CEI: Are cyber-vigilantes the answer?
The Competative Enterprise Institute asks if allowing vigilantes to go after hackers is the anser to Internet crime and in particular file sharing. Their report is well worth reading.
The arguments usually advanced in favor of cyber-vigilantes are essentially the same ones made by traditional vigilantes. Predictably then the arguments against cyber-vigilantes are remarkably similar as is the conclusion that individuals should not take the law into their own hands.
Internet crime is at root a problem caused by people, not technology. If people were perfect there would be no crime at all. Vigilantes are also people and therefore imperfect. Vigilantes only publicise their successes, their mistakes and their consequences are conveniently forgotten. It is easy in the movies, Charles Bronsen never hits an innocent bystander in the Death Wish series, however many police department rules Dirty Harry might break we know that he would never commit a crime himself. lawless law enforcement has real consequences in real life.
The Internet infrastructure is closely coupled and interdependent. An attack against one target is almost certain to affect many others. If the law allows exceptions for vigilante action it may become impossible to convict the genuine criminal. It is routine for a hacker to claim that they were targeting pedophile rings or terrorists. Sven Jaschan, convicted of authoring the Sasser worm attempted to claim that his objective was to rid victims machines of other malware, a claim that might have been more credible if the code had not carried a malicious payload that shuts down an infected machine at random.
Ultimately the problem with vigilantes is accountability. When people take the law into their own hands and refuse to be held accountable for their mistakes they are to all intents and purposes criminals themselves.
