My point is not that he may or may not have harmed the interests of private persons, but that the law doesn't take that into account. IT crime law takes into account the harm that he has subjected the computer to - it defines the computer, or perhaps the computer's owner, as the violated party. Users, customers or affiliates of the computer's owner are not protected or considered violated by the law.
I completely agree that we need a more user centric and individual centered perspective on computer security.
My point is not that he may or may not have harmed the interests of private persons, but that the law doesn't take that into account. IT crime law takes into account the harm that he has subjected the computer to - it defines the computer, or perhaps the computer's owner, as the violated party. Users, customers or affiliates of the computer's owner are not protected or considered violated by the law.
I completely agree that we need a more user centric and individual centered perspective on computer security.