In the United States, the Computer Fraud and Abuse Act (CFAA) assumed a high profile in the wake of Aaron Swartz’s suicide. Now, the European Union has approved a law which, will severely increase penalties for computer-oriented crimes.
CFAA, written decades ago, provides what many consider disproportionate penalties for and vague definitions of hacking. The law has been decried to the point that a California lawmaker is attempting to amend it with “Aaron’s Law.”
The EU law would standardize and increase penalties across the whole of the union. It would mandate two year minimum sentences for anyone so much as attempting to access any information system illegally. For attacks on infrastructure, such as refineries or rail systems, the sentences could go as high as five years.
It would also increase jail time for anyone intercepting electronic communications, as American intelligence has recently been accused of doing, or producing tools to do so, as Blue Coat and HP are accused of having done in Syria and Iran respectively.
Europe does not have a one-to-one relationship with the U.S. when it comes to the specific online threats it faces. For one thing, organized crime groups using botnets are thick as thieves in the former U.S.S.R., part of Europe, or on its border depending on how you define the continent.
Another aspect that affects how Europe deals with hacking is its privacy and data protection laws, which are, by and large, much stricter than their counterparts in the U.S. A number of European countries, and pan-European organizations, went after Google in the wake of its allegedly accidental capture of user information by Google Street View teams and tech.
Finally, the revelations of American electronic spying by the National Security Agency (NSA), courtesy of whistleblower Edward Snowden, have rocked Europeans back on their heels—the European public, if not its politicians and law enforcement authorities.
The European Parliament in Strasbourg approved the new law 541 to 91. Member states will have two years to manifest the law in their national law codes and enforcement regimes. Denmark alone has opted out, preferring to retain its current laws.