New Michigan Law Makes Possession of Ransomware Illegal

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
Content source
https://www.bleepingcomputer.com/news/security/new-michigan-law-makes-possession-of-ransomware-illegal/
On Monday, Michigan Governor Rick Snyder signed two bills into law that criminalize the possession of ransomware "with the intent to introduce it into a computer or computer network without authorization" and punish offenders with a three-year prison sentence, respectively.
Legislators initially sought a ten years prison sentence, but this was knocked down to three years in subsequent deliberations.
Two new laws correct a legislative loophole
The two new laws —PAs 95 and 96 of 2018— are based on two bills —HB-5257 and HB-5258— introduced last year by Michigan House Representative Brandt Iden, of Oshtemo, and Representative James Lower, of Cedar Lake, respectively.
Rep. Iden said he wanted to correct a legislative loophole that only punished cybercriminals for using the ransomware, but not possessing it.
According to the new bill, if a suspected cybercriminal is arrested and ransomware is found on his computer, the suspect would end up in prison, even if he didn't get to infect any victims. This, in theory, should make it easier for state authorities to go after suspected ransomware developers, affiliates, and others involved in Ransomware-as-a-Service operations.
......
......
Click to expand...
1,300+ ransomware incidents reported in Michigan last year
According to FBI statistics, there were over 1,300 ransomware incidents reported in the state of Michigan last year, with damages estimated at around $2.6 million.
.....
.....
Click to expand...
 
  • Like
Reactions: Daviworld, Deleted member 65228, Sunshine-boy and 5 others
F

ForgottenSeer 58943

Actually what this sounds like is;

1) A method to incriminate the non-guilty. That is, there are many reasons one may possess ransomware. Researchers, white hats, inquisitive people, etc. This would largely incriminate them bypassing the 'intent' protection our normal legal system affirms.
2) Potential entrapment. Can you imagine the feds implanting ransomware on a system, arresting the individual, and incarcerating them as a result of this? It's something that needs to be considered.

But for the sake of argument lets assume the purpose is exactly as stated;

Then we always need to be careful when we bypass the protection of intent and go for mere possession. Then we start encroaching on constitutional protections. For example it is fully legal to have a book on Revenge. The legal protection of lack of intent is in place for you as there is no evidence you intend to actually implement revenge but the freedom to study revenge is constitutionally protected.

Ultimately, this will be overturned by the Michigan Supreme Court if someone lodges a challenge. Make no mistake, our constitutional rights are being chiseled away and there are powerful forces working to re-write or eliminate the constitution. So we must hold them to account or face continued declining freedoms.
 
Last edited by a moderator:
  • Like
Reactions: Daviworld, Deleted member 65228, upnorth and 2 others
zzz00m

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
ForgottenSeer 58943 said:
Actually what this sounds like is;

1) A method to incriminate the non-guilty. That is, there are many reasons one may possess ransomware. Researchers, white hats, inquisitive people, etc. This would largely incriminate them bypassing the 'intent' protection our normal legal system affirms.
2) Potential entrapment. Can you imagine the feds implanting ransomware on a system, arresting the individual, and incarcerating them as a result of this? It's something that needs to be considered.

But for the sake of argument lets assume the purpose is exactly as stated;

Then we always need to be careful when we bypass the protection of intent and go for mere possession. Then we start encroaching on constitutional protections. For example it is fully legal to have a book on Revenge. The legal protection of lack of intent is in place for you as there is no evidence you intend to actually implement revenge but the freedom to study revenge is constitutionally protected.

Ultimately, this will be overturned by the Michigan Supreme Court if someone lodges a challenge. Make no mistake, our constitutional rights are being chiseled away and there are powerful forces working to re-write or eliminate the constitution. So we must hold them to account or face continued declining freedoms.
Click to expand...

Interesting analysis, but I think you may have overlooked the wording in the bill that was signed.

the possession of ransomware "with the intent to introduce it into a computer or computer network without authorization"
Click to expand...

So you would still have the defense of "lack of intent" which would be applicable to a malware researcher, or something related to that.

I think that some developers and sellers of these malware tools may be getting away because they are not actually the ones implanting it. This new bill can let authorities nab the whole supply chain when they catch the guys running the malware. The innocent can still stand behind "lack of intent".

I think that is a good thing! (y)
 
  • Like
Reactions: Daviworld, Deleted member 65228 and Schank873
F

ForgottenSeer 58943

zzz00m said:
Interesting analysis, but I think you may have overlooked the wording in the bill that was signed.



So you would still have the defense of "lack of intent" which would be applicable to a malware researcher, or something related to that.

I think that some developers and sellers of these malware tools may be getting away because they are not actually the ones implanting it. This new bill can let authorities nab the whole supply chain when they catch the guys running the malware. The innocent can still stand behind "lack of intent".

I think that is a good thing! (y)
Click to expand...

Indeed, I missed that part.:whistle:

They made sure it included intent because it wouldn't be constitutionally valid and would likely fall to a challenge. In the USA, for those that don't know, you can pretty much say anything you want as long as you don't intend to act on it, and establishing intent without cause or circumstance rarely succeeds in court. One thing to realize, as long as you don't threaten to harm yourself, or others, you are largely protected from everything you do by virtue of the US Constitution. (with rare exceptions, like yelling fire in a theater, etc) The old saying is 'No intention, No conviction'.

*We have a constitutional lawyer in the family so I hear this talk incessantly. :sneaky:

Anyway, I agree, it's a good law from appearances..
 
  • Like
Reactions: Daviworld, zzz00m and Deleted member 65228
You must log in or register to reply here.

Similar threads

nicolaasjan
    • Like
    • Applause
Security News US Sanctions Affiliates of Russia-Based LockBit Ransomware Group
Replies
0
Views
1,611
Security News
nicolaasjan
nicolaasjan
upnorth
    • Like
    • +Reputation
    • Thanks
Ransomware The Hard Truth about Ransomware
Replies
6
Views
2,477
Malware Analysis
plat
P
upnorth
    • Like
Japanese Government Approves New Bill to Criminalize Manga Piracy
Replies
1
Views
985
News Archive
show-Zi
show-Zi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top