"You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance," he said.
This is the kind of thing that makes my blood boil.
While it is indeed despicable to imagine that there's a different law for big and small companies, it is long known that the size of actual and potential harm is considered when crime and punishment is being discussed. One would probably get different punishment for stealing $10 and stealing $100K (though if you manage to steal $100M you may actually get away with it, but that's another story).
If his lawyer would argue (and a good lawyer probably should) that "he did no harm to anyone, of course it's illegal but he didn't mean to hurt anything and he did not, so let's not throw the book at him" - it could influence the outcome. In this case, the judge didn't buy it.
You can't compare this to $10 vs. $100000K because the actual damage done here versus him doing the same thing to the servers of a small company is not x10000 the size, if that makes sense. The harm caused in both cases is negligible.
I suppose you could count the large amount of time facebook probably had to spend going through their systems to make sure they were clean. Surely the money for their security team was already spent though?
Also, isn't messing around with the records of a small business somewhere that probably doesn't even have proper backups actually more potentially damaging than poking at part of a globally distributed, multiply redundant decentralised system like facebook?
It was really the way the judge chose to phrase that whole bit that annoyed me to be honest.
Surely the money for their security team was already spent though?
I doubt Facebook's security team is just sitting idly waiting for an attacker to give them something to do. Each hour devoted to this is an hour they can't use for other tasks, besides the possibility of having to pay overtime.
You do realize there are people in jail in California for life for stealing very small amounts, due to the "3 strikes law", where as the people responsible for sucking billions out of the US economy... well, none of them have gone to jail. (I did read about someone that did go to jail, but he was a low-level actor... it was clear it was a sacrificial lamb).
I know and do realize. I know there are people in jail in California for not stealing anything at all but enjoying in their privacy some activities that the government does not condone and considers bad for them, so it puts them in jail, which is obviously much better for them. I realize all the sad state of it. I'm just noting one small point that the size of the harm does matter and always had and will matter in the court, whatever we may be thinking about it.
Even sacrificing lambs is useful - with time, the bigger fish will find very hard to get enough sacrificial lambs and the lambs themselves may start demanding larger rewards for their sacrifice.
While "importance" is a pretty subjective (read: bullshit) metric in legal terms, using the dollar value of theft to threshold criminal charges is used around the world. In the U.S. you can press charges for any amount, but depending on the state they have different thresholds between misdemeanor and a felony (grand theft) usually around $500-$1000. Interestingly enough, in some places such as China (where I originally learned about the theft lines / thresholds in a class at Peking University), there is a minimum value that must be stolen before one can prosecute, which is on the order of US$100. This obviously saves the court from wasting too much time on judicial abuse, but clearly discriminates against people in among the lowest rungs of the economic ladder. On the other hand it sets the priority for handling larger cases that impact more people (such as official corruption scandals which admittedly China does a more prudent job of enforcing responsibility in white collar crime than the States).
Of course the argument could be made that criminal prosecution is largely a function of who you know rather than the spare resources of the judicial system, which is probably correct, but it is still food for though.
But that's not what the quote implies at all, at least taken in the context of the article. Instead, it implies that the only reason he is being punished is, not because of the hack, but because he hacked facebook. It implies that, had he done the same on some "tiny business of no great importance" it wouldn't have been such a big deal.
I don't think China does a more prudent job of enforcing responsibility. Rather China occasionally makes an example of the most blatant cases of corruption.
In specific instances the fact that China kills people where the US does little to the individuals involved feels good. However, the US approach of mostly free press coupled with regular and independent policing of government contracts, coupled with class action lawsuits changes the landscape significantly. In the end you might argue that corruption is endemic of both systems, yet that's the case for any large scale government thought out history.
What the US does well is simply keep things public enough that everyone tries to at-least appear to follow the rules. And if you ever tried to do significant business in China as apposed to a Chinese company you will quickly understand that that in and of it's self is huge.
It's better when "everyone tries to at-least appear to follow the rules" ? Isn't that worse than blatantly not following the rules, because at least you know what they are doing?
Following the rules in this case means actually providing the service that the government paid for. The government may overpay for a building because people skim off the top, but it's far less common for them to build something that's so poorly constructed that people can't actually use it. The first case is less efficient the second is useless.
I can spare my karma and you can downvote me now for saying this (but my blood is boiling too), but I can bet you my left arm (I'm left-handed) that if that "international business" called Facebook would go down for longer than 25 minutes, you would see world's work-power suddenly increased by 40%.
I think you're biased due to where you live. Many people don't work with computers and at least around here (southern European country) the number of smartphones is still very low (2.8% in August). Not to mention that FB only has 640M users of working age, vs the 3.25 billion people of working age in the world.
Rest assured hackers are seeing these cases and acting accordingly. When the sentence for curiosity is comparable to malicious deeds, then the incentive is obvious. You have successfully incentivised hackers to make sure that their deeds are so great that their sentences actually come close to representing them.
That's just giving an impulse to black hat hackers: "Hey, if they still punish us (although we just wanted to show them weaknesses) at least let's give them hell!"
This is the kind of thing that makes my blood boil.