[ISN] Feds seek public input on hacker sentencing

From: InfoSec News (isnat_private)
Date: Mon Jan 13 2003 - 23:01:18 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "Network Security", Charlie Kaufman/Radia Perlman/Mike Speciner"

    Forwarded from: Jei <jeiat_private>
    By Kevin Poulsen
    January 13 2003
    Sick and tired of a revolving door justice system that lets hackers 
    skate with just a few measly years in prison? Or do you think that the 
    courts are already too hard on online miscreants who sometimes go up 
    the creek for longer than many killers? 
    Either way, the U.S. government wants to hear from you. 
    Last week the presidential-appointed commission responsible for 
    setting federal sentencing rules formally asked the public's advice on 
    the formula used to sentence hackers and virus writers to prison or 
    probation, as part of a review ordered by lawmakers increasingly 
    concerned that computer criminals are getting off easy. 
    "All we're really looking for is for people to comment," says Michael 
    O'Neill, a law professor at George Mason University Law School, and a 
    member of the United States Sentencing Commission (USSC). "Do they 
    think we're going down the wrong road? How do they feel about the 
    penalty structure?" 
    The USSC's Federal Sentencing Guidelines set the range of sentences a 
    court can choose from in a given case, based on a point system that 
    sets a starting value for a particular crime, and then adds or 
    subtracts points for specific aggravating or mitigating circumstances. 
    A convicted kidnapper, for example, starts off with 24 sentencing 
    points -- which maps to 51 - 63 months imprisonment for a first-time 
    offender. But if the culprit held his victim for 30 days or more, he 
    gets two bonus points, translating to an additional 12 - 15 months. 
    The criminal earns another six points if he demanded a ransom, and two 
    points for injuring a victim -- but can shave off two points for 
    pleading guilty and accepting responsibility for the crime. 
    Though they're called "guidelines," the rules are generally binding on 
    Computer crimes currently share sentencing guidelines with larceny, 
    embezzlement and theft, where the most significant sentencing factor 
    is the amount of financial loss inflicted, and additional points are 
    awarded for using false ID or ripping off more than 10 victims. But in 
    a congressional session that heard much talk about "cyberterrorism," 
    lawmakers became convinced that computer outlaws had more in common 
    with al Qaida than common thieves. 
    Deterrent Value? 
    Consequently, one of the provisions in the massive Homeland Security 
    Act passed last November requires the USSC to review the cyber crime 
    sentencing guidelines to ensure they take into account "the serious 
    nature of such offenses, the growing incidence of such offenses, and 
    the need for an effective deterrent and appropriate punishment to 
    prevent such offenses." (The law also created new penalties for 
    hackers who literally kill people over the Internet.) 
    "It's not clear what Congress wants the sentencing commission to do," 
    says Orin Kerr, a cyber law professor at George Washington University 
    Law School, and a former attorney with the Justice Department's 
    computer crime section. "In fact, the section seems to say, go back 
    and think a lot about sentences, and then file a report." 
    Last week the commission -- normally seven members; currently five 
    pending two replacement appointments -- turned to the public for 
    advice, publishing a formal "Issue for Comment" on the general 
    question of whether sentences are strong enough to deter and punish 
    cyber evildoers, and on eight specific proposals to add more variables 
    to the formula that produces a hacker's sentence. 
    The possibilities include adding extra points for financially 
    motivated hackers, or for intruders that invade an individual's 
    The formal notice is available from the United States Sentencing 
    Commission's Web site, along with a detailed list [pdf] of the 
    questions the commission is pondering. 
    "It's important for us to get input from people who are 
    technologically familiar with these issues to be able to think about 
    ... potential changes that might be appropriate," says O'Neill. "We 
    want to know whether or not the relevant community... believes that 
    serious penalties will deter people from engaging in that sort of 
    Kerr says he's already filed his comments. "Computer crime penalties 
    are as stiff as normal penalties... In fact there are a few provisions 
    that treat computer crimes more harshly than traditional crimes," he 
    says. "I think the trick is to make sure the sentencing commission 
    doesn't believe that it needs to jack up sentences, which it shouldn't 
    The public comment period ends on February 18th. 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 01:16:47 PST