Cyber-terrorism will be punishable by death

http://www.dailytimes.com.pk/default.asp?page=2008\117\story_7-11-2008_pg1_8

Only in Pakistan? Shame!

The penalty is limited to an offence that ‘causes death of any person’,
according to the ordinance that will be considered effective from
September 29.

And, thinking of the “for want of a nail” poem, how indirect does this causality have to be? OK, I can see zapping someone’s pacemaker, but how about this:

Suppose a ‘capture the flag’ context such as the one in Kuala Lumpur, Malaysia in late October,  exposed a flaw that allowed someone to hack a database and get a batch of credit card numbers and those were sold off and used, and it happened that one of the cards belong to someone who had their card refused at the gas station and ran out of gas and had to walk home and was attached and raped and killed … in another country.

Well, it seems this law has a get-out. Merely killing someone through intent or neglect is not in itself enough to invoke the application of this law, since it only applies to terrorists:

“Any person, group or organisation who, with terroristic intent,
utilises, accesses or causes to be accessed a computer or computer
network or electronic system or electronic device or by any available
means, and thereby knowingly engages in or attempts to engage in a
terroristic act commits the offence of cyber terrorism.”

So that includes the old Columbo episode where the bomb was triggered by a phone call. A phone, cell or hard wired, is an ‘electronic device’. I don’t think trial lawyers will have any problems convincing a jury of that.

But “cyber-terrorism”? Is threatening someone with pictures of Britney Spears naked ‘cyber-terrorism’? Deluging them with spam?

‘Terroristic intent’ has been defined as: “To act with the purpose to
alarm, frighten, disrupt, harm, damage, or carry out an act of violence
against any segment of the population, the government or entity
associated therewith”.

So the “Alarm: You have so much mail your disk is full” spam deluge warning comes into that category? DDOS by a business competitor comes into that category? Every virus attack, spam attack comes into that category? Kevin Mitnick and Robert Morris would come into that category. Most EULAs probably come into that category! Patent ‘hijackers’ come into that category, and that makes me wonder if most business practices can’t be viewed as being of “terroristic intent”.

How about “scary movies”? Do they frighten you?

Of course the legislators have had other matters brought to their attention and are trying to be inclusive:

Electronic fraud will be punishable with up to seven years of
imprisonment and/or fine, ‘misuse’ of electronic systems with up to
three years, unauthorised access to code with up to three years, and
producing malicious code with up to five years.

“Misuse”? As defined by who? A parent who thinks his son is spending too much time playing games on his Xbox?

“Unauthorised access”? Does this include things like companies who use GPL’d code and then refuse to publish source? Will the government pay for policing and prosecution of this?

Spamming will be punishable with up to a Rs 50,000 fine for the first
offence, and three months in prison for subsequent offences.

What a wimp-out! Spam probably does more harm, damage and disruption than ‘cyber-terrorism’. Its like deaths on the road: they are not spectacular like deaths in war or terrorist attacks, but they mount up and there are a LOT of them. Hunting down spammers and putting them to death would be a better use of cyber-resources than this nonsense about cyber-terrorism and cyber-stalking. Greatest good for the greatest number and all that.

Once again we have an example of politicians going for emotional and highly publicised issues rather than fundamental and functional ones.

If you are alarmed by this news, does that mean bloggers should be put to death?

Reblog this post [with Zemanta]

About the author

Security Evangelist

Leave a Reply