Now here is an interesting article; a man sends mail alerting some customers of a particular e-mail service that there are known security vulnerabilities in that service.  He gets charged with a crime and spends 16 months in jail.

Say what?!

Gina (the lawyer in the family) tells me he probably did do it wrong – he should have sent the company a certified letter warning of the vulnerability, and gone to the press if that failed.  (or some other appropriate channel, but I’m not sure where else he could have legally gone.)  Even so, 16 months in jail seems very harsh for the crime committed.  I think he should have just been charged damages for the company’s losses, or some similar penalty.

This reminds me of those records label folks who want to send people to jail for copying music – sure, its not right, but there must be some intermediate level of punishment!