The European Parliament approved by vast majority a new draft law which could find hackers facing jail time for at least two years, including those who distribute hacking software and tools.
Companies would also be found liable for any hacks that could actively benefit them, just as car makers would be held liable if they didn't throw in complementary seatbelts and airbags into their magical moving vehicles.
Europe's place is to create laws which would affect all 27 member states of the Union, as part of efforts to harmonise the individual discrepancies in each legal system. The upcoming European Data Protection Regulation is just one example, to allow data to freely flow from one European state to another, without one country over-egging the privacy pudding.
In the UK, for example, a person can be sent to prison for 10 years for serious offences under the Computer Misuse Act 1990, but while this kind of law is mostly in place around Europe, the penalties vary vastly across the continent.
Under the proposals, there would be a universal Europe-wide set of criminal laws which would criminalise: "cyber attacks against an information system", such as, "a network, database or website. Illegal access, interference or interception of data" would also be deemed illegal.
But those who conduct large-scale attacks, such as botnets or attacks that cause considerable damage against a state or a company, a power plant or a transport network, could face five years in the slammer.
Small-time hackers who break into their ex-partner's Hotmail account with a password they already know, and read their messages, for example, would be a gross breach of personal privacy, but "minor cases" compared to the shutting down of an entire city's power grid would likely not be worthy of the prison system.
The proposed law goes into more detail. IP spoofing would be a three-year prison offense, while industrial espionage attacks --- such as a company hiring a hacker to get access to a competitor's database --- would result in the hiring company being liable for damages.
A similar case reared its ugly head in the wake of News Corp.-owned giant NDS allegedly hiring hackers to ultimately bring down a competitor, which caused the collapse of Sky's digital TV rival, ITV Digital.
The proposed law stems from a massive cyberattack in Estonia in 2007 and Lithuania in 2008. Estonia's was the target of the Russian government, which crippled the country's infrastructure for over a week.
While in draft form at the moment, proposing legislation in the European Parliament goes a long way to seeing it as law as it heads out the door. The rapporteur, or the person in charge of seeing the legislation through the lawmaking process, hopes to seek a political agreement between the Parliament and the European Council by the summertime.
Image credit: Wikimedia Commons.
- European Parliament ‘opposes’ SOPA copyright law in new resolution
- European Commission stonewalls Parliament over Patriot Act fears
- European data protection law proposals revealed