A third team should decide how and when a court should order cyber criminals to pay restitution to their victims.

 Should victims whose computers have been infected with worms or viruses be entitled to restitution, or only

 victims of theft who have experienced financial loss? 

What should the measure of restitution be? 

Should large companies that are victims of cyber crime be entitled to the same restitution as individuals?