July 12, 2005


Worse Than Death (JOHN TIERNEY, 7/12/05, NY Times)

Last year a German teenager named Sven Jaschan released the Sasser worm, one of the costliest acts of sabotage in the history of the Internet. It crippled computers around the world, closing businesses, halting trains and grounding airplanes.

Which of these punishments does he deserve?

A) A 21-month suspended sentence and 30 hours of community service.

B) Two years in prison.

C) A five-year ban on using computers.

D) Death.

E) Something worse. [...]

I'm tempted to say that the correct answer is D, and not just because of the man-years I've spent running virus scans and reformatting hard drives. I'm almost convinced by Steven Landsburg's cost-benefit analysis showing that the spreaders of computer viruses and worms are more logical candidates for capital punishment than murderers are.

Professor Landsburg, an economist at the University of Rochester, has calculated the relative value to society of executing murderers and hackers. By using studies estimating the deterrent value of capital punishment, he figures that executing one murderer yields at most $100 million in social benefits.

The benefits of executing a hacker would be greater, he argues, because the social costs of hacking are estimated to be so much higher: $50 billion per year. Deterring a mere one-fifth of 1 percent of those crimes - one in 500 hackers - would save society $100 million. And Professor Landsburg believes that a lot more than one in 500 hackers would be deterred by the sight of a colleague on death row.

E): take away his Ayn Rand collection.

Posted by Orrin Judd at July 12, 2005 2:43 PM

F) Diamanda Galas on infinite loop.

Posted by: Mike Morley at July 12, 2005 4:07 PM

G) Take away his scat porn collection. That would make any German weep.

Posted by: Governor Breck at July 12, 2005 4:40 PM

Worms? Viruses? What are those?

Are they those things that PC users are always worried about?

Sorry, as a Mac-ker, I couldn't resist.

Posted by: Glaivester at July 12, 2005 4:55 PM

Now that Mac OSX is based on Unix, it's only a matter of time.

One of my colleagues is a security expert, and in discussions on this subject we're of the opinion that it's 50-50 that within a year you'll have a major Mac security scare.

He has already figured out how some of the exploits will work once they get onto your machine, including one that's only 110 bytes long that'll install a "rootkit". He just hasn't figured out how they'll be deployed, what flaw they'll finally find and exploit. It's also his opinion that, thanks to several years of bad publicity, the latest GatesOS (with all proper updates installed) is the most secure OS out there.

Oh, and with the switch to Intel, hackers won't even have their lack of knowledge of PowerPC assembly language holding them back. Some of their favorite GatesBox and Unix exploits won't have to be recoded for the Mac then.

Posted by: Raoul Ortega at July 12, 2005 5:20 PM

E): take away his Ayn Rand collection.

F): Take away his Starwars action figure collection, that would really hurt.

Posted by: Robert Schwartz at July 12, 2005 5:57 PM

If that crime occurred in Germany, Punishment A is the only likely one to be given. I assume that Sven's unemployment benefits from the government will cover that 30 hours, in all fairness.

Posted by: John J. Coupal at July 12, 2005 8:39 PM

What does any of this have to do with Ayn Rand?

Posted by: bart at July 12, 2005 10:19 PM

Kind of interesting from a substantive criminal law standpoint. What we have, absent some specific anti-hacking statute, which would probably be considered to have pre-empted the crime, is an extreme case of criminal mischief or vandalism, with damages into millions of dollars.

But wait. If a kid throws a rock from an overpass and breaks a car window, we have one kind of offense, but if a motorist is killed as a result, we are into manslaughter at least. Can we find any evidence of someone having lost his or her life as a result of the computer crime? Perhaps someone on the operation table or on life support? Pass over questions of proof, as the profs say, assume that a prosecution expert could provide enough to get it to a jury.

Off-the-wall sub crim law issues don't get prosecuted in real life, but this would be a good script line for Law and Order. Better someone should get him to convert to Islam, sew him into a hog's hide, and kick him out of the back of a CH-53 3000 feet over ground zero.

Posted by: Lou Gots at July 12, 2005 11:35 PM

Raoul -- you know how many copies of un-updated Windows there are out there? Because of Microsoft refusing to allow pirated copies to be updated, they are a time bomb. It takes what, 11 minutes, for a Windows machine to be compromised and turned into a zombie?

I have a Toshiba Portege laptop which I bought because it gets 8 hours battery life and weighs 2.5 pounds. I use it for writing, but I wouldn't let it touch the Internet with a ten foot bamboo pole. All my Internet activities have been safely conducted on various Macs since 1991. (For the last five years, behind a software firewall and a proxy server and a hardware firewall, of course.)

At least Apple doesn't stop pirated copies of OS X from being updated. That is the stupidest thing Microsoft has ever done.

Posted by: Randall Voth at July 13, 2005 8:53 AM

Randall: The real issues are IE and Outlook. Get rid of those two, and infection is very unlikely.

Posted by: Robert Schwartz at July 13, 2005 10:32 AM

More like 11 seconds.

Of the problems today is that by the time you've downloaded the necessary patches from Windows Update, your computer is already infected.

Posted by: Gideon at July 13, 2005 11:45 AM

Robert -- in other words, don't access the internet with Windows ;-) (Yes, I know about Mozilla)

Posted by: Randall Voth at July 13, 2005 7:11 PM

Randall: You got it. Use the power of the lizard.

Posted by: Robert Schwartz at July 15, 2005 2:15 AM