The main argument against making ransom payments illegal is that it simply drives ransom payments underground. Legislating something, similar to vices like drugs, alcohol or gambling, doesn't make it go away.
I assume they mean make it illegal for corporations to pay the ransom. It's obviously unjust and ineffective to punish private individuals for paying ransoms, but that's not where the money is. OTOH, corporations have budgets and can be prosecuted if X millions dollars disappears out of it.
I don’t view it as obviously unjust as applied to individuals. That may suck for that person, but turning off the revenue demands substantially reduces the odds others are subject to ransoms. If all you do is focus on the individual case, you never actually address the root cause.
Make hiding ransomware attacks a criminal offense mandatory and offer whistleblower programs to companies that try to conceal it. This is an issue of national security. Individual alcohol problems are irrelevant and not comparable to large corporations.
And then you've just created a chain of legislation with the associated loopholes and confusion which will allow corporations to hide and deny any of it happening and then using legal fog to stonewall any Govt investigations and force people to risk their careers to call it out.
Forcing people to be whistle blowers is not a scalable enforcement plan. Very few people are willing to be one.
We need to legislate with the goal of corporate transparency not for more hidden behavior.
If you make it a felony to pay ransoms (which I strongly support), there will be far fewer ransom demands. Yes, some of it will go underground, but in my view it’s the only way to actually decrease the demand side of the equation.
How will you know if the total amount of ransom payments goes down? How will you know how much is under the table vs over the table? This argument seems to be "the over the table stuff goes down therefore the total goes down" which is faulty logic.
It would follow logically that it'd go down. It's like saying making murder illegal would only push murder under the table.
A company currently performs a simple mathematical equation when deciding to pay a ransom. Does the reputational and financial cost of not paying the ransom outweigh the price of the ransom? In a world where ransom payments were illegal, then those same companies would also have to include the legal penalties and probability of being caught as part of that equation.
Obviously, some companies would still see a net benefit in paying the ransom, but fewer would, so less ransoms would be paid.
It seems to me like you're trying to use 'war on drugs' logic on ransoms. The key difference is that companies don't want to pay ransoms, but do so out of necessity.
Sure, but what you’ll end up with is that the fewer people who still do it while is illegal are those in the most desperate and sympathetic sounding straits.
It’s like prostitution, if it’s illegal you find that most sex workers are the most vulnerable in society. When it’s not, sex workers can be anyone who doesn’t want to drive 6 hours for Uber on the weekend for extra cash.