Statutes On Hacking Essay, Research Paper
Legislative attention to computer crimes grew dramatically in the early 1980s, as computers became increasingly central to the conduct of business and politics. Instances of hackers, especially among young people, accessing government computer files for sport were becoming alarmingly frequent. A popular culture mythology developed, founded on the ex
ploits of what were regarded as rebel heroes who could single-handedly spy on and sabotage the vast machinations of the corporate and government establishment. Their stories fed a growing culture of aspiring hackers and inspired the media to dramatize, and some would say romanticize, their adventures, as typified by the movie War Games.
In 1981 no clear laws prevented anyone from accessing military computers or the White House switchboard. During that year, 24-year-old Ian Murphy, known in hacking circles as “Captain Zap,” and three cohorts underscored the need for much more clearly articulated legislation when they used a home computer and telephone lines to hack their way into electronic companies’ merchandise order files and government documents. “We were using White House switchboards to make calls to joke lines in Germany (and) snooping in classified military files,” Murphy explained. “We set up dummy corporations. It was hilarious.” The band of hackers was finally “shoehorned … into laws,” as Murphy put it. Indicted for receiving stolen property, Murphy was fined $1000 and sentenced to 2 1/2 years probation.
The Computer Fraud and Abuse Act of 1986 was the culmination of several years of research and discussion among legislators. One reason for the lengthy preparation, and perhaps the biggest obstacle to establishing the law, was the difficulty of collecting a substantial body of testimony from computer crime victims. Large corporations were especially reluctant to admit they had been victimized because they were afraid to have their vulnerability publicized. The chief sponsors of the act, Representative William J. Hughes (D-N.J.) and Senators Paul Laxalt (R-Nev.) and Paul Tribble (R-Va.), expected computer crime victims to be much more forthcoming when clear laws and severe penalties were in place.
One of the felony offenses was established to address the unauthorized access of a federal interest computer with the intention to commit fraudulent theft. The other felony was established to address “malicious damage,” which involves altering information in, or preventing the use of, a federal interest computer. A malicious damage violation would have to result in a loss to the victim of $1000 or more, except in cases involving the alteration of medical records.
Perhaps the two most prominent cases to test the new legislation involved Robert Morris, a 22-year-old graduate student at Cornell, and Herbert Zinn, a high school dropout. Zinn, who operated under the name “Shadowhawk,” was the first to be convicted under the Computer Fraud and Abuse Act of 1986. Zinn was 16 and 17 when he managed to break into AT&T and Department of Defense systems. He was convicted on January 23, 1989, of destroying $174,000 worth of files, copying programs valued at millions of dollars, and publishing passwords and instructions on how to violate computer security systems. Zinn was sentenced to nine months in prison and fined $10,000. It was estimated that Zinn could have received 13 years in prison and a fine of $800,000 if he had been 18 at the time he committed the crimes.
In November, 1988, Morris launched a “worm” program designed to navigate the Internet on its own, searching for security weaknesses it could exploit and multiplying itself. The exponentially expanding worm consumed computer resources until more than 6000 systems had crashed or were seriously crippled. Purging the worm from their systems cost victims several days of productivity and millions of dollars. The Computer Emergency Response Team (CERT) was formed to deal with similar problems in the future. Morris was convicted and sentenced to three years of probation, 400 hours of community service and a $10,000 fine under the Computer Fraud and Abuse Act. The sentencing was widely criticized for being too light, but it reflected Morris’ innocuous intentions more than the damage he caused. As Morris’ attorneys pointed out, the worm did not actually modify or delete any files.
The Computer Security Act of 1987 was enacted to mandate that federal agencies like the Federal Reserve and the Treasury Department take extra measures to prevent unauthorized access to computers holding sensitive information. The Computer Abuse Amendments Act of 1994 expanded the 1986 Act to address the transmission of viruses and other harmful code.
Sources
“Hacker, 18, Gets Prison Term and Fine”; The Chicago Tribune; February 17, 1989
“House Passes ‘Federal Interest’ Interstate Computer Crime Bill; Computer Fraud, Abuse Penalized”; Computerworld; June 9, 1986
Alexander, Michael; “Prison Term For First U.S. Hacker Law Convict”; Computerworld; February 20, 1989