If tough hacking laws had been around 20 years ago, it might have stopped Google from launching its method of indexing web pages or Apple from launching many of its innovative consumer gadgets. As Rob Graham, chief executive of Errata Security, points out, “Had hacking laws been around in the 1980s, the founders of Apple might’ve still been in jail today, serving out long sentences for trafficking in illegal access devices.”

And there’s another reason why tougher laws on hacking would have a chilling effect on innovation, and that’s because it would not require corporations to do more on their end to correct fatal security flaws before they are found by hackers. As we already know from experience, the last thing corporations want to do is to add an extra cost layer to their products by taking action to correct security flaws – even when they know the potential implications of a major security breach. If they know that the law will make it easier to recoup damages from hackers, they could have fewer incentives to find all possible security flaws.

In the case of Ashley Madison, the current hacking case du jour, the company didn’t even bother to encrypt the underlying data, which means that once a hacker got into the company, it was a simple task of scooping up names, addresses and credit card information. You could argue that the hackers who broke into Ashley Madison are criminals, but you could just as easily argue that the company itself was criminally negligent in allowing the security breach to happen in the first place.