There are a number of interesting provisions in the Specter-Leahy Bill on Cyber-crime just approved by the US Senate (including, for instance, the ability to prosecute a business used as a cover by identity thieves, as opposed to only the individual identity thieves themselves), but the one which caught my eye was this: it will be a felony to use spyware or keystroke loggers 'to damage 10 or more computers, regardless of the aggregate amount of damage'.
Part of me wonders whether there's a potential legal challenge there around the notion of 'damage' - but I'm also interested to see the felony arise out of the number of computers affected, rather than any resulting harm. In the UK, the Information Commissioner's Office has recently been suggesting a move in the other direction - away from prosecuting for a 'breach in principle' and towards prosecuting on the basis of 'actual harm'.
As we've seen with the Californian Breach Notification law, a well-intentioned piece of legislation can, in the longer term, produce unexpected consequences even if the short-term results are positive. It will be interesting to see whether these different US and UK strategies produce widely divergent outcomes.
My thanks, incidentally, to Shin Adachi for the initial pointer to the eWeek article.
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}
Perhaps you are hesitating to invoke your company slogan, so allow me to do it for you.
"The Network is the Computer".
For example, the US Government has one gigantic computer. (It just happens to be deployed over hundreds of thousands of servers and millions of laptops, but it is still only one big computer.) Haven't these guys read Asimov?
Posted by Richard Veryard on August 05, 2008 at 02:46 PM GMT+00:00 #