European hackers face five-years in jail under proposed EU law

Summary:The European Parliament is proposing news laws that would harmonise cyber-criminal penalties from two years in prison, to in some cases five years in the slammer.

The European Parliament approved by vast majority a new draft law which could find hackers facing jail time for at least two years, including those who distribute hacking software and tools.

Companies would also be found liable for any hacks that could actively benefit them, just as car makers would be held liable if they didn't throw in complementary seatbelts and airbags into their magical moving vehicles.

Europe's place is to create laws which would affect all 27 member states of the Union, as part of efforts to harmonise the individual discrepancies in each legal system. The upcoming European Data Protection Regulation is just one example, to allow data to freely flow from one European state to another, without one country over-egging the privacy pudding.

In the UK, for example, a person can be sent to prison for 10 years for serious offences under the Computer Misuse Act 1990, but while this kind of law is mostly in place around Europe, the penalties vary vastly across the continent.

Under the proposals, there would be a universal Europe-wide set of criminal laws which would criminalise: "cyber attacks against an information system", such as, "a network, database or website. Illegal access, interference or interception of data" would also be deemed illegal.

But those who conduct large-scale attacks, such as botnets or attacks that cause considerable damage against a state or a company, a power plant or a transport network, could face five years in the slammer.

Small-time hackers who break into their ex-partner's Hotmail account with a password they already know, and read their messages, for example, would be a gross breach of personal privacy, but "minor cases" compared to the shutting down of an entire city's power grid would likely not be worthy of the prison system.

The proposed law goes into more detail. IP spoofing would be a three-year prison offense, while industrial espionage attacks --- such as a company hiring a hacker to get access to a competitor's database --- would result in the hiring company being liable for damages.

A similar case reared its ugly head in the wake of News Corp.-owned giant NDS allegedly hiring hackers to ultimately bring down a competitor, which caused the collapse of Sky's digital TV rival, ITV Digital.

The proposed law stems from a massive cyberattack in Estonia in 2007 and Lithuania in 2008. Estonia's was the target of the Russian government, which crippled the country's infrastructure for over a week.

While in draft form at the moment, proposing legislation in the European Parliament goes a long way to seeing it as law as it heads out the door. The rapporteur, or the person in charge of seeing the legislation through the lawmaking process, hopes to seek a political agreement between the Parliament and the European Council by the summertime.

Image credit: Wikimedia Commons.

Related:

Topics: Security

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.