Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers


Sentencing Study Probes Hacker Motives

The courts may someday treat recreational hackers with a gentler justice

than malicious intruders and cyber thieves, depending on the results of a

study being spearheaded by a member of the government commission responsible

for setting federal sentences.

Since September 11 and the passing of the USA Patriot Act into law, hackers

have been lumped into an homogeneous and enigmatic category of evildoers,

along with terrorists, drug dealers, and arms smugglers. The act provides

for a maximum of ten years in jail for first time computer criminals, and

the definitions of these crimes are vague at best.

But the USA Patriot Act alone does not govern how judges sentence hackers.

That job is left up to the United States Sentencing Commission (USSC), and

the task of discerning the harmless intrusion from the harmful has fallen

squarely on the shoulders of Michael Edmund O'Neill.

The USSC, as O'Neill puts it, "creates sentencing guidelines for all federal

courts. It crafts the guidelines that enable judges to choose appropriate

sentences within statutorily authorized ranges." That means that the

commission is responsible for building charts and formulae that tell federal

judges what range of possible sentences a criminal should face -- from

probation to life imprisonment. The term "guidelines" is slightly misleading

here: these guidelines are binding, and all federal judges must sentence

according to them.

Currently, the guidelines regarding computer crime are the same as for

larceny, embezzlement and theft, with factors like financial loss and "use

of special skills" dictating the offender's sentence. O'Neill hopes to

refine the guidelines for computer crime, possibly making the intruder's

motives a factor in their legal fate.

O'Neill is certainly the commissioner most qualified for the task. He

describes himself as the product of what was possibly the most

technologically advanced high school in Wisconsin. In the mid 1980's, while

other schools were struggling to keep their Apple IIs up to date, O'Neill's

high school was teaching its students how to program C, Fortran, and Cobol.

Later, while he attended Brigham Young University in Utah, O'Neill got a

summer job writing WordPerfect's first thesaurus in C.

It's not the sort of background you'd expect to see behind Clinton's last

appointee to the seven-person United States Sentencing Commission. When he's

not writing sentencing guidelines, O'Neill is an assistant law professor at

George Mason University, and it is here that he is undertaking his academic

study on the causes and rationales behind computer crime.

Sentences Rarely Drop

The rationale most commonly found: Money. Those that would steal credit card

numbers, commit identity theft, or build elaborate con games to harvest cash

are at the focal point of O'Neill's investigation. As O'Neill puts it "The

Internet affords con-men access to a massive number of people. Why should

the laws be any less stringent when the criminal has access to twenty times

more potential targets?"

But con artists aren't the only ones under O'Neill's microscope. O'Neill

says his team has been interviewing convicted hackers in order to find out

where the line between experimentation and exploitation can be drawn

effectively. His study may result in new sentencing guidelines that treat

minor hacking offenses as vandalism, rather than imprisonable crimes.

Hacker defense attorney Jennifer Granick is skeptical. "In my experience as

an observer [of the USSC] I have rarely, if ever, seen sentences go down,"

says Granick, the litigation director at the Stanford Center for Internet

and Society. "In order for them to be fair, they're going to have to go


Granick worries that O'Neill will simply increase penalties for more severe

intrusion, while using the current sentencing guidelines for harmless

attacks. If so, sentences for script kiddies would remain the same, while

hardened professionals could see sentences skyrocket past 20 years.

It remains to be seen how O'Neill's study will sway his fellow USSC members.

Perhaps his research will help keep harmless experimenters out of jail. Or

it may increase sentences for all computer criminals, regardless of their

crimes. Either way, in the coming months, the USSC will hold in its hands

the fate of hackers, script kiddies and cyber thieves across the U.S. By Alex Handy

blog comments powered by Disqus