Sentencing Mangham, Judge Alistair McCreath said his actions could have been "utterly disastrous" for Facebook ... and had "real consequences and very serious potential consequences"...
I wonder if the judge is aware that his assessment of Mangham's actions, as quoted, is also an accurate assessment of the security flaw that Mangham exploited, that existed before he even touched a Facebook server. I see no mention of the potential loss to Facebook had the security flaw been exploited to do real harm. There is no question that this would have made $200,000 look like a small amount.
It is my opinion that the court completely failed to see Mangham's actions in perspective. Theft of IP is a serious matter. However, the judge
acknowledged that Mangham had never intended to pass on any of the information he had gathered, nor did he intend to make any money from it
Furthermore, no actual damage was done. The sentence was all about risk. The judge said:
"The creation of that risk, the extent of that risk and the cost of putting it right mean at the end of it all I'm afraid a prison sentence is inevitable."
But if the sentence was all about risk, why did the judge not consider the enormous reduction in risk that resulted from Mangham's actions? Was the "creation of that risk" was all a small price to pay for closing what is obviously a colossal security hole - a much bigger risk?
The bewilderingly long prison sentence leaves me wondering if there is more to this than we can see. For example, we all know that social media is a key tool used by intelligence gathering agencies. What, or should I say whose, intellectual property did Mangham really see? Also, if people become concerned about the security of social media, they may stop using it. The more evil and clever Mangham is made to look, the less disturbing the Facebook security flaw appears.