My two cents on this subject...
(Dunno if it will be approved, but, nonetheless... =P)
There has been a lot of talk on this, about legislation, and
everything else. But I do believe that one of the aspects of
this discussion hasn't been raised yet.
Mainly its about why and how will security be kept if any
kind of ironclad legislation is created and enforced. For
example, let's say that every kind of trespasser is judged
and severely punished. What kind of behaviour would it
create as a global effect (I mean, not talking only about
the hacker and the hacked server)? Would it create some
kind of environment, where small server businesses would
just forget about security and prosecute every trespasser?
What would it be of every buffer overflow bug already found?
Would the really have been corrected, if any user of this
kind of bug had been prosecuted and punished? Nowadays
the average user installs some kind of packet filter, and
an anti-virus, but what if it had always been severely
punished? (Not that I do actually enjoy those scripts that
continuously try default passwords at my system, nor
believe that it should be done...)
I _DO_ believe that it should be illegal, for it is
without a doubt, a violation and/or a crime nonetheless,
and as such, it should be judged as any kind of trespassing,
with distinction to the damage done. But I do wonder what
kind of effect it would create if it was enforced with no
distinction in regard to the damage done... Would security
have as much attention as it is given now?
Like everything else in life, its secret lies on the equilibrium
between the opposites...
Just my two cents worth of thought... =P
