Let people know about a security vulnerability - spend 16 months in jail
Now here is an
interesting article; a man sends mail alerting some customers of a particular
e-mail service that there are known security vulnerabilities in that service.
He gets charged with a crime and spends 16 months in jail.
Gina (the lawyer in the family) tells me he probably did do it wrong – he should
have sent the company a certified letter warning of the vulnerability, and gone to
the press if that failed. (or some other appropriate channel, but I’m
not sure where else he could have legally gone.) Even so, 16 months in jail
seems very harsh for the crime committed. I think he should have just been charged
damages for the company’s losses, or some similar penalty.
This reminds me of those records label folks who want to send people to jail for copying
music – sure, its not right, but there must be some intermediate level of punishment!