|
|
Legal Implications
In May of 2000 CBS News did a report on the contemporary "Hacking Culture". The story focused on an interview with an ex-hacker named Kevin Mitnick. "[Hacking] was a hobby, if you will", Mitnick told a CBS News Correspondent. Like many hackers, Mitnick would spend up to six hours a day in front of a computer trying to break into supposedly foolproof systems, "unconcerned by the potential consequences". Mitnick's hobby, something he did solely for "the thrill and the intellectual challenge", sent him to prison for almost five years. "As I was doing the act I didn't think about the consequences or the chances you might get caught doing it, because that wasn't really an option", he explained. Mitnick learned the hard way. Computer crime can and does have grave legal implications. Although Mitnick claims he hacked with "ethics" - that he never stole, caused damage or profited from his practices- not all hackers adhere to these principles. And as computers become more and more common, so are incidents of hacking and other computer-related crimes. Computer crime, also known as cybercrime, includes such activities as hacking, virus creation and distribution, forgery, theft and denial of access. Computes have essentially unlocked the gates to a new era in lawbreaking. Due to technological advances, crimes are committed today that could not have existed a decade ago and the traditional crimes are being made easier. Michael A. Vatis, Director of the National Information Infrastructure Protection Center, notes: "Whether we like it or not, cybercrime presents the most fundamental challenge for law enforcement in the 21st Century. By its very nature, the cyber environment is border-less, affords easy anonymity and methods of concealment to bad actors, and provides new tools to engage in criminal activity". The unique nature of computer crime has caused a debate among law enforcement experts. Some believe that cybercrime is just a conventional crime committed with high-tech devices. Others argue, however, that cybercrime is a totally new phenomenon that, in order to be dealt with effectively, requires new law enforcement techniques and new legislation. The Computer Fraud and Abuse Act [Top]In 1984, the United States Congress adopted the latter "new phenomenon" view and enacted the Counterfeit Access Device and Computer Fraud and Abuse Act. This statute, which is codified at 18 U.S.C. § 1030 , made a clear statement to the law enforcement community and to computer owners and users about legal conduct in the realm of computers. The Act prohibited the following behavior:
The history of the Computer Fraud and Abuse Act illustrates the complexity of cybercrime legislation. The first person charged with violating the Computer Fraud and Abuse Act was Robert T. Morris Jr., author of the first computer virus. Morris was charged with releasing a "worm" that, according to Morris, unintentionally caused harm to many government and university computers. The legal language applied in the case was to someone who: (5) intentionally accesses a Federal interest computer without authorization, and by means of one or more instances of such conduct alters, damages, or destroys information in any such Federal interest computer, or prevents authorized use of any such computer or information, and thereby (A) causes loss… of a value aggregating $1,000 or more.The District Court in the Morris case interpreted the law as only requiring the intent to access a computer, not the intent to cause actual damage, and thus Morris was convicted. Morris' lawyer, Thomas Guidoboni, described the Computer Fraud and Abuse Act of 1986 as "perilously vague" because it treated well-intended intruders just as harshly as it treated ill-intended intruders. As a result of this and other gaps in the legislation, the Computer Fraud and Abuse Act has since been amended. The most notable amendments occurred in October of 1996 with the enactment of the National Information Infrastructure Protection Act. Listed below are some of the changes made to the legal code:
The Computer Fraud and Abuse Act has become a landmark in the fight against cybercrime. The Act provided a single piece of code that specifically addressed computer-related offenses, thus eliminating the need to rely on legislation written for other crimes which often proved inadequate when applied to computer activity. For example, the statute pertains to interstate transportation of stolen property, 18 U.S.C. § 2314, applies to "goods, wares and merchandise," and thus has been held by several courts not to apply to intangible property such as stolen data. The existence of the Computer Fraud and Abuse Act also means that when new computer technology is introduced, instead of having to scan through the entire United States Code amending every statute potentially affected, law makers can focus on essential amendments to only this legislation.
Computer Viruses and the Law [Top]
As evident, the legal
implications of computer viruses are not well defined. The laws pertaining
to computer viruses change from state to state and from country to country.
In many countries the writing of viruses is not an offence in itself. In
others even the sharing of virus code between anti-virus researchers could
potentially be considered an offense. To make matters more complicated,
once a virus is released it is free to cross state lines and national borders,
making the author or distributor of the virus accountable for his or her
action under a very different legal system. For a list of the anti-virus
and cybercrime laws available in US states and other countries see
http://vx.netlux.org/texts/laws/laws.htm.
The newsgroup
alt.comp.virus provides the following list of the grounds on which
virus creation or distribution may be found to be illegal: The question of distribution is an interesting issue unique to computer
viruses. If one makes a virus available on the web, but clearly labels
it as such so that people downloading the file are aware of what they
are getting into, can the distributor be held accountable? The consensus
is that if the file is labeled then the person will probably not face
criminal charges, although he or she may be sued for damages. The distributor
could also potentially be charged under "incitement", for encouraging
illegal behavior. The distribution of viruses via newsgroups and e-mail
lists is easier to prosecute because these media practically force viruses
onto people who do not know what they are receiving. In addition, there
are the unsuspecting victims who unknowingly distribute viruses. At this
point is not illegal to ignorantly pass on a virus unless it can be proven
that the virus was spread due to "carelessness". So what is being done to improve the situation? In April of 2000, the
Council of Europe, an organization established to strengthen human rights,
and to promote democracy and the rule of law in Europe, released its draft
Convention on Cyber-Crime. This represents the first multiparty attempt
to address the problems presented by the spread of crime on computer networks.
Former President Clinton also established an interagency Working Group
on Unlawful Conduct on the Internet. The group, chaired by the Attorney
General, was created in order to provide an initial analysis of legal
and policy issues surrounding the misuse of the Internet. There seems
to be a common theme among these national and international courses of
action; they both involve the cooperation between many different people,
agencies and governments. Cybercrime is a problem that defies all borders
and boundaries, hence so must the law enforcement tools used against it.
For more information see the Justice Department's cybercrime site: http://www.cybercrime.gov http://www.usdoj.gov:80/criminal/cybercrime
or http://www.cybercrime.gov :
Cybercrime website for the Department of Justice. http://www.Loundy.com/E-LAW/E-Law4-full.html#VII
: David J. Loundy. "E-LAW 4: Computer Information Systems Law and System
Operator Liability," Seattle University Law Review, Volume 21, Number
4, Summer 1998. http://vx.netlux.org/texts/laws/laws.htm
: Links to anti-virus legislation for several states and countries.
http://www.landfield.com/faqs/computer-virus/alt-faq/part3/ : FAQ's for
alt.comp.virus.
http://special.northernlight.com/compvirus/weaklaws.htm : "Computer Crimes
Face Weak Laws," Associated Press, December 7, 2000. |