It is not uncommon to hear IT security experts opine that the only way to prevent virus writers and hackers from succeeding in their nefarious endeavours is to stiffen the laws against their activities. Such an argument asserts that bigger penalties will scare off those miscreants who are currently plying their trade with a laugh and a thumbed nose toward the authorities.
Indeed, in most cases, the experts say, the legal ramifications of network sabotage don’t even enter into the thinking of hackers, due to the feeble set of laws that currently exist in Canada. When a few of these people are given 10-year prison terms and/or fines that will leave them destitute for decades, the population of the hacker community will steadily wither away, the thinking goes.
And the thinking is sound. It’s a safe bet that tougher penalties would make a college kid with a talent for programming and too much time on his hands think twice about unleashing the next Sobig or Blaster.
But any IT manager hoping for this happy set of circumstances to appear any time soon is certain to be disappointed. The problem relates to the fact that the two primary entities involved in this scenario – big business and the legal system – are in many ways polar opposites. And these differences make it inherently difficult for a lasting solution to be arrived at.
The business world is characterized by speed – the speed of competing organizations chasing a limited amount of capital and attempting to scurry toward it faster than their rival maze rats. It is based on looking forward and not wasting time thinking about what happened yesterday, be it good (a quarter of record profits) or bad (a debilitating hack that brought business to a halt.)
The legal world, by comparison, is very much based on a deliberately careful approach that seeks to consider all aspects of a given dilemma in microscopic detail. History, in the form of precedents, is very much a part of the legal machine. It might be slow, but when lives and livelihoods are on the line, there is no room for error. And this comparatively slothful modus operandi is what has made the western legal structure work relatively well for hundreds of years.
If corporations want to make an effort to get the legal system on their side to prevent hacker attacks on their networks, they have no choice but to play by the latter’s rules. That means getting off the busy highway that is corporate activity and onto the backwoods rural routes of the justice system – a momentous shift in attitude.
Given the fact that these attacks are starting to hit bottom lines severely and that they are not going to disappear any time soon, there’s little doubt that big business will turn to the law for help and will continue to increase the volume of their clamouring for legal repercussions. But adjusting to a different speed limit will take time; it’s but one more hurdle the enterprise must overcome on the road to a saner networking environment.