The UK government revealed new plans this week to punish computer hackers more severely, with certain types of cyberattack to be met with life sentences.
Under the serious crime bill proposed in the Queen’s speech, hackers who carry out attacks resulting in “loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof" would face life sentences.
Meanwhile, amendments to the 1990 Computer Misuse Act would raise the sentence for cyberattacks with "significant risk of severe economic or environmental damage or social disruption" from 10 years to 14.
Karen Brady, minister for Organized Crime, said the proposed amendments were necessary considering our increase “reliance on computer systems” and the “grave consequences” that could arise from an attack targeting critical infrastructures.
However, others were concerned that the new laws could punish benevolent security researchers. Trey Ford, a strategist at tech security firm Rapid7, told the Guardian that the individuals who uncovered the recent Heartbleed security bug could have been punished under British hacking laws.
"It's concerning that the law designed to protect people from cybercrime also penalises activity designed to identify areas of cyber risk," said Ford.
The executive director of the Open Rights Group Jim Killock also noted that the bill might be unnecessary as current laws already carry significant punishments for terrorism – regardless of whether they’re cyberattacks or not.