Re: maximum penalty of 25 years' imprisonment
Again, we have totally disproportionate potential punishments for a pretty petty crime.
And that, is because they fear us. (us & we is computer professionals generally, I'm no hacker and don't condone malicious intrusion)
They know they cannot understand that which we do. That we can reach out from half a world away and do them significant harm (see Sony for details). They cannot harm us at anything like a comparable time and distance. They have no way to find us if we're patient, and clever (public wifi, virtual machines, and a ready supply of cheap network cards from China would give them a serious headache).
Computer crimes are punished to be a deterrant to others, because without that deterrant, they're dead in the water whenever someone somewhere gets curious about their computers.
They can't comprehend that the person they have sat a bland row of desks in the middle of a cheap office, who is tasked to deliver their InfoSec, is one the most important people in their enterprise, not the manager and middle managers above them: those people are irrelevant. They don't want to comprehend that, because it places at risk the whole networker talky job hierarchy in which they sit.