Penalties For Security Negligence?
Discussion in another thread gave me the idea for this thread.
Do you think individuals who fail to take reasonable measures to secure their computers should face civil (liable to lawsuits) or even criminal penalties? Compromised computers are used to send spam (which beyond being a general nuisance can cause a loss of productivity because of the time required to deal with it); they can be utilized by crackers as vehicles for attacks on other systems, and they can be used in DDOS attacks which can cost companies money when customers can't access their sites.
Possible topics for discussion:
1) What is the definition of "reasonable security measures."
2) What penalties would be levied? Criminal (Jail time? Fines?) Civil (Restitution for lost revenues?)
3) Should liabilty extend to software companies or just computer owners?
4) Do you think the whole thing would be a bad idea?
5) Do you think it will happen? Why or why not?