The EU is considering forcing member states to bring in a law which will give hackers a minimum two year jail sentence.

While the law might serve the purpose of ruining the lives of a few script kiddies, what has most people worried is that it could criminalise the IT security industry. The proposed directive, was backed by 50 votes at the European Parliament's Civil Liberties Committee compared to one against. If it is adopted the UK would no longer rely on the Computer Misuse Act. The Act has a maximum sentence of two years for a single breach of systems. If there are "aggravating circumstances" such as wide-scale attacks using botnets, or those that cause serious damage the person could be locked up for five years.

European Parliament rapporteur Monika Hohlmeier insists that the law is designed to deal with "serious criminal attacks", some of which are even conducted by criminal organisations. Unfortunately like most laws with minimum sentences, the proposed act fails to understand that hacking is often the only way that people know about security flaws.

Andrew Miller, Chief Operating Officer at Corero Network Security said that while the law is a positive step in the international effort to rein in cyber criminals. But he is worried that the law has certain things inside it which would make life difficult for security experts like himself. For example there are rules against the creation and distribution of hacking tools.

"In an effort to combat cyber attacks, security researchers and ethical hackers are continuously seeking these tools to demonstrate weaknesses within an organisation's network and as a way to reverse engineer
solutions to combat hacks. The spotlight should be on the crimes committed with the hacking tools rather the tools themselves," he said.

A security consultant who hacks into a system or software with the aim of notifying the company could find themselves automatically locked up for two years when a Judge might have just thrown the case out.