A writer at Ziff-Davis thinks that we should "Make the punishment fit the cybercrime" (link dead, sorry). He thinks that our cyber-crime laws are too tough and that since the two people caught propagating the SoBig virus were not the original authors, their punishment should be lighter.
I disagree, and I'm particularly tired of seeing "youth" and "young men" used as a ploy to gain sympathy. Both of these people are old enough to know better, and tecnically savvy enough to be quite aware of the damage they intended to cause. This isn't the very first Internet worm, where Robert Morris could quite legitimately claim that he had no idea the effects would be so dramatic. These people knew exactly what they were doing.
Here in the U.S., the punishment could theoretically be 10 years to life in prison. People concentrate on the "life" part, but there are good reasons for that being there: cyberattacks could be employed with the intent of shutting down hospitals, causing train wrecks, etc. and in those cases life imprisonment would be appropriate. In this case, the intent was business disruption, so the lighter end is more fitting. But that's why these laws are written with these broad ranges: exactly to "let the punishment fit the crime".
The SoBig worm continues to flood mailboxes today, weeks after its release. MSBLAST disrupted business and caused significant expense for untold numbers of businesses. The article I referenced says that "It's time to put cyber punishments in perspective". I agree, and my perspective is that these things cost a lot of money, a lot of time, and decrease quality of life for everyone. Let the punishment reflect that.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2012-06-23 Tony Lawrence
UNIX does not allow path names to be prefixed by a drive name or number; that would be precisely the kind of device dependence that operating systems ought to eliminate. (Andrew S. Tanenbaum)