The National Academies Press

Currently Skimming:

Pages 69-84

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 69... ... [But] what makes electronic networks so difficult from the perspective of creating and molding norms is that the interactive human behavior on these networks is mostly if not entirely pure speech. Read the entire page →
From page 70... ... Chen, "Computer Crime and the Computer Fraud and Abuse Act of 1986," Computer Law Journal, Vol. Read the entire page →
From page 71... ... SCENARIO 1: VIRUS DAMAGES BULLETIN BOARD A computer club at a local high school sets up a dial-in bulletin board, using equipment bought for the club by a banker whose son is club president. The bulletin board is set up at the club president's home, and it can exchange messages with other bulletin boards across North America. Read the entire page →
From page 72... ... In fact, it is not clear whether there is any criminal case at all; if the bulletin board is open to the public, then Joe, even as a nonmember, has access authority and hence no criminal liability, because the statute under which criminal liability is imposed requires unauthorized access. Issue: Deficiencies in the Laws Mark Rasch, an attorney with the firm Arent, Fox, Kintner, Plotkin, and Kahn, said loe's inappropriate behavior has two elements: possible unauthorized access to the bulletin board and uploading the computer virus. Read the entire page →
From page 73... ... attorney for the Northern District of Georgia, said Joe has extensive criminal and civil liability but that prosecuting him would be a challenge. Alexander said the Computer Fraud and Abuse Act of 1986 seldom applies in real cases, adding that prosecutors often depend on broader laws such as the wire fraud statute (18 U.S.C. Read the entire page →
From page 74... ... Godwin noted that federal law doesn't require that intent to damage be established, and he suggested it is bad policy for criminal laws to ignore intent. He said criminal statutes generally, and rightly, focus on the intent or mental state of the defendant, because "we try to criminalize people for setting out to do bad things, not for unwittingly doing bad things." Joe's potential criminal liability for putting out a virus that disrupts network service or that damages a "federal interest" computers may not reflect the proper balance between civil and criminal sanctions, Godwin suggested, because the law now "makes no distinction between someone who accidentally causes damage and perhaps a terrorist who deliberately causes damage to vital systems." Rasch countered by arguing that even if the statute itself makes no such distinction, it is possible to make distinctions in other ways, such as in sentencing; he cited the sentence in the Morris case as an example (Box 5.1) Read the entire page →
From page 75... ... Charney suggested that foe might have considerable civil liability if the damage he caused was extensive. Alexander said a civil case against Joe probably would not hold up, assuming there were no federal agents or state police involved, because hackers usually are judgment-proof. Read the entire page →
From page 76... ... Whether there is a valid case is doubtful, he added. Godwin noted that civil liability depends little, if at all, on the intentions of a defer~dant. Read the entire page →
From page 77... ... If, on the other hand, I simply copy them, the law is not clear on whether I've stolen something. In a computer environment, I can steal all the information in your computer and you won't know it, and you'll still have all the information."8 Although the federal statute does not criminalize reckless or negligent actions, Rasch said negligence will become an increasingly common use wiretaps for collecting information about the content of communications, law enforcement officials must obtain a court order by demonstrating probable cause and necessity. Read the entire page →
From page 78... ... He dismissed claims that intent can be difficult to prove, saying, "A person is presumed to intend the natural and probable consequences of his actions, so generally you can prove intent." Godwin argued that the phrase "stealing information" implies that information is property, when in fact an argument can be made that information should be assumed not to be property.9 To become property and be subject to theft, information must meet certain tests, such as those imposed by copyright or trade secret laws, he said. He agreed with prosecutor Charney that privacy is the key issue in computer intrusion, just as it is in wiretapping. Read the entire page →
From page 79... ... Issue: Ethics and Education Charney and Godwin agreed that computer users need ethics edu 10This level of damage is likely, assuming that estimates of average losses are accurate. The average loss due to computer crime has been estimated at $44,000 to $10 million (Chen, "Computer Crime and the Computer Fraud and Abuse Act of 1986," 1990) Read the entire page →
From page 80... ... The Legion of Doom was a group of several dozen hackers who broke into telephone systems and computer networks. The group acquired widespread notoriety beginning in 1989, when federal agents raided the homes of three Atlanta members who had been trafficking in stolen access codes. Read the entire page →
From page 81... ... Inc., Monsanto, National Computer Security Association, Software Creations BBS, Software Publishers Association, Symantec Corporation, and Ziff-Davis Publishing Company. Affiliated organizations included EDUCOM, the Electronic Messaging Association, the IEEE Computer Society, the California Privacy Rights Clearinghouse, and others. Read the entire page →
From page 82... ... For instance, a variety of speakers stressed the need for user ethics education. In addition, prosecutor Charney and civil liberties advocate Godwin agreed that privacy, more than theft or specific damage, is the key issue in computer trespassing. Read the entire page →
From page 83... ... and was amended by the Computer Fraud and Abuse Act of 1986 (Public Law 99-474~. It provides criminal sanctions for individuals who intentionally access a computer without authorization or exceed authorized access; it does not address reckless or negligent access or intent to cause damage. Read the entire page →
From page 84... ... David R Johnson, a lawyer with Wilmer, Cutler, and Pickering, pointed out that the Computer Fraud and Abuse Act criminalized unauthorized access only because the Congress was concerned that criminalizing electronic destruction by users with authorized access could open up a new avenue for inappropriate prosecution of whistleblowers and others engaged in First Amendment-type activities. Read the entire page →

From page 69...

... [But] what makes electronic networks so difficult from the perspective of creating and molding norms is that the interactive human behavior on these networks is mostly if not entirely pure speech.