I just want to post and save a link to a discussion/essay that RSnake has written. In it, he talks about increasing the penalties for digital crime, maybe to an exaggerated level. It is worth a good read along with the comments.
Like security, I’m of a mind that there is no “solving” of digital crime in general. It is a fact of life and we have to find a moral equalibrium, just like any law enforcement category.
Sadly, I think the only way RSnake’s approach will work is if we remove one of the fundamental drivers of what makes many of us even use the Internet: the privacy. To achieve better punishments for more criminals, we absolutely must remove the anonymity, privacy, and transparent digital borders between nations.
This all goes back to what your “security religion” is. Are you a glass half empty kind of guy? Are you a “It’s not secure unless it is absolutely secure? sort of guy?” Or are you a glass half full person who sees value in partial security or incremental steps towards a goal that doesn’t need to be absolutely attainable? This is not just fundamental to a consistent approach to security solutions, but also fundamental for our attitude in our career.