September 25, 2001
5:14 PM   Subscribe

Web site defacers? Shouldn't it be based on the target rather than the general crime of 'web site defacement'?

For example, a peeved customer (or bored kiddie hacker) might go and deface an e-commerce site. In real life, that's the equivalent of throwing eggs at McDonald's windows.. does that make you a terrorist? An idiot, yes.. a terrorist, no.

While I think people who attack governmental Web sites (Pentagon, White House, et al) could be considered terrorists, of sorts, I think this is a bit of an over-reaction if someone goes and defaces MomsCookieShop.com.
posted by wackybrit at 5:34 PM on September 25, 2001

One strike and you're out. You better have a lot of balls.
posted by Postroad at 5:39 PM on September 25, 2001

This is really starting to sound like "The Matrix"......
posted by martz at 5:45 PM on September 25, 2001

Damn, aren't we equating hacking websites with murder now?

Jesus maheebus.
posted by Aikido at 5:57 PM on September 25, 2001

eff.org has more info on this and how you can contact your reps.
posted by skallas at 6:03 PM on September 25, 2001

While I think people who attack governmental Web sites (Pentagon, White House, et al) could be considered terrorists

um...remind me again...what critical strategic (or other) function does whitehouse.gov serve again?
posted by rushmc at 6:06 PM on September 25, 2001

Would all those folks who were cheerleading the exchange of freedom for security please stand and be counted...
posted by websavvy at 6:14 PM on September 25, 2001

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Worse yet, I don't think this is going to be the end of what is being planned in the name of safety. How is hacking websites and releasing viruses related to the attacks on the WTC?

Anyone?

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use

iQA/AwUBO7Et6np5UOPof1apEQIFjACcCq9gF3ludB2rdZScBw6yV31vYLIAn3rK
7qDIQjz+dqVSvKmfseCcSG/G
=YY6a
-----END PGP SIGNATURE-----
posted by mathowie at 6:18 PM on September 25, 2001

To everyone who is thinking of posting a front page link of which I do not personally approve:

I would like you to know that, if you choose to deface MeFi in such a manner, you will be sent to jail... forever. Choose wisely.
posted by whatnotever at 6:26 PM on September 25, 2001

Can someone who is a lawyer please take a look at 18 USC 1030 and tell me how the section that are incorporated into this law apply to website-defacing? The affected sections are (a)(1), (a)(4), (a)(5)(A), and (a)(7). As I read it that's unauthorized transmission of classified info (defense, national security, etc.), fraud exceeding $5,000, intentional transmission of a virus, and extortion by threatening damage to a computer. None of those sounds like website-defacing to me, so I'm not sure where they came up with that idea.

Seriously, if this DOES apply to website-defacing, I'd like to know, because I'm trying to write to my congressperson and I'd like to not sound stupid.
posted by xeney at 6:40 PM on September 25, 2001

Next thing you know, graffiti artists will be sentenced to life, for terrorising a wall.
posted by Zool at 6:48 PM on September 25, 2001

/me goes and finds a copy of PGP. fuck this. i'll be damned if the gov can take away my freedoms.
posted by jcterminal at 6:49 PM on September 25, 2001

The article also states that it's retroactive. How many kids are they going to go after?
posted by omen68x at 6:49 PM on September 25, 2001

Ooh yah, I hope Bill Gates gets jailed for terrorizing the nation by defacing Windows with this cartoony thing called 'XP'.
posted by wackybrit at 6:53 PM on September 25, 2001

i'll be damned if the gov can take away my freedoms.

True in more ways than one....

Did anyone else read it "HOOKERS face life imprisonment under 'Anti-Terrorism' Act?"
posted by rushmc at 6:56 PM on September 25, 2001

ahhh...."Broad.... "Sweeping"....."Legggislation". Can you feel that? gives me shivers every time. It must be Christmas, with everything being russshed through. Bedtime for democracy indeed, move out of the twilight, but keep the 'free world' tag if you please.
posted by hug99 at 7:10 PM on September 25, 2001

mathowie, yer signiture failed, if that's really you.

Life imprisonment for hacking a website? Shouldn't that just be called vandalism. Now life imprisonment for spammers, that would be good.
posted by bobo123 at 7:14 PM on September 25, 2001

1. Bush Administration proclaims a long and secret 'War On Terrorism'.
2. Bush Administration states that the US will not necessarily reveal the evidence against 'terrorists' they uncover.
3. Bush Administration announces that the US expects all other governments to comply and assist with American anti-terrorist actions or be branded as terrorist sympathizers themselves (and therefore subject to attack).
4.. Bush Administration proposes legislation to Congress to make hacking (and assisting hacking) and other relatively minor non-violent criminal acts = 'terrorism' subject to life imprisonment, etc.

I know that the intelligence and law enforcement communities are taking this opportunity to get all their pet proposals passed into law during this time of national distraction and 'anti-terrorist' paranoia, but I'm beginning to fear a concerted and irrevocable attack on civil liberties by Ashcroft and his rabid reactionary companions a hell of a lot more the possibility of another attack by Osama and his buddies.
posted by SenshiNeko at 7:24 PM on September 25, 2001

i guess our gov figured out their 'war on drugs' wasn't bringing in the bling-bling like they wanted.

time for a new war.

thanks for feeding off of fear mr. bush.

anyone here still think he's a "good leader"?
posted by jcterminal at 7:39 PM on September 25, 2001

Actually, Aikido, murderers have the chance of parole and don't usually get life. But at least they didn't hack my weblog.
posted by untuckedshirts at 7:41 PM on September 25, 2001

The article also states that it's retroactive. How many kids are they going to go after?

is the retroactive bit for real? you can do that?
posted by sad_otter at 7:45 PM on September 25, 2001

Times of national panic bring out the best in legislatures...
The communist registration acts were the rage 50 years ago this week. See the Sept. 20th entry on the Internal Security Bill.

Xeney

***disclaimer, I am not a practicing attorney, and the following is only legal information, and not legal advice :-)***

18 U.S.C. Sec. 1830 might be used to prosecute someone for web site defacement. It depends upon the type of action actually taken, and possibly the amount of damages, if any.

subsection (a)(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

A protected computer is defined as: (e) As used in this section (2) the term "protected computer" means a computer (B) which is used in interstate or foreign commerce or communications;

(a)(5)(B) or (a)(5)(C) might also be used to prosecute for web site defacement.

For a very good (but NOT definitive) description of how this law might be used, see Hacking Your Way To Hard Time: Application Of Computer Crime Laws To Specific Types Of Hacking Attacks
This is recommended reading for anyone interested in computer crime.
posted by bragadocchio at 8:38 PM on September 25, 2001

These are simply powers I do not want John Ashcroft of all people to have. He is a reactionary, over-religious zealout who would use these powers "post-terrorism war" against the American people, especially those he does not disagree with. (Those who John Ashcroft doesn't agree with: 99% of the population.)
posted by benjh at 8:39 PM on September 25, 2001

I called up 18 USC 1030 from Legal Information Institute and the text makes it sound like web site cracking is a crime if the person intends to commit fraud, obtains information or passwords, or gets access to classified information.
eff.org has lots of information on the proposed changes, but I don't see anything specifically saying "Deface a website, go to jail" - the Anti-Terrorist Act requires the cracker to be seeking information for the crack to be a crime.
However, I would bet lawyers could argue that anyone gaining unauthorized access to a website had the means to access information, even if that person didn't actually do anything with it.

Regardless, a lot of personal freedom would be lost of ATA passes.
posted by jazon at 8:46 PM on September 25, 2001

first the DMCA and now this... where is the free in the dom go !!
posted by pyr at 8:54 PM on September 25, 2001

amen benjh - likely, mr. ashcroft will end up trying to prosecute people who've used condoms as serial killers and terrorists of 'future generations.' i still can't fathom how that guy actually got into his position without being tar'd n feather'd by the female population at large. god knows i certainly tried.
posted by eatdonuts at 9:15 PM on September 25, 2001

is the retroactive bit for real? you can do that?
No, you can't.

Oh, yes, you can, if California's experience with retroactively lengthened statutes of limitations is any indication. This state retroactively changed statutes of limitations for child molestation, and the California Supreme Court found that it didn't violate the ex post facto clause. The US Supreme Court denied certiorari, so they don't seem to be very interested in the subject. I bet that part of this would hold up in court.

Bragadocchio: Thanks for the link; that was helpful.
posted by xeney at 9:42 PM on September 25, 2001

jazon: I might note that it is hard to deface a website without 'obtaining information or passwords.' It was my understanding that the eff's objection is that those clauses make the computer equivalent of breaking and entering (e.g., sniffing someone's password to hack their website) a more serious crime than manslaughter.
posted by louie at 9:52 PM on September 25, 2001

xeney, happy to have been of assistance
posted by bragadocchio at 10:06 PM on September 25, 2001

/me tapping my fingers waiting for the other shoe to drop

With the amount of technical prowess there is in our congress and our law enforcement, they will probably arrest you for not closing an italics tag...

That does deface Mefi, doesn't it??
posted by fooljay at 10:34 PM on September 25, 2001

Hmm. The Bush league cheerleaders seem to be offline - possibly laundering their hard drives? Except for aaron, who tells us the law probably won't be misused...and to take two grains of salt and call him in the morning.

The ruling flannel is thrashing for more than it needs. This is scary. It reeks. And it really isn't very funny.
posted by Opus Dark at 10:44 PM on September 25, 2001

yes, you can, if California's experience with retroactively lengthened statutes of limitations is any indication. This state retroactively changed statutes of limitations for child molestation, and the California Supreme Court found that it didn't violate the ex post facto clause.

Exactly.

***Same disclaimer as above - I am not a practicing attorney, and this is legal information - not legal advice***

In the California case, the ex post facto defense might have been appropriate in that case if the law that had changed was the criminal offense itself. What had changed wasn't the criminal offense, but rather the length of time that the state had to bring the charge.

In other words - the criminal act of child molestation was still a criminal act, even though the statute of limitations had run out. California changed the length of time so that a statute of limitations defense could not be used.

An ex post facto defense was attempted to return the statute of limitations defense. The offense of child molestation had not changed, and the punishment for that offense had not changed either. Because the actual crime hadn't changed, the ex post facto defense wasn't allowed.

So, under the proposed Terrorism law, the statute of limitations would be lifted for certain computer crimes, as long as they were crimes at the time of the offense.

However, there might be some question about whether those older offenses could have a longer sentence imposed upon them than what was called for at the time of the offense. A longer sentence for a previously committed offense might just violate the ex post facto clause of the constitution. The remedy a the court for a successful attack under that defense wouldn't be a release from incarceration, but rather probably a resentencing based upon the previous sentencing terms.

The proposed law includes language that talks about A "person convicted of any Federal terrorism offense may be sentenced to imprisonment for any term of years or for life, notwithstanding any maximum term of imprisonment specified in the law describing the offense."

So, under the ex post facto clause - no life sentence for a crime committed before the statute is enacted, if the person being sentenced couldn't have gotten a life sentence for the crime at the time of the offense.

But, under three strikes laws, or other federal sentencing guidelines involving aggravating circumstances, a felony conviction might lead to a longer sentence anyway.
posted by bragadocchio at 10:49 PM on September 25, 2001

You may not be a practicing attorney, bragadocchio, but I think that's the right analysis. Unfortunately I think it gets more complicated when you look at some of the collateral consequences of the law beyond sentencing. For instance: could they retroactively prosecute you for, say, a 1999 hacking, and sentence you under the old law but still apply some of the other sanctions that go along with being labeled a "terrorist"? I suspect that maybe they could. Ex post facto law has gotten really ugly since every state started enacting three strikes laws.

An example of an area that worries me: say your boyfriend committed one of these offenses in 1999. He can't be sentenced under the new law, but if you continue to 'harbor' him within the meaning of that part of the law, after the enactment of the statute, can you be prosecuted? I don't know the answer.
posted by xeney at 11:19 PM on September 25, 2001

You may not be a practicing attorney, bragadocchio, but I think that's the right analysis. Unfortunately I think it gets more complicated when you look at some of the collateral consequences of the law beyond sentencing. For instance: could they retroactively prosecute you for, say, a 1999 hacking, and sentence you under the old law but still apply some of the other sanctions that go along with being labeled a "terrorist"? I suspect that maybe they could. Ex post facto law has gotten really ugly since every state started enacting three strikes laws.

An example of an area that worries me: say your boyfriend committed one of these offenses in 1999. He can't be sentenced under the new law, but if you continue to 'harbor' him within the meaning of that part of the law, after the enactment of the statute, can you be prosecuted? I don't know the answer.
posted by xeney at 11:19 PM on September 25, 2001

Its scary to think there's a database full of people whose statute of limitations has expired just in case they can get something like this passed through.

I might note that it is hard to deface a website without 'obtaining information or passwords.'

Buffer overflow attacks have nothing to do with passwords. Code Red didn't obtain information it just sent code straight into the HTTP port and rewrote the root page, among other things.
posted by skallas at 1:36 AM on September 26, 2001

skallas
Code Red might be covered by this one:

18 U.S.C. 1830, subsection (a)(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;


The legislation isn't aimed against domestic hackers (at this point), but it could be.


Xeney,

Everything in this seems to be a weapon aimed towards terrorists.

Rico = civil forfeiture of assets

Extraterritoriality of haboring a terrorist = jurisdiction over people outside of the united states

These would have to apply retroactively, otherwise they wouldn't have any teeth against Osama & Co.

Changing the hypothetical a little, If I had a girlfriend who was a "terrorist" and I habored her, it would probably be exactly the same legal consequences under the new law as the old law, except I could be guilty of haboring her outside of the United States. I think the focus of this new version of the law is going to be involved with people abroad, at first.
posted by bragadocchio at 4:10 AM on September 26, 2001

Will we be able to prosecute John Ashcroft as a terrorist?
After all he has defaced an entire state as it's representative and is well known for his radical fundamentalist beliefs.

Ouch! Those damned jackboots hurt John! Get off my neck you facist Nazi whore!
posted by nofundy at 5:28 AM on September 26, 2001

It is a pitty the Bush league cheer-leaders are all offline.
Anyhoo, going with the flow...

Worse yet, I don't think this is going to be the end of what is being planned in the name of safety. How is hacking websites and releasing viruses related to the attacks on the WTC?

Both are activities not understood by the oligarchy.

As per usual, rather than approaching the problem logically, they have leapt to conclusions based mainly on paranoia.

Remember, they are protecting your freedom to consume. That is the only remaining 'freedom' we are afforded.

Hopefully, this is a more accurate description of world war three than the scenarios being bandied about by the pwargs (pro-war arguments).

Is it not the case, presently, that bringing encryption software into the us from many countries is a 'terrorist' activity?
posted by asok at 8:48 AM on September 26, 2001