Hackers who commit cybercrimes that threaten the U.K.’s national security could soon face life in prison, government officials recently proposed.
Cyberattacks resulting in “loss of life, serious illness or injury, or serious damage to national security or a significant risk thereof” would carry a full life-sentence penalty, according to a proposed amendment to the Computer Misuse Act of 1990. The government announced plans to amend the act in Queen Elizabeth II’s speech at the state opening of Parliament yesterday.
The intended changes to the law are part of the so-called “serious crime bill,” which would also carry stiffer sentences for electronically sabotaging industrial targets. For example, attacks that create “a significant risk” of severe economic, environment, or social damages could land hackers in jail for up to 14 years, which is up from the current maximum 10-year sentencing limit.
“This bill would ensure that in the event of such a serious attack those responsible would face the justice they deserve,” said Karen Bradley, the U.K.’s minister for organized crime.
The changes would bring the U.K. in line with the U.S., which introduced life sentences for computer hackers following the Sept. 11 terrorist attacks in 2001.
Security experts expressed concern that the U.K. government could prosecute researchers looking for software vulnerabilities in the same way it deals with hackers with malicious intent.
“It’s concerning that the law designed to protect people from cybercrime also penalizes activity designed to identify areas of cyberrisk,” Trey Ford, a global strategist at security firm Rapid7, told the Guardian.
To prosecute hackers under the proposed amendment, the British government would need to confirm the attacks had a “significant link” to the U.K.