This post serves to illustrate yet ANOTHER idiosyncrocy of the technological age. We had better get down to brass tacks pretty quickly and start defining what level of criminality these criminals are at. A few attempts at illustration:

Major metropolitan areas like New York and Chicago spend millions of dollars a year in order to clean graffiti from subway train cars. Should every graffiti artist and random vandal be charged with millions of dollars in damages (the cost of keeping trains clean) when they are caught? If so, why? If not, why not? What if they ar habitual? What if they used a very resiliant paint, over and over, on the same train?

Should placing foreign objects on train tracks be punishable by life in prison? Why or why not? It clearly shows a "reckless disregard" for life and property. What if they place large objects? Explosives? Barricades?

Should someone who tresspasses into your network and causes no harm face federal charges? What if the hacker breaks something? What if he steals something? What if he steals money? What if he shuts down your entire network for hours?

The above examples are all activities of typical juvenille behaviour that increase in severity and in accepted punishment. Only in the field of computer networks is there very little scalability. One punishment fits all seems to be the rule. Hackers are not burglars, a burglar has the potential to cause you real physical harm. There is an implied physical threat in burglary that is not present in your typical hack. While it is certainly not a victimless crime (i've spent my time pouring through IDS logs) neither does it rise to the level, in most cases, of burglary. Perspective is what is needed now, not tired old metaphors that don't really apply and serve only to cloud the issue. What punishment fits the crime? Is computer crime punishable under different standards just because it involves computers? These are the issues at hand.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/358/11436#11436