Re:That Depends... (Score 2)

There are constitutional issues with any law that would deter an individual from bearing arms of any type. I doubt the Supreme Court would stand for a law that punishes a person for leaving a loaded gun lying around where anyone can pick them up.

Gun registration is required. Background checks are required. Both can deter gun ownership (as a matter of fact, I believe they were intended to deter gun ownership). The Supreme Court has not seen fit to strike down the laws that require either of those. Those who leave loaded guns lying around are typically charged with Negligence if that gun is discharged by someone else and results in bodily injury. The Supreme Court has not seen fit to overturn those convictions.

These constitutional issues do not have any bearing on computers. There's no constitutional right to own a computer or have access to one, or have access to the Internet. As such, it is reasonable to make those who possess computers and maladminister them to the extent that they cause mayhem and real financial damage to third parties, accountable.

True, there is no constitutional protection for the ownership of computers (unless one wants to try the argument that they are a means to free speech, but that's another discussion). As such it is possible to punish those who maladminister them. I doubt you would find many who would agree that it is reasonable (especially in the ways you describe).

If I left my car keys hanging on a nail in a bar together with a description of my car in the bar's parking lot, there are few that would argue I bear some responsibility when it's subsequently used by drunks and is driven into an expensive diner across the street, causing thousands of dollars worth of damage.

You would probably be charged with Negligence in that situation, because a jury of your peers would view the combination of actions and conclude that a reasonable person would have seen the danger in them. Actually, those actions might even qualify for Gross Negligence or Criminal Negligence, considering that they almost seem intentional.

However, I think that your analogy is overstated. In my opinion, failing to properly lock down a server is more like leaving your keys in your car or leaving the door unlocked. Neither of those actions would typically result in any charges against you even if the vehicle was stolen and used in a homocide.

It's time we took action.

Yes, it's time we took action. But against those who perpetrate the crimes, not against those who are also victims of them. Yes, it's the job of hired sysadmin to secure a company's servers. But, except on rare occasions, people who don't do their job well are fired, not prosecuted.