My two cents on this subject... (Dunno if it will be approved, but, nonetheless... =P) There has been a lot of talk on this, about legislation, and everything else. But I do believe that one of the aspects of this discussion hasn't been raised yet. Mainly its about why and how will security be kept if any kind of ironclad legislation is created and enforced. For example, let's say that every kind of trespasser is judged and severely punished. What kind of behaviour would it create as a global effect (I mean, not talking only about the hacker and the hacked server)? Would it create some kind of environment, where small server businesses would just forget about security and prosecute every trespasser? What would it be of every buffer overflow bug already found? Would the really have been corrected, if any user of this kind of bug had been prosecuted and punished? Nowadays the average user installs some kind of packet filter, and an anti-virus, but what if it had always been severely punished? (Not that I do actually enjoy those scripts that continuously try default passwords at my system, nor believe that it should be done...) I _DO_ believe that it should be illegal, for it is without a doubt, a violation and/or a crime nonetheless, and as such, it should be judged as any kind of trespassing, with distinction to the damage done. But I do wonder what kind of effect it would create if it was enforced with no distinction in regard to the damage done... Would security have as much attention as it is given now? Like everything else in life, its secret lies on the equilibrium between the opposites... Just my two cents worth of thought... =P
