Skip to content
Link copied to clipboard

Cybersecurity crimes deserve a different kind of court | Opinion

A wired world needs Tech Courts. As crime increasingly in the virtual realm, outdated laws don’t differentiate between curious programmers and criminals.

Marcus Hutchins, a British cybersecurity expert, during an interview in Ilfracombe, England in May 2017. The British cybersecurity researcher credited with stopping a worldwide computer virus in 2017 has pleaded guilty to developing malware to steal banking information. Federal prosecutors in Wisconsin and Hutchins’ attorneys said in an April 19, 2019 filing that the 24-year-old is pleading guilty to developing the malware and conspiring to distribute it from 2012 to 2015.
Marcus Hutchins, a British cybersecurity expert, during an interview in Ilfracombe, England in May 2017. The British cybersecurity researcher credited with stopping a worldwide computer virus in 2017 has pleaded guilty to developing malware to steal banking information. Federal prosecutors in Wisconsin and Hutchins’ attorneys said in an April 19, 2019 filing that the 24-year-old is pleading guilty to developing the malware and conspiring to distribute it from 2012 to 2015.Read moreFrank Augstein / AP

Michaela Gabriella King faces a maximum of 14 years in prison on computer felony charges. Her crime? In 2016, the Franklin Regional High School computer nerd from Murrysville, about 15 miles east of Pittsburgh, uploaded a virus that flooded her school network and other school districts’ and agencies with data, causing them to crash a few times for 10 to 45 minutes. She apparently did it for fun. Prosecutors and her lawyer are still working on a plea deal; they, or a sentencing judge, will determine her future.

And that’s too bad.

Cases like King’s reveal a problem with computer-related prosecutions. Lawyers and judges are, for the most part, uneducated about technology and cybersecurity. Some federal judges have never touched a computer; in 2010 about 12 percent were age 80 or over.

How do you mount an effective defense or preside over a case without speaking the language? Most don’t know how young hackers like King like to “best” each other by showing off their skills. Legal practitioners often don’t realize that young defendants may have more tech smarts than common sense, and are often interested in online experimentation, even if it violates the law. That should mitigate their sentence.

A wired world needs Tech Courts. As crime increasingly occurs in the virtual realm, outdated laws and policies don’t differentiate between curious programmers and criminals. U.S. computer-crime laws are harsh, prompting cries of unfairness when citizens of other countries are arrested here. Specialized technology courts would bring justice to cases confounding the legal system.

Tech Courts might work like this: Persons charged with computer crimes appear before a panel of computer experts, a tech-proficient lawyer, and a community service placement counselor who supervises offenders for a set period of time.

The panel assesses intent. Was the motivation to defraud? “I was curious how NASA security systems work” is worlds apart from “I needed to sell credit-card data for money.” Individuals who acted to hurt someone, to profit, or spread malware proceed to criminal court. If they acted out of curiosity, to challenge their skills, or to search for system vulnerabilities, they remain under Tech Court jurisdiction and perform computer-related community service. Tech-savvy judges make sentencing decisions.

In tech court, public service assignments might include teaching computer security, conducting penetration testing, and testing software. This model could inspire other hackers to pursue cybersecurity careers. The nation needs those with innate skills to help fill the field’s enormous job shortage.

A high-profile case is that of British cybersecurity researcher Marcus Hutchins, who slowed a 2017 worldwide malware contagion. Soon after, authorities arrested him for writing and selling malware. He recently pleaded guilty in a U.S. court to two counts of hacking for the earlier infraction. Facing up to 10 years in prison and fines of half a million dollars, the 24-year-old’s fate is in a judge’s hands.

Tech Courts could weigh mitigating evidence in each case. Hutchins was young when he wrote the malware, and he went on to devote himself to cybersecurity. Given his public pledge to devote time to protecting others from malware attacks, his sentence should be community service. King, too, has likely learned her lesson by staring down potential years in prison, and would be better suited for service.

Specialized courts focusing on one type of offense, such as drugs or domestic abuse, are gaining popularity. The National Institute of Justice reports over 13,000 such courts as of 2015. A judge supervises collaborative interventions. Following that model, tech courts could reduce practices of pushing defendants to take plea deals or become confidential informants — and encourage them to make more substantive contributions to cybersecurity issues instead.

In 2000 Jonathan James hacked into NASA and the Department of Defense. In doing so, he exposed system vulnerabilities. Twenty years later, the Defense Department remains insufficiently protected. In 2018, the watchdog Government Accountability Office called for urgent action to address cybersecurity challenges, deeming government information security a high-risk area. Meanwhile, curious computer experimenters keep finding ways to break into top systems. Instead of enlisting their help, prosecutors lock them up.

Tech Courts, in the tradition of other successful community alternatives to incarceration courts, present a practical and cost-effective way to safeguard our wired world. Not all hackers have to be public enemies. Let’s not treat them that way.

Heidi Boghosian is an attorney and the author of Spying on Democracy (2013).