[0] Although I was implying that perhaps USians should appreciate the forced government transparency. It's kind of odd to talk about "material damages" due to crimes being exposed - it seems like damages are better ascribed to the original acts themselves.
Sentences are across the board too high. The US isn't accomplishing anything with a 4 year sentence in this case than it would with a sentence of 1 year. But we should be careful to remember that white dudes messing with computers are not an especially persecuted class.
Low-level gang members get their raw deal from being systematically trapped in their situation. Go to jail, get out of jail, find no other opportunities, repeat.
Punishment divided by harm-caused obviously goes to drug users, being infinite.
Hacking has stiff criminal penalties for many things that should be civil matters at best, precisely because it makes powerful people realize how tenuous their control actually is.
Let's not succumb to identity pity politics about who has it the "worst". Each codified injustice is ultimately the result of a ruling class slowly eroding the rule of law for its own benefit.
(Also, I'm pretty sure the definition of "hacker" does not imply "white dude")
That defines the harm as being zero. I'm not sure that's the case. Some drugs (angel dust, at a minimum) greatly increase the user's propensity for violence. And the argument for saying "they haven't done anything yet, so arrest them for the violence when they do it" is similar to saying "drunk drivers haven't caused any harm yet, so wait until they cause a crash before you arrest them". The harm to others is (for drunk driving and some drugs) too likely to follow to simply wait for it to occur.
Perhaps computer crimes are more disruptive than shed burglaries, because most of us depend more on computers than we do on sheds, and it is easier for most people to understand a shed burglary and how to take steps to protect their sheds.
The 1981 Isaac Asimov short story "A Perfect Fit" took an interesting look at that. The story can be read online here: http://www.edn.com/electronics-news/4319939/A-perfect-fit
If so many people depend on computers, then shouldn't actually securing them be a priority? If an individual shirks doing the work to understand account access the way they understand shed access, then are they not partially to blame for the result? This is awfully close to leaving a shed door open and then complaining something must be done about the wildlife.
The story was interesting, but I found the end abrupt and incongruous. Asimov clearly demonstrates an understanding of advancing to de facto reliance, so prescribing "take it away" is overly simplistic.
If the society relies on such law to prevent people from defrauding computers, then it has a gaping vulnerability to someone who just exploits the enforcement computer first. And if it doesn't rely on it, then the punishment need not be so draconian - applying a similar punishment to a violent criminal would mean that everyone from polite society would be free to attack them with impunity. Which I believe we used to do to those who evaded the law ("outlaw"), but stopped.
The post-hoc "rule of law" is a Schelling point because it is the best we can do in the physical world. But the entire advancement of networked computing is to preemptively create formal mechanically-executed protocols rather than relying on ill-specified natural language ones. It's regressive to insist that the virtual environment be ruled by both regimes, causing any benefits from formalism to be erased by the ambiguity of the legacy system.
Now obviously actions through computers can have physical-world effects, and if there is an intent for a real-world crime that is still justifiably illegal. Deliberately shutting off a ventilator remotely is still murder. But the current status quo is basically demanding the right to casually connect a ventilator to the Internet, have it fail due to a portscan or other Internet background radiation, and then blame "Anonymous" instead of putting the manufacturer and hospital administration in jail for gross negligence.
Breaking into warehouses is a crime because no matter how bad a job the owner of a warehouse does at locking their warehouse up, we don't want random people breaking into other people's property. Why would the logic for Internet sites be any different?
Also, as I'm fond of pointing out: you can coherently and reasonably lobby for liability for site owners who fail to keep out hackers. But I don't think most HN readers are going to like where that leaves the industry. Hint: Facebook and Microsoft aren't going to have any real problems surviving. But indie developers? Different story.
