> I think that there are appropriate (and possibly over-harsh depenidng
Shouldn't it be dependent on what type of money was lost during an
attack? Somewhat comparable to injury compensation?
Here's a non-relevant anecdote you reminded me of:
I once worked one summer for a construction company that was
extending a mass-transit train line northeast of Washington, D.C.
The tracks of an existing rail line parallel to our new line
was laid upon about 6' of small rocks. Along those rocks for
several yard/meters, a very thick metal-foil shielded cable
jutted out from its rocky protection.
I asked another crew member, "What's that?"
"Oh, that's Sprint's fiber up the northeast corridor, " he replied.
"It shouldn't be lying out there, should it? What if I or someone
else took a shovel to it?"
The foreman commented, "We'd be sued for $100,000 for every 10 minutes
the line was cut."
Being good at math, I was awestruck, "That's 6 million dollars per
hour!"
"Yeah, you'd likely be fired before the rest of us would be laid off,"
added our foreman.
It gave me new-found respect for loose cables and later for Wiltel's
gas pipe right-of-ways.
IMHO, I'd say it's up to an ISP to calculate how much an attack costs
them if they catch a hacker and then take them to trial. You don't hear
of ISPs taking people to trial, though, just cutting off their access.
If hackers know that they'll be sued if they're caught, it might deter
them (from being caught at least ;^).