numbers, commit identity theft, or build
    elaborate con games to harvest cash are at the focal point of
    O'Neill's investigation. As O'Neill puts it "The Internet affords
    con-men access to a massive number of people. Why should the laws be
    any less stringent when the criminal has access to twenty times more
    potential targets?"
    But con artists aren't the only ones under O'Neill's microscope.  
    O'Neill says his team has been interviewing convicted hackers in order
    to find out where the line between experimentation and exploitation
    can be drawn effectively. His study may result in new sentencing
    guidelines that treat minor hacking offenses as vandalism, rather than
    imprisonable crimes.
    Hacker defense attorney Jennifer Granick is skeptical. "In my
    experience as an observer [of the USSC] I have rarely, if ever, seen
    sentences go down," says Granick, the litigation director at the
    Stanford Center for Internet and Society. "In order for them to be
    fair, they're going to have to go down."
    Granick worries that O'Neill will simply increase penalties for more
    severe intrusion, while using the current sentencing guidelines for
    harmless attacks. If so, sentences for script kiddies would remain the
    same, while hardened professionals could see sentences skyrocket past
    20 years.
    It remains to be seen how O'Neill's study will sway his fellow USSC
    members. Perhaps his research will help keep harmless experimenters
    out of jail. Or it may increase sentences for all computer criminals,
    regardless of their crimes. Either way, in the coming months, the USSC
    will hold in its hands the fate of hackers, script kiddies and cyber
    thieves across the U.S.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Apr 08 2002 - 02:53:59 PDT