I didn't know Kevin, but am friends with Tsutomu Shimomura who worked with authorities to get him arrested. Tsutomu worked with me a bit when I was at Sun trying to get a cryptographically secure subsystem into the base system specification. It was fun to listen to his side of this story.
The 80's was a really weird time for computer enthusiasts, and it was the period of time when what was then considered the "hacker" community schismed into what today we might call "white hat" vs "black hat" hackers.
As a person who considered themselves to be part of that community I was personally offended by how the story of Kevin painted everyone who thought of themselves as a "hacker" as a criminal. It made for good story telling to make these folks "pirate" or perhaps more accurately "privateer" types in their swashbuckling ways of sticking it to the man. People would say, "Exposing security holes is like solving puzzles (which is fun) and important because if I don't do it, well somebody 'bad' will." And while I'm here, why not make it hurt for them a little bit to incentivize them to fix this problem quickly!"
I didn't disagree with the importance of pointing out security problems, but the flamboyant way it was done scared the crap out of people who were both clueless and in a position to do stupid things. As a result we got the CFAA and the DMCA which are both some of the most ridiculous pieces of legislation after the so called "patriot" act.
The damage that did to curious people growing up lost the US a significant fraction of their upcoming "innovation" talent. While not diminishing the folks who leaned in to the illegality of it.
> The damage that did to curious people growing up lost the US a significant fraction of their upcoming "innovation" talent.
The causal leap from flamboyant hackers to the DMCA/CFAA, and then to damaging the US's innovation talent feels... speculative.
That isn't much of a leap. The penalties aren't rooted in the actual damages, because for most of this kind of curiosity-based intrusion, there isn't any real damage and the damage imputed to them is the cost of cleaning up after the vulnerability, which the "victim" ought to have paid regardless. Getting trolled by some kid isn't what costs you money, implementing a vulnerability that allows some kid to troll you is.
The reason the penalties are high is because of that embarrassment. Some major institution that ought to have done better gets pwned by some pranksters and they lose face. So they want to throw the book at the guy to deter anyone else, not from maliciously causing them undue harm, but from making a fool of them in public.
But blaming the youth for bragging about it is blaming the victim. The perpetrators are the institutions that abuse the law, and the process of creating the law, to severely punish not evildoers but the child who points out that the emperor has no clothes.
> and then to damaging the US's innovation talent
These are the laws they use to charge the likes of Aaron Swartz, are they not?
The government is a lot more concerned with the image, and its effect on trade, over the substance.