Hacker penalty rings warning bell

PUBLISHED : Thursday, 18 May, 2000, 12:00am
UPDATED : Thursday, 18 May, 2000, 12:00am

Back in the west coast wilds of Canada where your correspondent once worked to pay his way through university lies the town of Alert Bay - three bars and two paddy wagons to cart casualties off to one cop shop.

In the powder room of one of these bars was a statue of a Greek god, naked except for a metal fig leaf. The fig leaf was on hinges and, when lifted, revealed not god-like anatomy but the words: 'You have just rung a bell in the bar'.

It was a loud bell too and occasioned much joyous applause when it rang.

Your correspondent is reminded of it with all the huffle occasioned by the I-Love-You virus that spread from the Philippines around the world recently when lonely hearts could not resist opening booby-trapped attachments from supposed secret admirers.

There were 12 of them in his e-mail when he logged on the day it spread and, fortunately, also a warning from the IT department not to open them. But the list of senders still made an absorbing read. Who loves me? Hmmm, let's see now. Yecchh! Not him! Plenty of evidence here, however, that hope springs eternal in the human breast.

It will be interesting to see how American i-cops get along with their search for the culprit in Manila. At the latest count they already had at least 100 names. We are talking, remember, about the home of the not-me-it-was-the-other-fella school of social responsibility.

But there was a sadder story nearer to home. Computer hacker Cheng Tsz-chung, who thought he could get away with holding another person's stolen chat-room password to ransom for HK$500, was sentenced to jail.

Magistrate Ian Candy said he had originally intended to impose a suspended sentence but the I-Love-You virus changed his mind and he decided that only a prison sentence would reflect the severity of the crime and act as a deterrent to other computer hackers. Now far be it from a lowly journalist, your worship, to tell you what is the appropriate tariff for any crime but perhaps we could look at this another way.

Here is a question for you. Which of the following two would you really choose as a better guarantee that you can use the Internet for commercial transactions in strict privacy and perfect security? Punitive deterrents for hackers.

Better-written software.

The point, you see, is that in a perverse way these hackers are doing us a service. They are the ultimate software testers and they can tell us louder and more directly than anyone else when security software is not secure.

Putting them in jail may stop a few of them from these active market software tests but if it will also make the activities of the rest of them more insidious and this will not serve us at all when software publishers need forceful reminders to improve their wares.

Hackers are at the very least nuisances. Agreed. At their worst they also commit theft and can cost companies billions of dollars in fixes of computer systems. Your correspondent is not making a case to remove hacker crimes from the statute books.

But if we want to stop them from hacking into our e-mail we are better off convincing Bill Gates at Microsoft to spend some money cleaning up that Outlook Express software which has proved such a megasoft touch to them.

And he will never have quite such an object lesson in the need to do it as when thousand of irate users of that software have had a hacker show them at an early stage that he needs to do it.

So by all means let's have convicted hackers who break the law given a sentence appropriate to their crime. But the fact that they so easily cause a great deal of damage is a much an indictment of bad software as of hackers who show it to be bad. Let's reserve the special punitive sentences for other crimes.