The UK government is mulling over a new law that would see life sentences dished out to hackers who carry out “cyberattacks which result in loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof,” according to The Guardian. But the law wouldn’t just cover cyberattacks that affect Britain’s national security, as it would also apply to hackers who carry out corporate espionage, meaning those who steal secrets could also be locked up for life.

Those responsible for drawing up this law might have good intentions, but it couldn’t have come at a worse time. As The Guardian reports, not only would the law jail the real criminals, but it would also criminalize the actions of people who work to improve the Internet’s security.

From The Guardian:

“Any researchers looking for the recent Heartbleed bug, which left a vast number of websites open to attack, could have been charged under British hacking laws, said Trey Ford, global security strategist at penetration testing firm Rapid7. ‘It’s concerning that the law designed to protect people from cybercrime also penalises activity designed to identify areas of cyber risk,’ he said.”

The discovery of Heartbleed alone should be enough to make lawmakers reconsider implementing a new law that would dissuade people from detecting new vulnerabilities in Internet security. There aren’t enough people actively searching for problems as it is, and criminalizing this would only make the task less appealing. Heartbleed went undetected for two years, even though two-thirds of the Internet rely on OpenSSL – stopping people from searching from these kinds of bugs would only make the Internet a more dangerous place.

Not that we should be surprised by all of this. Lawmakers don’t exactly take the most even-handed approach when it comes to digital crime. The case of Aaron Swartz, who committed suicide after being charged and threatened with jail for downloading files from MIT’s network, is a fine example of their heavy handed approach. As is Barrett Brown, an activist journalist who’s facing 100 years in prison for linking to a page with stolen credit card numbers. The prosecution of those who break digital copyright laws has become a modern day witch hunt.

Now the UK is considering equating those who commit “corporate espionage”, or similar actions – the same actions used by people who try to find security vulnerabilities that we actually need to find – with acts of cyber-terrorism. Perhaps instead of handing out life sentences for those who commit such witchcraft hacking offences, we should just set them on fire and get it over with?

photo credit: ~Brenda-Starr~ via photopin cc