New sentencing laws proposed in the UK would see serious hackers sentenced to life in prison, in an update to the Computer Misuse Act 1990.
The proposal, which was included in yesterday’s Queen’s speech, pertains to “cyberattacks which result in loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof.”
More sever sentences for hackers that infiltrate and damage businesses have been suggested too.
Jim Killock of the Open Rights Group has criticized the proposal, saying that it would be difficult to justify, when speaking to the Guardian.
“If a supposed cyberterrorist endangers life or property, there are existing laws that can be used to prosecute them,” Killock said.
A number of other experts have chimed in to say that the law would ultimately punish hackers that don’t have malicious intents, especially pentesters with a view to finding holes that can be patched for the better.
Any researchers looking for the recent Heartbleed bug, which left a vast number of websites open to attack, could have been charged under British hacking laws, said Trey Ford, global security strategist at penetration testing firm Rapid7. “It’s concerning that the law designed to protect people from cybercrime also penalises activity designed to identify areas of cyber risk,” he said.