STE WILLIAMS

A man, having trouble in his marriage, worries about his wife’s fidelity. He decides to snoop on her online activity to see if she’s flirting with anyone via email, IM or social network.

Not good, but a fairly common story, and not too serious so far.

He decides to snoop on her by attaching a hardware keylogger to her PC. He goes after her work machine. She works at the county courthouse, and her work system is used for sensitive court work, including payment processing.

This is rapidly getting much more serious – he’s using some hardcore kit, and attaching it to a system which should be considered way more important than your average home laptop.

The man himself is the County Sheriff, a position of considerable authority. That seems to make it all so much worse – this is someone people should be able to trust to uphold the law.

In the end he is caught, of course, and after repeated denials ends up admitting to his crimes and resigning from his job. At trial, prosecutors push for a strong sentence, citing both the man’s position of trust and the sensitive nature of the system he compromised.

But, thanks to an otherwise good record, strong support from the community, and the mitigating personal circumstances, he is let off fairly lightly – 2 years probation, plus a $1000 fine. The judge suggests that merely having lost his job was enough punishment.

The location is Clay County, West Virginia. The man’s name, Miles Slack. The target of his snooping, Lisa, is now his ex-wife, but seems to remain supportive. The events took place in April 2013, with the keylogging device in place for around two weeks before being spotted by a technician. The sentence was passed just before Christmas.

But was it the right sentence?

The US Attorney prosecuting the case seemed to have some good points. Law enforcement agents have to be held up to higher standards than normal people.

It’s much worse if a trained restaurant chef with a certificate in food safety gives you food poisoning than if you get sick from eating a burger your mum grilled up for you. If a clumsy friend accidentally puts a hole in your wall while helping you with some DIY, you’ll accept their gushing apology and still be friends; if your builder does the same, you might be less forgiving.

By the same reasoning, cops really, really shouldn’t do crimes, and if they do, one might expect it to be treated more seriously.

It doesn’t always seem to work that way though. Law enforcement looks after its own, as the movies love to tell us, but maybe there are other, less morally dubious mitigating factors.

Police work must make people used to snooping and monitoring as an everyday part of life. We see regular stories of cops overstepping boundaries, like the NYPD officer who hacked into colleagues’ mail accounts and phones, or the Canadian policeman who planted spyware on his wife’s mobile phone – he was also let off pretty lightly.

There seems to be a theme of emotional or marital problems here, but ordering spyware online or sneaking into a building and planting a keylogging device are hardly spur-of-the-moment things, they can’t really be justified as crimes of passion.

There’s also the question of the system Mr Slack attached his keylogger to. This was a government machine, owned by and connected to the network of the West Virginia Supreme Court. There’s going to be all kinds of sensitive information on that network, and by compromising one of the nodes, Slack risked compromising the security of the entire network.

So what do you think? Does the punishment fit the crime, or is it so light that it hardly discourages people from snooping on their nearest and dearest?

Does the fact that Slack was a senior police officer make his crime worse, or does it not really matter? Is it important that the computer he bugged was on the Supreme Court network, even if he was only interested in his wife’s chat logs?

I know where I stand. A small fine plus probation may seem appropriate for someone who bugs a family member’s PC, but this case is considerably more than that.

Given the hefty sentences being bandied about for other types of cyber offences, this sort of thing seems to be routinely treated as no more than innocent high-jinks.

And that seems wrong to me.

Follow @VirusBtn
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/12mPnrixRwY/